make sure we're explicitly capturing return codes in places where they are tested...

[monkeysphere.git] / src / share / m / ssh_proxycommand

diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index d7e801ec46711ada104019a5d00628b76b8eb516..abe068ddc9467aa1aae7c4679ce724a84278e3ec 100644 (file)
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -18,6 +18,7 @@
 # "marginal case" ouput in the case that there is not a full
 # validation path to the host
 output_no_valid_key() {
+    local returnCode=0
     local sshKeyOffered
     local userID
     local type
@@ -43,7 +44,7 @@ EOF
     # found?
 
     # get the gpg info for userid
-    gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
+    gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \
        --with-fingerprint --with-fingerprint \
        ="$userID" 2>/dev/null)
 
@@ -64,14 +65,14 @@ An OpenPGP key matching the ssh key offered by the host was found:
 
 EOF
 
-                   # do some crazy "Here Strings" redirection to get the key to
-                   # ssh-keygen, since it doesn't read from stdin cleanly
-                   sshFingerprint=$(ssh-keygen -l -f /dev/stdin \
-                       <<<$(echo "$sshKeyGPG") | \
+                   sshKeyGPGFile=$(msmktempfile)
+                   printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile"
+                   sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \
                        awk '{ print $2 }')
+                   rm -f "$sshKeyGPGFile"
 
                    # get the sigs for the matching key
-                   gpgSigOut=$(gpg --check-sigs \
+                   gpgSigOut=$(gpg_user --check-sigs \
                        --list-options show-uid-validity \
                        "$keyid")
 
@@ -112,11 +113,11 @@ EOF
                fi
                ;;
        esac
-    done
+    done || returnCode="$?"
 
     # if no key match was made (and the "while read" subshell returned
     # 1) output how many keys were found
-    if (($? != 1)) ; then
+    if (( returnCode != 1 )) ; then
        cat <<EOF | log info
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
@@ -171,7 +172,7 @@ URI="ssh://${HOSTP}"
 # CHECK_KEYSERVER variable in the monkeysphere.conf file.
 
 # if the host is in the gpg keyring...
-if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
+if gpg_user --list-key ="${URI}" 2>&1 >/dev/null ; then
     # do not check the keyserver
     CHECK_KEYSERVER=${CHECK_KEYSERVER:="false"}
 
@@ -200,12 +201,13 @@ fi
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 
 # update the known_hosts file for the host
-update_known_hosts "$HOSTP"
+local returnCode=0
+update_known_hosts "$HOSTP" || returnCode="$?"
 
 # output on depending on the return of the update-known_hosts
 # subcommand, which is (ultimately) the return code of the
 # update_known_hosts function in common
-case $? in
+case "$returnCode" in
     0)
        # acceptable host key found so continue to ssh
        true