Add new keys-from-userid subcommand to monkeysphere UI.

[monkeysphere.git] / src / share / common

diff --git a/src/share/common b/src/share/common
index 4aa3f7ce14857b60390a2c2da02bf1cabddaeee7..28da3c09925fc7ccb7487a05c7c5c0e8280fa456 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -559,7 +559,7 @@ gpg_fetch_userid() {
 # userid and key policy checking
 # the following checks policy on the returned keys
 # - checks that full key has appropriate valididy (u|f)
-# - checks key has specified capability (REQUIRED_*_KEY_CAPABILITY)
+# - checks key has specified capability (REQUIRED_KEY_CAPABILITY)
 # - checks that requested user ID has appropriate validity
 # (see /usr/share/doc/gnupg/DETAILS.gz)
 # output is one line for every found key, in the following format:
@@ -571,8 +571,6 @@ gpg_fetch_userid() {
 #
 # all log output must go to stderr, as stdout is used to pass the
 # flag:sshKey to the calling function.
-#
-# expects global variable: "MODE"
 process_user_id() {
     local returnCode=0
     local userID
@@ -593,11 +591,7 @@ process_user_id() {
     userID="$1"
 
     # set the required key capability based on the mode
-    if [ "$MODE" = 'known_hosts' ] ; then
-       requiredCapability="$REQUIRED_HOST_KEY_CAPABILITY"
-    elif [ "$MODE" = 'authorized_keys' ] ; then
-       requiredCapability="$REQUIRED_USER_KEY_CAPABILITY"      
-    fi
+    requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
     requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
 
     # fetch the user ID if necessary/requested
@@ -758,6 +752,59 @@ process_user_id() {
     # being processed in the key files over "bad" keys (key flag '1')
 }
 
+# output all valid keys for specified user ID literal
+keys_from_userid() {
+    local userID
+    local noKey=
+    local nKeys
+    local nKeysOK
+    local ok
+    local sshKey
+    local tmpfile
+
+    userID="$1"
+
+    log verbose "processing: $userID"
+
+    nKeys=0
+    nKeysOK=0
+
+    IFS=$'\n'
+    for line in $(process_user_id "${userID}") ; do
+       # note that key was found
+       nKeys=$((nKeys+1))
+
+       ok=$(echo "$line" | cut -d: -f1)
+       sshKey=$(echo "$line" | cut -d: -f2)
+
+        if [ -z "$sshKey" ] ; then
+            continue
+        fi
+
+       # if key OK, output key to stdout
+       if [ "$ok" -eq '0' ] ; then
+           # note that key was found ok
+           nKeysOK=$((nKeysOK+1))
+
+           printf '%s\n' "$sshKey"
+       fi
+    done
+
+    # if at least one key was found...
+    if [ "$nKeys" -gt 0 ] ; then
+       # if ok keys were found, return 0
+       if [ "$nKeysOK" -gt 0 ] ; then
+           return 0
+       # else return 2
+       else
+           return 2
+       fi
+    # if no keys were found, return 1
+    else
+       return 1
+    fi
+}
+
 # process a single host in the known_host file
 process_host_known_hosts() {
     local host
@@ -770,7 +817,7 @@ process_host_known_hosts() {
     local tmpfile
 
     # set the key processing mode
-    export MODE='known_hosts'
+    export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY"
 
     host="$1"
     userID="ssh://${host}"
@@ -954,7 +1001,7 @@ process_uid_authorized_keys() {
     local sshKey
 
     # set the key processing mode
-    export MODE='authorized_keys'
+    export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY"
 
     userID="$1"