From c77cace5225eb16d35865664754e88f4d67bba7f Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Thu, 23 Jun 2016 15:49:03 -0700
Subject: migrate commands to use new ssh system: node init, test, add-user

---
 lib/leap_cli/commands/user.rb | 73 ++++++++++++++++++++++++-------------------
 1 file changed, 41 insertions(+), 32 deletions(-)

(limited to 'lib/leap_cli/commands/user.rb')

diff --git a/lib/leap_cli/commands/user.rb b/lib/leap_cli/commands/user.rb
index b842e854..68f42059 100644
--- a/lib/leap_cli/commands/user.rb
+++ b/lib/leap_cli/commands/user.rb
@@ -22,58 +22,67 @@ module LeapCli
       c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
 
       c.action do |global_options,options,args|
-        username = args.first
-        if !username.any?
-          if options[:self]
-            username ||= `whoami`.strip
-          else
-            help! "Either USERNAME argument or --self flag is required."
-          end
-        end
-        if Leap::Platform.reserved_usernames.include? username
-          bail! %(The username "#{username}" is reserved. Sorry, pick another.)
-        end
+        do_add_user(global_options, optinos, args)
+      end
+    end
 
-        ssh_pub_key = nil
-        pgp_pub_key = nil
+    private
 
-        if options['ssh-pub-key']
-          ssh_pub_key = read_file!(options['ssh-pub-key'])
-        end
-        if options['pgp-pub-key']
-          pgp_pub_key = read_file!(options['pgp-pub-key'])
-        end
+    def do_add_user(global, options, args)
+      require 'leap_cli/ssh'
 
+      username = args.first
+      if !username.any?
         if options[:self]
-          ssh_pub_key ||= pick_ssh_key.to_s
-          pgp_pub_key ||= pick_pgp_key
+          username ||= `whoami`.strip
+        else
+          help! "Either USERNAME argument or --self flag is required."
         end
+      end
+      if Leap::Platform.reserved_usernames.include? username
+        bail! %(The username "#{username}" is reserved. Sorry, pick another.)
+      end
 
-        assert!(ssh_pub_key, 'Sorry, could not find SSH public key.')
+      ssh_pub_key = nil
+      pgp_pub_key = nil
 
-        if ssh_pub_key
-          write_file!([:user_ssh, username], ssh_pub_key)
-        end
-        if pgp_pub_key
-          write_file!([:user_pgp, username], pgp_pub_key)
-        end
+      if options['ssh-pub-key']
+        ssh_pub_key = read_file!(options['ssh-pub-key'])
+      end
+      if options['pgp-pub-key']
+        pgp_pub_key = read_file!(options['pgp-pub-key'])
+      end
 
-        update_authorized_keys
+      if options[:self]
+        ssh_pub_key ||= pick_ssh_key.to_s
+        pgp_pub_key ||= pick_pgp_key
       end
+
+      assert!(ssh_pub_key, 'Sorry, could not find SSH public key.')
+
+      if ssh_pub_key
+        write_file!([:user_ssh, username], ssh_pub_key)
+      end
+      if pgp_pub_key
+        write_file!([:user_pgp, username], pgp_pub_key)
+      end
+
+      update_authorized_keys
     end
 
     #
-    # let the the user choose among the ssh public keys that we encounter, or just pick the key if there is only one.
+    # let the the user choose among the ssh public keys that we encounter, or
+    # just pick the key if there is only one.
     #
     def pick_ssh_key
       ssh_keys = []
       Dir.glob("#{ENV['HOME']}/.ssh/*.pub").each do |keyfile|
-        ssh_keys << SshKey.load(keyfile)
+        ssh_keys << SSH::Key.load(keyfile)
       end
 
       if `which ssh-add`.strip.any?
         `ssh-add -L 2> /dev/null`.split("\n").compact.each do |line|
-          key = SshKey.load(line)
+          key = SSH::Key.load(line)
           if key
             key.comment = 'ssh-agent'
             ssh_keys << key unless ssh_keys.include?(key)
-- 
cgit v1.2.3


From 88412ea2079d29fdc3390b17e7621724ef6520a6 Mon Sep 17 00:00:00 2001
From: varac <varacanero@zeromail.org>
Date: Sat, 2 Jul 2016 21:04:54 +0200
Subject: [bug] fix typo in leap add-user

---
 lib/leap_cli/commands/user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/leap_cli/commands/user.rb')

diff --git a/lib/leap_cli/commands/user.rb b/lib/leap_cli/commands/user.rb
index 68f42059..fb406dc7 100644
--- a/lib/leap_cli/commands/user.rb
+++ b/lib/leap_cli/commands/user.rb
@@ -22,7 +22,7 @@ module LeapCli
       c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
 
       c.action do |global_options,options,args|
-        do_add_user(global_options, optinos, args)
+        do_add_user(global_options, options, args)
       end
     end
 
-- 
cgit v1.2.3


From 030ae6c324b1c8dde9a6eef3baa0b6c45c982110 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 29 Aug 2016 14:05:51 -0700
Subject: command line interface cleanup: harmonize the signatures of different
 commands to be more logically consistent.

