X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=gpg2ssh.c;h=615554990161f4bff2aefeac390a693ec7011d2f;hb=a4c93ce43a942be7f92248cb1ef3a1d3313bce5e;hp=a109943e2533fc4ed1000841f5bc90fe8f0576a7;hpb=64f93667c18e1c443bff63fc46fc45823b63461b;p=monkeysphere.git

diff --git a/gpg2ssh.c b/gpg2ssh.c
index a109943..6155549 100644
--- a/gpg2ssh.c
+++ b/gpg2ssh.c
@@ -48,6 +48,7 @@ int main(int argc, char* argv[]) {
   char* const args[] = {"/usr/bin/base64", "--wrap=0", NULL};
   const char* algoname;
   int mpicount;
+  int pipestatus;
 
   init_gnutls();
   
@@ -80,6 +81,9 @@ int main(int argc, char* argv[]) {
      GNUTLS_OPENPGP_FMT_BASE64; if MONKEYSPHERE_RAW is set, use RAW,
      otherwise, use BASE64: */
 
+  /* FIXME: we should be auto-detecting the input format, and
+     translating it as needed. */
+
   if (getenv("MONKEYSPHERE_RAW")) {
     err("assuming RAW formatted certificate\n");
     if (ret = gnutls_openpgp_crt_import(openpgp_crt, &data, GNUTLS_OPENPGP_FMT_RAW), ret) {
@@ -99,6 +103,15 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
+  /* FIXME: We're currently looking at the primary key or maybe the
+     first authentication-capable subkey.  
+
+     Instead, we should be iterating through the primary key and all
+     subkeys: for each one with the authentication usage flag set of a
+     algorithm we can handle, we should output matching UserIDs and
+     the SSH version of the key. */
+     
+
   if (ret = gnutls_openpgp_crt_get_key_usage(openpgp_crt, &usage), ret) {
     err("failed to get the usage flags for the primary key (error: %d)\n", ret);
     return ret;
@@ -194,8 +207,9 @@ int main(int argc, char* argv[]) {
   uidsz--;
 
   /* FIXME: we're just choosing the first UserID from the certificate:
-     instead, we should be choosing the one that's adequately signed,
-     and matches the monkeysphere specification. */
+     instead, we should be selecting every User ID that is adequately
+     signed and matches the spec, and aggregating them with commas for
+     known_hosts output */
 
   if (ret = gnutls_openpgp_crt_get_name(openpgp_crt, 0, userid, &uidsz), ret) {
     err("Failed to fetch the first UserID (error: %d)\n", ret);
@@ -245,23 +259,27 @@ int main(int argc, char* argv[]) {
 
   snprintf(output_data, sizeof(output_data), "%s %s ", userid, algoname);
 
-  write(1, output_data, strlen(output_data));
-
   pipefd = create_writing_pipe(&child_pid, args[0], args);
   if (pipefd < 0) {
     err("failed to create a writing pipe (returned %d)\n", pipefd);
     return pipefd;
   }
     
+  write(1, output_data, strlen(output_data));
+
   if (0 != write_data_fd_with_length(pipefd, all, mpicount)) {
     err("was not able to write out RSA key data\n");
     return 1;
   }
   close(pipefd);
-  if (child_pid != waitpid(child_pid, NULL, 0)) {
+  if (child_pid != waitpid(child_pid, &pipestatus, 0)) {
     err("could not wait for child process to return for some reason.\n");
     return 1;
   }
+  if (pipestatus != 0) {
+    err("base64 pipe died with return code %d\n", pipestatus);
+    return pipestatus;
+  }
 
   write(1, "\n", 1);