add some more informative debug output to key processing.
authorJameson Graef Rollins <jrollins@finestructure.net>
Sun, 16 Nov 2008 22:26:14 +0000 (17:26 -0500)
committerJameson Graef Rollins <jrollins@finestructure.net>
Sun, 16 Nov 2008 22:26:14 +0000 (17:26 -0500)
src/common
src/monkeysphere-ssh-proxycommand

index efee9bd69bc1c2389937b1fd66077b887a94a81d..51b04708e1e34ca13dbc4d9d4d0a591211200c4d 100644 (file)
@@ -639,7 +639,7 @@ process_user_id() {
                ;;
            'uid') # user ids
                if [ "$lastKey" != pub ] ; then
-                   log verbose " - got a user ID after a sub key?!  user IDs should only follow primary keys!"
+                   log verbose " ! got a user ID after a sub key?!  user IDs should only follow primary keys!"
                    continue
                fi
                # if an acceptable user ID was already found, skip
@@ -652,6 +652,8 @@ process_user_id() {
                    if [ "$validity" = 'u' -o "$validity" = 'f' ] ; then
                        # mark user ID acceptable
                        uidOK=true
+                   else
+                       log debug "  - unacceptable user ID validity ($validity)."
                    fi
                else
                    continue
@@ -693,10 +695,12 @@ process_user_id() {
                
                # if sub key validity is not ok, skip
                if [ "$validity" != 'u' -a "$validity" != 'f' ] ; then
+                   log debug "  - unacceptable sub key validity ($validity)."
                    continue
                fi
                # if sub key capability is not ok, skip
                if ! check_capability "$usage" $requiredCapability ; then
+                   log debug "  - unacceptable sub key capability ($usage)."
                    continue
                fi
 
index b03984449316d039ba1d971d221be60a2496ff88..aeea30dcd976dbaef5770e317f41135ef879d7aa 100755 (executable)
@@ -45,20 +45,24 @@ output_no_valid_key() {
     local sshKeyGPG
     local sshFingerprint
 
-    log "OpenPGP keys with*out* full validity found for this host:"
+    userID="ssh://${HOSTP}"
+
+    log "Monkeysphere found only OpenPGP keys for this host with*out* full validity."
+    log "host:                $userID"
     log
 
     # retrieve the actual ssh key
     sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null | awk '{ print $2, $3 }')
+    # FIXME: should we do any checks for failed keyscans, eg host not
+    # found?
 
-    userID="ssh://${HOSTP}"
-
-    # output gpg info for (exact) userid and store
+    # output gpg info for userid and store
     gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
        --with-fingerprint --with-fingerprint \
        ="$userID" 2>/dev/null)
 
-    # loop over all lines in the gpg output and process.
+    # find all 'pub' and 'sub' lines in the gpg output, which each
+    # represent a retrieved key for the user ID
     echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
     while IFS=: read -r type validity keyid uidfpr usage ; do
        case $type in