From: Jameson Graef Rollins Date: Tue, 17 Feb 2009 20:19:40 +0000 (-0500) Subject: add some checks about setup to authentication X-Git-Tag: monkeysphere_0.23~78 X-Git-Url: https://codewiz.org/gitweb?p=monkeysphere.git;a=commitdiff_plain;h=a2a3d02d1aaf2d3dae3afea90c85cd6ca9f7ce4d add some checks about setup to authentication --- diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 4187c70..9b8baa9 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -24,8 +24,10 @@ authentication. \fBmonkeysphere-authentication\fP takes various subcommands. .TP .B setup -Setup the server for Monkeysphere user authentication. `s' may be -used in place of `setup'. +Setup the server for Monkeysphere user authentication. This command +is idempotent, which means it can be run multiple times to make sure +the setup is correct, without adversely affecting existing setups. +`s' may be used in place of `setup'. .TP .B update-users [ACCOUNT]... Rebuild the monkeysphere-controlled authorized_keys files. For each diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication index 465777d..60cb5f2 100755 --- a/src/monkeysphere-authentication +++ b/src/monkeysphere-authentication @@ -95,6 +95,14 @@ core_fingerprint() { | grep ^fpr: | cut -d: -f10 } +# fail if authentication has not been setup +check_no_setup() { + # FIXME: what is the right test to do here? + [ -d "$MADATADIR" ] \ + || failure "This host appears to have not yet been set up for Monkeysphere authentication. +Please run 'monkeysphere-authentication setup' first." +} + # export signatures from core to sphere gpg_core_sphere_sig_transfer() { log debug "exporting core local sigs to sphere..." @@ -155,21 +163,25 @@ case $COMMAND in ;; 'update-users'|'update-user'|'u') + check_no_setup source "${MASHAREDIR}/update_users" update_users "$@" ;; 'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+') + check_no_setup source "${MASHAREDIR}/add_certifier" add_certifier "$@" ;; 'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-') + check_no_setup source "${MASHAREDIR}/remove_certifier" remove_certifier "$@" ;; 'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c') + check_no_setup source "${MASHAREDIR}/list_certifiers" list_certifiers "$@" ;; @@ -180,6 +192,7 @@ case $COMMAND in ;; 'gpg-cmd') + check_no_setup gpg_sphere "$@" ;; diff --git a/src/share/ma/setup b/src/share/ma/setup index 02fc069..f59187b 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -70,7 +70,7 @@ EOF fi else - log verbose "This system has already set up the Monkeysphere authentication trust core." + log verbose "Monkeysphere authentication trust core already exists." fi # export the core key to the sphere keyring @@ -91,6 +91,7 @@ EOF fi else failure "Could not get monkeysphere-authentication trust guidelines." + # FIXME: what does this mean? should we suggest how to fix? fi # ensure that we're using the extended trust model (1), and that @@ -102,5 +103,6 @@ EOF log debug "sphere trust model: $TRUST_MODEL" if [ "$TRUST_MODEL" != '1:3:1' ] ; then failure "monkeysphere-authentication does not have the expected trust model settings." + # FIXME: what does this mean? should we suggest how to fix? fi }