Add log output for keyserver checking.

Fix bug in proxy command to export CHECK_KEYSERVER variable.

diff --git a/src/common b/src/common
index c0a903054983c0c1aa130e8c2452eefc83bc9a7f..d1554a62c23ae9f44746d1e1114c0178d1d68f6a 100644 (file)
--- a/src/common
+++ b/src/common
@@ -47,17 +47,17 @@ gpg_fetch_userid() {
 
     userID="$1"
 
-    # if CHECK_KEYSERVER variable set, check the keyserver
-    # for the user ID
-    if [ "CHECK_KEYSERVER" ] ; then
-       echo 1,2,3,4,5 | \
-           gpg --quiet --batch --command-fd 0 --with-colons \
-           --keyserver "$KEYSERVER" \
-           --search ="$userID" >/dev/null 2>&1
-
-    # otherwise just return true
+    log "checking keyserver $KEYSERVER..."
+    echo 1,2,3,4,5 | \
+       gpg --quiet --batch --command-fd 0 --with-colons \
+       --keyserver "$KEYSERVER" \
+       --search ="$userID" >/dev/null 2>&1
+    if [ "$?" = 0 ] ; then
+       log "  user ID found on keyserver."
+       return 0
     else
-       return
+       log "  user ID not found on keyserver."
+       return 1
     fi
 }
 
@@ -167,8 +167,11 @@ process_user_id() {
     fi
     requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
 
-    # fetch keys from keyserver, return 1 if none found
-    gpg_fetch_userid "$userID" || return 1
+    # if CHECK_KEYSERVER variable set, check the keyserver
+    # for the user ID
+    if [ "$CHECK_KEYSERVER" = "true" ] ; then
+       gpg_fetch_userid "$userID"
+    fi
 
     # output gpg info for (exact) userid and store
     gpgOut=$(gpg --fixed-list-mode --list-key --with-colons \
@@ -176,7 +179,7 @@ process_user_id() {
 
     # return 1 if there only "tru" lines are output from gpg
     if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
-       log "  key not found."
+       log "  key not found in keychain."
        return 1
     fi
 
@@ -268,7 +271,7 @@ process_user_id() {
     # key cache file
     if [ "$keyOK" -a "$uidOK" -a "${keyIDs[*]}" ] ; then
        for keyID in ${keyIDs[@]} ; do
-           log "  acceptable key/uid found."
+           log "  acceptable key/userID found."
 
            if [ "$MODE" = 'known_hosts' ] ; then
                # export the key

diff --git a/src/monkeysphere b/src/monkeysphere
index a6ca62d7949189104cea0978e814b723b160143e..230de06839e54f82f3392a128de135de86546cf7 100755 (executable)
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -113,6 +113,7 @@ MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"}
 AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
 GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
 KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
+CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
 REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"e a"}
 REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
 USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}

diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index ec162ab8c62985d92bf82eb0e8a0eccb120abc6b..3887e4897d10eca20c7234761ae3e1451238c68c 100755 (executable)
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -40,11 +40,12 @@ fi
 # check for the host key in the known_hosts file
 hostKey=$(ssh-keygen -F "$HOST")
 
-# if the host key is not found in the known_hosts file,
-# check the keyserver
-if [ -z "$hostKey" ] ; then
-    CHECK_KEYSERVER="true"
+# if the host key is found in the known_hosts file,
+# don't check the keyserver
+if [ "$hostKey" ] ; then
+    CHECK_KEYSERVER="false"
 fi
+export CHECK_KEYSERVER
 
 # update the known_hosts file for the host
 monkeysphere update-known-hosts "$HOST"