# unset some environment variables that could screw things up
unset GREP_OPTIONS
-# default return code
-RETURN=0
-
# set the file creation mask to be only owner rw
umask 077
echo "$gpgSecOut" | cut -d: -f5
;;
*)
- echo "Multiple primary secret keys found:" | log error
- echo "$gpgSecOut" | cut -d: -f5 | log error
- echo "Please specify which primary key to use." | log error
+ echo "Multiple primary secret keys found:"
+ for key in $(echo "$gpgSecOut" | cut -d: -f5) ; do
+ echo " $key"
+ done
+ echo "Please specify which primary key to use."
failure
;;
esac
# those hosts
if [ "$1" ] ; then
update_known_hosts "$@"
- RETURN="$?"
# otherwise, if no hosts are specified, process every host
# in the user's known_hosts file
else
process_known_hosts
- RETURN="$?"
fi
;;
# process authorized_user_ids file
process_authorized_user_ids "$AUTHORIZED_USER_IDS"
- RETURN="$?"
;;
'import-subkey'|'i')
# FIXME: need to figure out how to retrieve all matching keys
# (not just first N (5 in this case))
gpg_fetch_userid() {
+ local returnCode=0
local userID
- local returnCode
if [ "$CHECK_KEYSERVER" != 'true' ] ; then
return 0
#
# expects global variable: "MODE"
process_user_id() {
+ local returnCode=0
local userID
local requiredCapability
local requiredPubCapability
# output gpg info for (exact) userid and store
gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
--with-fingerprint --with-fingerprint \
- ="$userID" 2>/dev/null)
+ ="$userID" 2>/dev/null) || returnCode="$?"
# if the gpg query return code is not 0, return 1
- if [ "$?" -ne 0 ] ; then
+ if [ "$returnCode" -ne 0 ] ; then
log verbose " no primary keys found."
return 1
fi
# update the known_hosts file for a set of hosts listed on command
# line
update_known_hosts() {
+ local returnCode=0
local nHosts
local nHostsOK
local nHostsBAD
for host ; do
# process the host
- process_host_known_hosts "$host"
+ process_host_known_hosts "$host" || returnCode="$?"
# note the result
- case "$?" in
+ case "$returnCode" in
0)
nHostsOK=$((nHostsOK+1))
;;
# update the authorized_keys files from a list of user IDs on command
# line
update_authorized_keys() {
+ local returnCode=0
local userID
local nIDs
local nIDsOK
for userID ; do
# process the user ID, change return code if key not found for
# user ID
- process_uid_authorized_keys "$userID"
+ process_uid_authorized_keys "$userID" || returnCode="$?"
# note the result
- case "$?" in
+ case "$returnCode" in
0)
nIDsOK=$((nIDsOK+1))
;;
# "marginal case" ouput in the case that there is not a full
# validation path to the host
output_no_valid_key() {
+ local returnCode=0
local sshKeyOffered
local userID
local type
fi
;;
esac
- done
+ done || returnCode="$?"
# if no key match was made (and the "while read" subshell returned
# 1) output how many keys were found
- if (($? != 1)) ; then
+ if (( returnCode != 1 )) ; then
cat <<EOF | log info
None of the found keys matched the key offered by the host.
Run the following command for more info about the found keys:
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
# update the known_hosts file for the host
-update_known_hosts "$HOSTP"
+local returnCode=0
+update_known_hosts "$HOSTP" || returnCode="$?"
# output on depending on the return of the update-known_hosts
# subcommand, which is (ultimately) the return code of the
# update_known_hosts function in common
-case $? in
+case "$returnCode" in
0)
# acceptable host key found so continue to ssh
true
# try to add all authentication subkeys to the agent
subkey_to_ssh_agent() {
- local sshaddresponse
+ local sshaddresponse=0
local secretkeys
local authsubkeys
local workingdir
- local keysuccess
+ local keysuccess=0
local subkey
local publine
local kname
# and if it looks like it's running, but we can't actually talk to
# it, bail out:
- ssh-add -l >/dev/null
- sshaddresponse="$?"
+ ssh-add -l >/dev/null || sshaddresponse="$?"
if [ "$sshaddresponse" = "2" ]; then
failure "Could not connect to ssh-agent"
fi
passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
wait %2
- fi
- keysuccess="$?"
+ fi || keysuccess="$?"
rm -f "$workingdir/$kname"
done
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
- RETURN="$?"
+ ". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \
+ || RETURN="$?"
else
log debug "not processing authorized_user_ids."
fi
rm -rf "$TMPLOC"
done
+return $RETURN
}
projects / monkeysphere.git / commitdiff