add some checks about setup to authentication

3 files changed, 20 insertions, 3 deletions

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 4187c70..9b8baa9 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -24,8 +24,10 @@ authentication.
 \fBmonkeysphere-authentication\fP takes various subcommands.
 .TP
 .B setup
-Setup the server for Monkeysphere user authentication.  `s' may be
-used in place of `setup'.
+Setup the server for Monkeysphere user authentication.  This command
+is idempotent, which means it can be run multiple times to make sure
+the setup is correct, without adversely affecting existing setups.
+`s' may be used in place of `setup'.
 .TP
 .B update-users [ACCOUNT]...
 Rebuild the monkeysphere-controlled authorized_keys files.  For each
diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 465777d..60cb5f2 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -95,6 +95,14 @@ core_fingerprint() {
 	| grep ^fpr: | cut -d: -f10
 }
 
+# fail if authentication has not been setup
+check_no_setup() {
+    # FIXME: what is the right test to do here?
+    [ -d "$MADATADIR" ] \
+	|| failure "This host appears to have not yet been set up for Monkeysphere authentication.
+Please run 'monkeysphere-authentication setup' first."
+}
+
 # export signatures from core to sphere
 gpg_core_sphere_sig_transfer() {
     log debug "exporting core local sigs to sphere..."
@@ -155,21 +163,25 @@ case $COMMAND in
 	;;
 
     'update-users'|'update-user'|'u')
+	check_no_setup
 	source "${MASHAREDIR}/update_users"
 	update_users "$@"
 	;;
 
     'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+	check_no_setup
 	source "${MASHAREDIR}/add_certifier"
 	add_certifier "$@"
 	;;
 
     'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+	check_no_setup
 	source "${MASHAREDIR}/remove_certifier"
 	remove_certifier "$@"
 	;;
 
     'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+	check_no_setup
 	source "${MASHAREDIR}/list_certifiers"
 	list_certifiers "$@"
 	;;
@@ -180,6 +192,7 @@ case $COMMAND in
 	;;
 
     'gpg-cmd')
+	check_no_setup
 	gpg_sphere "$@"
 	;;
 
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 02fc069..f59187b 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -70,7 +70,7 @@ EOF
 	fi
 	
     else 
-	log verbose "This system has already set up the Monkeysphere authentication trust core."
+	log verbose "Monkeysphere authentication trust core already exists."
     fi
 
     # export the core key to the sphere keyring
@@ -91,6 +91,7 @@ EOF
 	fi
     else
 	failure "Could not get monkeysphere-authentication trust guidelines."
+	# FIXME: what does this mean?  should we suggest how to fix?
     fi
 
     # ensure that we're using the extended trust model (1), and that
@@ -102,5 +103,6 @@ EOF
     log debug "sphere trust model: $TRUST_MODEL"
     if [ "$TRUST_MODEL" != '1:3:1' ] ; then
 	failure "monkeysphere-authentication does not have the expected trust model settings."
+	# FIXME: what does this mean?  should we suggest how to fix?
     fi
 }