From: Jameson Graef Rollins Date: Wed, 18 Mar 2009 16:01:02 +0000 (-0400) Subject: modify the ssh_proxycommand marginal ui output so that it better X-Git-Tag: monkeysphere_0.25~32^2~15 X-Git-Url: https://codewiz.org/gitweb?a=commitdiff_plain;h=3f71bfc52f158a76755a7b75362b449439819fa7;p=monkeysphere.git modify the ssh_proxycommand marginal ui output so that it better handles the case where the host can not be contacted. the new system attempts to retrieve the host ssh key before any ui output is made. this should make things a little clearer in this corner case, and make things a little more flexible down the line. --- diff --git a/packaging/debian/changelog b/packaging/debian/changelog index 70fef9f..16e7f21 100644 --- a/packaging/debian/changelog +++ b/packaging/debian/changelog @@ -1,11 +1,11 @@ monkeysphere (0.25-1~pre) UNRELEASED; urgency=low * New upstream release: - - fix the marginal ui output so that it's not prefixed by the LOG_PREFIX + - update/fix the marginal ui output - use msmktempdir everywhere (avoid unwrapped calls to mktemp for portability) - -- Jameson Graef Rollins Sat, 07 Mar 2009 12:28:13 -0500 + -- Jameson Graef Rollins Wed, 18 Mar 2009 11:46:44 -0400 monkeysphere (0.24-1) unstable; urgency=low diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand index 7ab4bec..2078445 100644 --- a/src/share/m/ssh_proxycommand +++ b/src/share/m/ssh_proxycommand @@ -36,52 +36,55 @@ output_no_valid_key() { LOG_PREFIX= - cat </dev/null | awk '{ print $2, $3 }') - # FIXME: should we do any checks for failed keyscans, eg. host not - # found? + # retrieve the ssh key being offered by the host + sshKeyOffered=$(ssh-keyscan -t rsa -p "$PORT" "$HOST" 2>/dev/null \ + | awk '{ print $2, $3 }') # get the gpg info for userid gpgOut=$(gpg_user --list-key --fixed-list-mode --with-colon \ --with-fingerprint --with-fingerprint \ ="$userID" 2>/dev/null) - # find all 'pub' and 'sub' lines in the gpg output, which each - # represent a retrieved key for the user ID - echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \ - while IFS=: read -r type validity keyid uidfpr usage ; do - case $type in - 'pub'|'sub') - # get the ssh key of the gpg key - sshKeyGPG=$(gpg2ssh "$keyid") - - # if one of keys found matches the one offered by the - # host, then output info - if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then - cat <"$sshKeyGPGFile" - sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \ - awk '{ print $2 }') - rm -f "$sshKeyGPGFile" + sshKeyGPGFile=$(msmktempfile) + printf "%s" "$sshKeyGPG" >"$sshKeyGPGFile" + sshFingerprint=$(ssh-keygen -l -f "$sshKeyGPGFile" | \ + awk '{ print $2 }') + rm -f "$sshKeyGPGFile" - # get the sigs for the matching key - gpgSigOut=$(gpg_user --check-sigs \ - --list-options show-uid-validity \ - "$keyid") + # get the sigs for the matching key + gpgSigOut=$(gpg_user --check-sigs \ + --list-options show-uid-validity \ + "$keyid") - # output the sigs, but only those on the user ID - # we are looking for - echo "$gpgSigOut" | awk ' + # output the sigs, but only those on the user ID + # we are looking for + echo "$gpgSigOut" | awk ' { if (match($0,"^pub")) { print; } if (match($0,"^uid")) { ok=0; } @@ -89,50 +92,58 @@ if (match($0,"^uid.*'$userID'$")) { ok=1; print; } if (ok) { if (match($0,"^sig")) { print; } } } ' | log info - echo | log info + echo | log info - # output the other user IDs for reference - if (echo "$gpgSigOut" | grep "^uid" | grep -v -q "$userID") ; then - cat <