Modify how logging is handled. Now send most everything to stderr.
authorJameson Graef Rollins <jrollins@phys.columbia.edu>
Fri, 13 Jun 2008 18:56:01 +0000 (14:56 -0400)
committerJameson Graef Rollins <jrollins@phys.columbia.edu>
Fri, 13 Jun 2008 18:56:01 +0000 (14:56 -0400)
Change to known_hosts hashing on by default.

src/common
src/monkeysphere
src/monkeysphere-server

index 8b0f41adc1d3d6b20780657c69fc8c649fd33ebd..0f98923805600d7d916aa3a1dc352193e627c6dd 100644 (file)
@@ -23,14 +23,8 @@ failure() {
     exit ${2:-'1'}
 }
 
-# write output to stdout
-log() {
-    echo -n "ms: "
-    echo "$@"
-}
-
 # write output to stderr
-loge() {
+log() {
     echo -n "ms: " 1>&2
     echo "$@" 1>&2
 }
@@ -153,7 +147,7 @@ process_user_id() {
 
     # return 1 if there only "tru" lines are output from gpg
     if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
-       loge "  key not found."
+       log "  key not found."
        return 1
     fi
 
@@ -182,18 +176,18 @@ process_user_id() {
 
                # check primary key validity
                if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
-                   loge "  unacceptable primary key validity ($validity)."
+                   log "  unacceptable primary key validity ($validity)."
                    continue
                fi
                # check capability is not Disabled...
                if check_capability "$capability" 'D' ; then
-                   loge "  key disabled."
+                   log "  key disabled."
                    continue
                fi
                # check overall key capability
                # must be Encryption and Authentication
                if ! check_capability "$capability" $requiredPubCapability ; then
-                   loge "  unacceptable primary key capability ($capability)."
+                   log "  unacceptable primary key capability ($capability)."
                    continue
                fi
 
@@ -242,7 +236,7 @@ process_user_id() {
     # key cache file
     if [ "$keyOK" -a "$uidOK" -a "${keyIDs[*]}" ] ; then
        for keyID in ${keyIDs[@]} ; do
-           loge "  acceptable key/uid found."
+           log "  acceptable key/uid found."
 
            if [ "$MODE" = 'known_hosts' ] ; then
                # export the key
@@ -298,11 +292,11 @@ process_known_hosts() {
     cacheDir="$2"
 
     # take all the hosts from the known_hosts file (first field),
-    # grep out all the hashed hosts (lines starting with '|')
+    # grep out all the hashed hosts (lines starting with '|')...
     cut -d ' ' -f 1 "$knownHosts" | \
     grep -v '^|.*$' | \
     while IFS=, read -r -a hosts ; do
-       # process each host
+       # ...and process each host
        for host in ${hosts[*]} ; do
            process_host "$host" "$cacheDir"
        done
index 6e71765d8e65ebb8d97a5e83fc2cb3beed396239..69741e1c10df0aa177b9b7f903c6ccba8ad14510 100755 (executable)
@@ -15,7 +15,7 @@ SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
 export SHAREDIR
 . "${SHAREDIR}/common"
 
-GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf}
+GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"}
 [ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG"
 
 # date in UTF format if needed
@@ -63,7 +63,7 @@ gen_ae_subkey(){
 
     # return 1 if there only "tru" lines are output from gpg
     if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
-       loge "  key not found."
+       log "  key not found."
        return 1
     fi
 
@@ -78,7 +78,7 @@ Name-Real: $userID
 EOF
 )
 
-    log "The following key parameters will be used:"
+    echo "The following key parameters will be used:"
     echo "$keyParameters"
 
     read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
@@ -107,27 +107,27 @@ COMMAND="$1"
 shift
 
 # set ms home directory
-MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere}
+MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"}
 
 # load configuration file
-MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
+MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"}
 [ -e "$MS_CONF" ] && . "$MS_CONF"
 
 # set empty config variable with defaults
-AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids}
-GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg}
-KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
+AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
+GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
+KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
 REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
-USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
-USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts}
-HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-}
+USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
+USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
+HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
 
 export GNUPGHOME
 
 # stagging locations
-hostKeysCacheDir="$MS_HOME"/host_keys
-userKeysCacheDir="$MS_HOME"/user_keys
-msAuthorizedKeys="$MS_HOME"/authorized_keys
+hostKeysCacheDir="${MS_HOME}/host_keys"
+userKeysCacheDir="${MS_HOME}/user_keys"
+msAuthorizedKeys="${MS_HOME}/authorized_keys"
 
 # make sure gpg home exists with proper permissions
 mkdir -p -m 0700 "$GNUPGHOME"
@@ -142,6 +142,7 @@ case $COMMAND in
        MODE='known_hosts'
 
         # touch the known_hosts file to make sure it exists
+       # ssh-keygen complains if it doesn't exist
        touch "$USER_KNOWN_HOSTS"
 
         # if hosts are specified on the command line, process just
@@ -151,8 +152,8 @@ case $COMMAND in
                process_host "$host" "$hostKeysCacheDir"
            done
 
-        # otherwise, if no hosts are specified, process the user
-        # known_hosts file
+        # otherwise, if no hosts are specified, process every user
+        # in the user's known_hosts file
        else
            if [ ! -s "$USER_KNOWN_HOSTS" ] ; then
                failure "known_hosts file '$USER_KNOWN_HOSTS' is empty."
@@ -167,8 +168,7 @@ case $COMMAND in
 
         # make sure authorized_user_ids file exists
        if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
-           log "authorized_user_ids file is empty or does not exist."
-           exit
+           failure "authorized_user_ids file is empty or does not exist."
        fi
 
        # set user-controlled authorized_keys file path
index 0ff06af5b261d67b0c3b011faef74f3687ff4b4c..65a7dda473177138176acd778c62d4ad59cb9360 100755 (executable)
@@ -70,7 +70,7 @@ EOF
 )
     fi
 
-    log "The following key parameters will be used:"
+    echo "The following key parameters will be used:"
     echo "$keyParameters"
 
     read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
@@ -90,7 +90,7 @@ EOF
 EOF
 )
 
-    echo "generating server key..."
+    log "generating server key..."
     echo "$keyParameters" | gpg --batch --gen-key
 }