X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fcommon;h=9d7deb7c6251c7ab989f53b49e29fc6e69b6971d;hb=ec9ded739045d9532fbc4883bbeb37f7aa940ac6;hp=b4e786bf0fb343b1dada37a722619c4e9e8e3a3b;hpb=26515a1311d364501d562b706660337fbb906011;p=monkeysphere.git

diff --git a/src/common b/src/common
index b4e786b..9d7deb7 100644
--- a/src/common
+++ b/src/common
@@ -64,11 +64,45 @@ check_capability() {
     return 0
 }
 
-# convert escaped characters from gpg output back into original
-# character
-# FIXME: undo all escape character translation in with-colons gpg output
-unescape() {
-    echo "$1" | sed 's/\\x3a/:/'
+# hash of a file
+file_hash() {
+    md5sum "$1" 2> /dev/null
+}
+
+# convert escaped characters in pipeline from gpg output back into
+# original character
+# FIXME: undo all escape character translation in with-colons gpg
+# output
+gpg_unescape() {
+    sed 's/\\x3a/:/g'
+}
+
+# convert nasty chars into gpg-friendly form in pipeline
+# FIXME: escape everything, not just colons!
+gpg_escape() {
+    sed 's/:/\\x3a/g'
+}
+
+# prompt for GPG-formatted expiration, and emit result on stdout
+get_gpg_expiration() {
+    local keyExpire=
+
+    cat >&2 <<EOF
+Please specify how long the key should be valid.
+         0 = key does not expire
+      <n>  = key expires in n days
+      <n>w = key expires in n weeks
+      <n>m = key expires in n months
+      <n>y = key expires in n years
+EOF
+    while [ -z "$keyExpire" ] ; do
+	read -p "Key is valid for? (0) " keyExpire
+	if ! test_gpg_expire ${keyExpire:=0} ; then
+	    echo "invalid value" >&2
+	    unset keyExpire
+	fi
+    done
+    echo "$keyExpire"
 }
 
 # remove all lines with specified string from specified file
@@ -381,29 +415,24 @@ process_user_id() {
 		;;
 	    'uid') # user ids
 		if [ "$lastKey" != pub ] ; then
-		    log " - got a user ID after a sub key!  user IDs should only follow primary keys!"
-		    continue
-		fi
-		# don't bother with a uid if there is no valid or reasonable primary key.
-		if [ "$keyOK" != true ] ; then
+		    log " - got a user ID after a sub key?!  user IDs should only follow primary keys!"
 		    continue
 		fi
 		# if an acceptable user ID was already found, skip
-		if [ "$uidOK" ] ; then
+		if [ "$uidOK" = 'true' ] ; then
 		    continue
 		fi
-		# if the user ID does not match, skip
-		if [ "$(unescape "$uidfpr")" != "$userID" ] ; then
-		    continue
-		fi
-		# if the user ID validity is not ok, skip
-		if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+		# if the user ID does matches...
+		if [ "$(echo "$uidfpr" | gpg_unescape)" = "$userID" ] ; then
+		    # and the user ID validity is ok
+		    if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
+			# mark user ID acceptable
+			uidOK=true
+		    fi
+		else
 		    continue
 		fi
 
-		# mark user ID acceptable
-		uidOK=true
-
 		# output a line for the primary key
 		# 0 = ok, 1 = bad
 		if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then
@@ -479,7 +508,10 @@ process_user_id() {
 		fi
 		;;
 	esac
-    done
+    done | sort -t: -k1 -n -r
+    # NOTE: this last sort is important so that the "good" keys (key
+    # flag '0') come last.  This is so that they take precedence when
+    # being processed in the key files over "bad" keys (key flag '1')
 }
 
 # process a single host in the known_host file
@@ -493,16 +525,15 @@ process_host_known_hosts() {
     local tmpfile
 
     host="$1"
+    userID="ssh://${host}"
 
     log "processing: $host"
 
-    userID="ssh://${host}"
-
     nKeys=0
     nKeysOK=0
 
     IFS=$'\n'
-    for line in $(process_user_id "ssh://${host}") ; do
+    for line in $(process_user_id "${userID}") ; do
 	# note that key was found
 	nKeys=$((nKeys+1))
 
@@ -573,7 +604,7 @@ update_known_hosts() {
     lockfile-create "$KNOWN_HOSTS"
 
     # note pre update file checksum
-    fileCheck="$(cat "$KNOWN_HOSTS" | md5sum)"
+    fileCheck="$(file_hash "$KNOWN_HOSTS")"
 
     for host ; do
 	# process the host
@@ -596,7 +627,7 @@ update_known_hosts() {
     lockfile-remove "$KNOWN_HOSTS"
 
     # note if the known_hosts file was updated
-    if [ "$(cat "$KNOWN_HOSTS" | md5sum)" != "$fileCheck" ] ; then
+    if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then
 	log "known_hosts file updated."
     fi
 
@@ -711,7 +742,7 @@ update_authorized_keys() {
     lockfile-create "$AUTHORIZED_KEYS"
 
     # note pre update file checksum
-    fileCheck="$(cat "$AUTHORIZED_KEYS" | md5sum)"
+    fileCheck="$(file_hash "$AUTHORIZED_KEYS")"
 
     # remove any monkeysphere lines from authorized_keys file
     remove_monkeysphere_lines "$AUTHORIZED_KEYS"
@@ -739,7 +770,7 @@ update_authorized_keys() {
     lockfile-remove "$AUTHORIZED_KEYS"
 
     # note if the authorized_keys file was updated
-    if [ "$(cat "$AUTHORIZED_KEYS" | md5sum)" != "$fileCheck" ] ; then
+    if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then
 	log "authorized_keys file updated."
     fi