X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=src%2Fcommon;h=f93793e65958768ab7e7dc3d3848339803d41ba3;hb=bb2427c28bf40179c4881b22c23f23f9bea78f55;hp=44bdb670f515384646bd6d92a5f11ad6e6b5329a;hpb=39f3516d7f57397cb61c5a28d3d199ad9bb1a719;p=monkeysphere.git diff --git a/src/common b/src/common index 44bdb67..f93793e 100644 --- a/src/common +++ b/src/common @@ -26,14 +26,40 @@ failure() { exit ${2:-'255'} } -# write output to stderr +# write output to stderr based on specified LOG_LEVEL the first +# parameter is the priority of the output, and everything else is what +# is echoed to stderr log() { - echo -n "ms: " >&2 - echo "$@" >&2 -} + local priority + local level + local output + + # translate lowers to uppers in global log level + LOG_LEVEL=$(echo "$LOG_LEVEL" | tr "[:lower:]" "[:upper:]") -loge() { - echo "$@" >&2 + # just go ahead and return if the log level is silent + if [ "$LOG_LEVEL" = 'SILENT' ] ; then + return + fi + + # get priority from first parameter, translating all lower to + # uppers + priority=$(echo "$1" | tr "[:lower:]" "[:upper:]") + shift + + # scan over available levels + # list in decreasing verbosity (all caps) + for level in DEBUG INFO ERROR ; do + # output if the log level matches, set output to true + # this will output for all subsequenty loops as well. + if [ "$LOG_LEVEL" = "$level" ] ; then + output=true + fi + if [ "$priority" = "$level" -a "$output" = 'true' ] ; then + echo -n "ms: " >&2 + echo "$@" >&2 + fi + done } # cut out all comments(#) and blank lines from standard input @@ -85,9 +111,12 @@ gpg_escape() { # prompt for GPG-formatted expiration, and emit result on stdout get_gpg_expiration() { - local keyExpire= + local keyExpire + + keyExpire="$1" - cat >&2 <&2 < = key expires in n days @@ -95,13 +124,17 @@ Please specify how long the key should be valid. m = key expires in n months y = key expires in n years EOF - while [ -z "$keyExpire" ] ; do - read -p "Key is valid for? (0) " keyExpire - if ! test_gpg_expire ${keyExpire:=0} ; then - echo "invalid value" >&2 - unset keyExpire - fi - done + while [ -z "$keyExpire" ] ; do + read -p "Key is valid for? (0) " keyExpire + if ! test_gpg_expire ${keyExpire:=0} ; then + echo "invalid value" >&2 + unset keyExpire + fi + done + elif ! test_gpg_expire "$keyExpire" ; then + failure "invalid key expiration value '$keyExpire'." + fi + echo "$keyExpire" } @@ -361,13 +394,12 @@ gpg_fetch_userid() { userID="$1" - log -n " checking keyserver $KEYSERVER... " + log info " checking keyserver $KEYSERVER... " echo 1,2,3,4,5 | \ gpg --quiet --batch --with-colons \ --command-fd 0 --keyserver "$KEYSERVER" \ --search ="$userID" > /dev/null 2>&1 returnCode="$?" - loge "done." # if the user is the monkeysphere user, then update the # monkeysphere user's trustdb @@ -389,10 +421,13 @@ gpg_fetch_userid() { # (see /usr/share/doc/gnupg/DETAILS.gz) # output is one line for every found key, in the following format: # -# flag:fingerprint +# flag:sshKey # # "flag" is an acceptability flag, 0 = ok, 1 = bad -# "fingerprint" is the fingerprint of the key +# "sshKey" is the translated gpg key +# +# all log output must go to stderr, as stdout is used to pass the +# flag:sshKey to the calling function. # # expects global variable: "MODE" process_user_id() { @@ -431,7 +466,7 @@ process_user_id() { # if the gpg query return code is not 0, return 1 if [ "$?" -ne 0 ] ; then - log " no primary keys found." + log error " no primary keys found." return 1 fi @@ -448,21 +483,21 @@ process_user_id() { lastKeyOK= fingerprint= - log " primary key found: $keyid" + log error " primary key found: $keyid" # if overall key is not valid, skip if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then - log " - unacceptable primary key validity ($validity)." + log error " - unacceptable primary key validity ($validity)." continue fi # if overall key is disabled, skip if check_capability "$usage" 'D' ; then - log " - key disabled." + log error " - key disabled." continue fi # if overall key capability is not ok, skip if ! check_capability "$usage" $requiredPubCapability ; then - log " - unacceptable primary key capability ($usage)." + log error " - unacceptable primary key capability ($usage)." continue fi @@ -476,7 +511,7 @@ process_user_id() { ;; 'uid') # user ids if [ "$lastKey" != pub ] ; then - log " - got a user ID after a sub key?! user IDs should only follow primary keys!" + log error " - got a user ID after a sub key?! user IDs should only follow primary keys!" continue fi # if an acceptable user ID was already found, skip @@ -497,16 +532,16 @@ process_user_id() { # output a line for the primary key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log " * acceptable primary key." + log error " * acceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated (not RSA or DSA?)." + log error " ! primary key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else - log " - unacceptable primary key." + log error " - unacceptable primary key." if [ -z "$sshKey" ] ; then - log " ! primary key could not be translated (not RSA or DSA?)." + log error " ! primary key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi @@ -553,16 +588,16 @@ process_user_id() { # output a line for the sub key # 0 = ok, 1 = bad if [ "$keyOK" -a "$uidOK" -a "$lastKeyOK" ] ; then - log " * acceptable sub key." + log error " * acceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated (not RSA or DSA?)." + log error " ! sub key could not be translated (not RSA or DSA?)." else echo "0:${sshKey}" fi else - log " - unacceptable sub key." + log error " - unacceptable sub key." if [ -z "$sshKey" ] ; then - log " ! sub key could not be translated (not RSA or DSA?)." + log error " ! sub key could not be translated (not RSA or DSA?)." else echo "1:${sshKey}" fi @@ -588,7 +623,7 @@ process_host_known_hosts() { host="$1" userID="ssh://${host}" - log "processing: $host" + log info "processing: $host" nKeys=0 nKeysOK=0 @@ -689,7 +724,7 @@ update_known_hosts() { # note if the known_hosts file was updated if [ "$(file_hash "$KNOWN_HOSTS")" != "$fileCheck" ] ; then - log "known_hosts file updated." + log info "known_hosts file updated." fi # if an acceptable host was found, return 0 @@ -712,12 +747,12 @@ update_known_hosts() { process_known_hosts() { local hosts - log "processing known_hosts file..." + log info "processing known_hosts file..." hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ') if [ -z "$hosts" ] ; then - log "no hosts to process." + log error "no hosts to process." return fi @@ -737,7 +772,7 @@ process_uid_authorized_keys() { userID="$1" - log "processing: $userID" + log info "processing: $userID" nKeys=0 nKeysOK=0 @@ -832,7 +867,7 @@ update_authorized_keys() { # note if the authorized_keys file was updated if [ "$(file_hash "$AUTHORIZED_KEYS")" != "$fileCheck" ] ; then - log "authorized_keys file updated." + log info "authorized_keys file updated." fi # if an acceptable id was found, return 0 @@ -859,10 +894,10 @@ process_authorized_user_ids() { authorizedUserIDs="$1" - log "processing authorized_user_ids file..." + log info "processing authorized_user_ids file..." if ! meat "$authorizedUserIDs" > /dev/null ; then - log "no user IDs to process." + log error "no user IDs to process." return fi