From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Fri, 24 Jul 2009 15:08:35 +0000 (-0400)
Subject: Merge commit 'dkg/master'
X-Git-Tag: monkeysphere_0.26~24
X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=478dfc8331177d7397a8430e5d04bffcd601ab2b;hp=72721ebd269341e82b8e477d78a7f041d3639129

Merge commit 'dkg/master'
---

diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 9735e6e..75957bc 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -2,8 +2,9 @@ monkeysphere (0.26~pre-1) unstable; urgency=low
 
   * New upstream release:
     - add 'refresh-keys' subcommand to monkeysphere-authentication
+    - improve marginal UI (closes MS #1141)
 
- -- Jameson Graef Rollins <jrollins@finestructure.net>  Sat, 18 Jul 2009 14:12:02 -0400
+ -- Jameson Graef Rollins <jrollins@finestructure.net>  Fri, 24 Jul 2009 10:12:25 -0400
 
 monkeysphere (0.25-1) unstable; urgency=low
 
diff --git a/src/monkeysphere b/src/monkeysphere
index 341b9fd..94279f4 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -194,7 +194,18 @@ if [ -z "$KEYSERVER" ] ; then
     fi
 fi
 PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
-KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=$KNOWN_HOSTS}
+# check the known_hosts file
+if [ "$MONKEYSPHERE_KNOWN_HOSTS" ] ; then
+    if [ -f "$MONKEYSPHERE_KNOWN_HOSTS" ] ; then
+	KNOWN_HOSTS="$MONKEYSPHERE_KNOWN_HOSTS"
+    else
+	failure "specified monkeysphere known_hosts file '$MONKEYSPHERE_KNOWN_HOSTS' does not exist."
+    fi
+fi
+[ -d $(dirname "$KNOWN_HOSTS") ] \
+    || mkdir -m 0700 $(dirname "$KNOWN_HOSTS")
+[ -f "$KNOWN_HOSTS" ] \
+    || touch "$KNOWN_HOSTS"
 HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=$HASH_KNOWN_HOSTS}
 AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS}
 
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index 01ca488..33bd8a1 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -111,27 +111,24 @@ EOF
 	fi
     fi
 
-    # find all 'pub' and 'sub' lines in the gpg output, which each
-    # represent a retrieved key for the user ID
+    # find all keys in the gpg output ('pub' and 'sub' lines) and
+    # output the ones that match the host key or that have marginal
+    # validity
     echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
     while IFS=: read -r type validity keyid uidfpr usage ; do
 	case $type in
 	    'pub'|'sub')
 		# get the ssh key of the gpg key
 		sshKeyGPG=$(gpg2ssh "$keyid")
-
 		# if a key was retrieved from the host...
 		if [ "$sshKeyOffered" ] ; then
-
-		    # if one of keys found matches the one offered by the
-		    # host, then output info
+		    # if one of the keys matches the one offered by
+		    # the host, then output info and return
 		    if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
 			log info <<EOF
 An OpenPGP key matching the ssh key offered by the host was found:
 EOF
-
 			show_key_info "$keyid" | log info
-
 			# this whole process is in a "while read"
 			# subshell.  the only way to get information
 			# out of the subshell is to change the return
@@ -140,14 +137,14 @@ EOF
 			# for the ssh key offered by the host
 			return 1
 		    fi
-
-		# else if a key was not retrieved from the host
+		# else if a key was not retrieved from the host...
 		else
-
-		    # if the current key is marginal, show info
-		    if [ "$validity" = 'm' ] ; then
+		    # and the current key is marginal, show info
+		    if [ "$validity" = 'm' ] \
+			|| [ "$validity" = 'f' ] \
+			|| [ "$validity" = 'u' ] ; then
 			show_key_info "$keyid" | log info
-                    fi
+		    fi
 		fi
 		;;
 	esac
@@ -155,21 +152,24 @@ EOF
 
     # if no key match was made (and the "while read" subshell
     # returned 1) output how many keys were found
-    if (( returnCode != 1 )) ; then
-
+    if (( returnCode == 1 )) ; then
 	echo | log info
-
-	# output different footer messages depending on if a key had
-	# been retrieved from the host
+    else
+	# if a key was retrieved, but didn't match, note this
 	if [ "$sshKeyOffered" ] ; then
 	    log info <<EOF
 None of the found keys matched the key offered by the host.
 EOF
-	else
+	fi
+
+	# note how many invalid keys were found
+	nInvalidKeys=$(echo "$gpgOut" | egrep '^(pub|sub):[^(m|f|u)]:' | wc -l)
+	if ((nInvalidKeys > 0)) ; then
 	    log info <<EOF
-There may be keys for this hostname with less than marginal validity.
+Keys found with less than marginal validity: $nInvalidKeys
 EOF
 	fi
+
 	log info <<EOF
 Run the following command for more info about the found keys:
 gpg --check-sigs --list-options show-uid-validity =${userID}