For now, all changes are backwards compatible.

DEPRECATED: `leap add-user`. Use `leap user add` instead.
---
 lib/leap_cli/commands/user.rb | 65 +++++++++++++++++++++++++++++++++++++++----
 1 file changed, 60 insertions(+), 5 deletions(-)

(limited to 'lib/leap_cli/commands/user.rb')

diff --git a/lib/leap_cli/commands/user.rb b/lib/leap_cli/commands/user.rb
index fb406dc7..a0569a4d 100644
--- a/lib/leap_cli/commands/user.rb
+++ b/lib/leap_cli/commands/user.rb
@@ -13,19 +13,49 @@
 module LeapCli
   module Commands
 
-    desc 'Adds a new trusted sysadmin by adding public keys to the "users" directory.'
-    arg_name 'USERNAME' #, :optional => false, :multiple => false
-    command :'add-user' do |c|
-
+    desc 'Manage trusted sysadmins (DEPRECATED)'
+    long_desc "Use `leap user add` instead"
+    command :'user-add' do |c|
       c.switch 'self', :desc => 'Add yourself as a trusted sysadmin by choosing among the public keys available for the current user.', :negatable => false
       c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user'
       c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
-
       c.action do |global_options,options,args|
         do_add_user(global_options, options, args)
       end
     end
 
+    desc 'Manage trusted sysadmins'
+    long_desc "Manage the trusted sysadmins that are configured in the 'users' directory."
+    command :user do |user|
+
+      user.desc 'Adds a new trusted sysadmin'
+      user.arg_name 'USERNAME'
+      user.command :add do |c|
+        c.switch 'self', :desc => 'Add yourself as a trusted sysadmin by choosing among the public keys available for the current user.', :negatable => false
+        c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user'
+        c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
+        c.action do |global_options,options,args|
+          do_add_user(global_options, options, args)
+        end
+      end
+
+      user.desc 'Removes a trusted sysadmin'
+      user.arg_name 'USERNAME'
+      user.command :rm do |c|
+        c.action do |global_options,options,args|
+          do_rm_user(global_options, options, args)
+        end
+      end
+
+      user.desc 'Lists the configured sysadmins'
+      user.command :ls do |c|
+        c.action do |global_options,options,args|
+          do_list_users(global_options, options, args)
+        end
+      end
+
+    end
+
     private
 
     def do_add_user(global, options, args)
@@ -70,6 +100,31 @@ module LeapCli
       update_authorized_keys
     end
 
+    def do_rm_user(global, options, args)
+      dir = [:user_dir, args.first]
+      if Util.dir_exists?(dir)
+        Util.remove_file!(dir)
+        update_authorized_keys
+      else
+        bail! :error, 'There is no directory `%s`' % Path.named_path(dir)
+      end
+    end
+
+    def do_list_users(global, options, args)
+      require 'leap_cli/ssh'
+
+      Dir.glob(path([:user_ssh, '*'])).each do |keyfile|
+        username = File.basename(File.dirname(keyfile))
+        log username, :color => :cyan do
+          log Path.relative_path(keyfile)
+          key = SSH::Key.load(keyfile)
+          log 'SSH MD5 fingerprint: ' + key.fingerprint(:digest => :md5, :type => :ssh, :encoding => :hex)
+          log 'SSH SHA256 fingerprint: ' + key.fingerprint(:digest => :sha256, :type => :ssh, :encoding => :base64)
+          log 'DER MD5 fingerprint: ' + key.fingerprint(:digest => :md5, :type => :der, :encoding => :hex)
+        end
+      end
+    end
+
     #
     # let the the user choose among the ssh public keys that we encounter, or
     # just pick the key if there is only one.
-- 
cgit v1.2.3


From 96fee2dcd94bd887a0855b2e9c4216462c3ccd87 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 29 Aug 2016 21:21:07 -0700
Subject: fix add-user typo

---
 lib/leap_cli/commands/user.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/leap_cli/commands/user.rb')

diff --git a/lib/leap_cli/commands/user.rb b/lib/leap_cli/commands/user.rb
index a0569a4d..1ca92719 100644
--- a/lib/leap_cli/commands/user.rb
+++ b/lib/leap_cli/commands/user.rb
@@ -15,7 +15,7 @@ module LeapCli
 
     desc 'Manage trusted sysadmins (DEPRECATED)'
     long_desc "Use `leap user add` instead"
-    command :'user-add' do |c|
+    command :'add-user' do |c|
       c.switch 'self', :desc => 'Add yourself as a trusted sysadmin by choosing among the public keys available for the current user.', :negatable => false
       c.flag 'ssh-pub-key', :desc => 'SSH public key file for this new user'
       c.flag 'pgp-pub-key', :desc => 'OpenPGP public key file for this new user'
-- 
cgit v1.2.3