A bunch of changes for variable scoping, exit codes, etc. See

debian/changelog.

9 files changed, 333 insertions, 161 deletions

diff --git a/debian/changelog b/debian/changelog
index 1f1db61..48af4d7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -7,8 +7,12 @@ monkeysphere (0.4-1) UNRELEASED; urgency=low
   * Privilege separation: use monkeysphere user to handle maintenance of
     the gnupg authentication keychain for server.
   * Improved certifier key management.
+  * Fixed variable scoping and config file precedence.
+  * Add options for key generation and add-certifier functions.
+  * Fix return codes for known_host and authorized_keys updating
+    functions.
 
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Sun, 29 Jun 2008 14:14:59 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu>  Wed, 09 Jul 2008 19:39:44 -0400
 
 monkeysphere (0.3-1) experimental; urgency=low
 
diff --git a/debian/monkeysphere.postinst b/debian/monkeysphere.postinst
index 87fbe12..a133a4b 100755
--- a/debian/monkeysphere.postinst
+++ b/debian/monkeysphere.postinst
@@ -28,7 +28,7 @@ install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-
 # install authentication gpg.conf
 cat <<EOF > "$VARLIB"/gnupg-authentication/gpg.conf
 list-options show-uid-validity
-primary-keyring ${VARLIB}/gnupg-authentication/pubring.gpg
-keyring ${VARLIB}/gnupg-host/pubring.gpg
+primary-keyring "$VARLIB"/gnupg-authentication/pubring.gpg
+keyring "$VARLIB"/gnupg-host/pubring.gpg
 EOF
 chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf
diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index defb0f7..15f43b1 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -2,8 +2,11 @@
 
 # This is an sh-style shell configuration file.  Variable names should
 # be separated from their assignements by a single '=' and no spaces.
+# Environement variables with the same names as these variables but
+# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# specified here.
 
-# GPG keyserver to search for keys
+# GPG keyserver to search for keys.
 #KEYSERVER=subkeys.pgp.net
 
 # Path to authorized_user_ids file to process to create
@@ -20,3 +23,6 @@
 # FIXME: this usage of "-" contravenes the normal convention where "-"
 # means standard in/out.  Why not use "none" or "" instead?
 #RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
+
+# User who controls the monkeysphere authentication keyring.
+#MONKEYSPHERE_USER=monkeysphere
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index aa3a664..2648fa9 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -2,11 +2,17 @@
 
 # This is an sh-style shell configuration file.  Variable names should
 # be separated from their assignements by a single '=' and no spaces.
+# Environement variables with the same names as these variables but
+# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# specified here.
 
-# GPG home directory
-#GNUPGHOME=~/.gnupg
+# GPG home directory.  If not specified either here or in the
+# MONKEYSPHERE_GNUPGHOME environment variable, then the value of the
+# GNUPGHOME environment variable will be used.  If GNUPGHOME is not
+# set either, then the default value is listed below.
+# GNUPGHOME=~/.gnupg
 
-# GPG keyserver to search for keys
+# GPG keyserver to search for keys.
 #KEYSERVER=subkeys.pgp.net
 
 # Set whether or not to check keyservers at every monkeysphere
@@ -17,12 +23,12 @@
 # of the keyserver.
 #CHECK_KEYSERVER=true
 
-# ssh known_hosts file
+# The path to the SSH known_hosts file.
 #KNOWN_HOSTS=~/.ssh/known_hosts
 
 # Whether or not to hash the generated known_hosts lines.
-# Should be "true" or "false"
+# Should be "true" or "false".
 #HASH_KNOWN_HOSTS=true
 
-# ssh authorized_keys file (FIXME: why is this relevant in this file?)
+# The path to the SSH authorized_keys file.
 #AUTHORIZED_KEYS=~/.ssh/authorized_keys
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index 45605da..f33ffea 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -35,9 +35,10 @@ monkeysphere-controlled authorized_keys file.  If no accounts are
 specified, then all accounts on the system are processed.  `u' may be
 used in place of `update-users'.
 .TP
-.B gen-key
-Generate a OpenPGP key pair for the host.  `g' may be used in place of
-`gen-key'.
+.B gen-key [HOSTNAME]
+Generate a OpenPGP key pair for the host.  If HOSTNAME is not
+specified, then the system fully-qualified domain name will be user.
+`g' may be used in place of `gen-key'.
 .TP
 .B show-fingerprint
 Show the fingerprint for the host's OpenPGP key.  `f' may be used in place of
diff --git a/src/common b/src/common
index d20d306..5d43fa4 100644
--- a/src/common
+++ b/src/common
@@ -83,10 +83,11 @@ remove_line() {
     file="$1"
     string="$2"
 
-    # if the line is there are removed, return 0
-    if [ "$file" -a "$string" ] ; then
+    # if the string is in the file and removed, return 0
+    if grep -q -F "$string" "$file" 2> /dev/null ; then
 	grep -v -F "$string" "$file" | sponge "$file"
 	return 0
+
     # otherwise return 1
     else
 	return 1
@@ -112,6 +113,11 @@ translate_ssh_variables() {
     echo "$path"
 }
 
+# test that a string to conforms to GPG's expiration format
+test_gpg_expire() {
+    echo "$1" | egrep -q "^[0-9][mwy]?$"
+}
+
 ### CONVERSION UTILITIES
 
 # output the ssh key for a given key ID
@@ -256,14 +262,14 @@ process_user_id() {
     fi
     requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
 
+    # fetch the user ID if necessary/requested
+    gpg_fetch_userid "$userID"
+
     # output gpg info for (exact) userid and store
     gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
 	--with-fingerprint --with-fingerprint \
 	="$userID" 2>/dev/null)
 
-    # fetch the user ID if necessary/requested
-    gpg_fetch_userid "$userID"
-
     # if the gpg query return code is not 0, return 1
     if [ "$?" -ne 0 ] ; then
         log "  - key not found."
@@ -380,10 +386,10 @@ process_user_id() {
 process_host_known_hosts() {
     local host
     local userID
+    local nKeys
+    local nKeysOK
     local ok
     local keyid
-    local idOK
-    local idRemoved
     local tmpfile
 
     host="$1"
@@ -392,17 +398,26 @@ process_host_known_hosts() {
 
     userID="ssh://${host}"
 
+    nKeys=0
+    nKeysOK=0
+
     for line in $(process_user_id "ssh://${host}") ; do
+	# note that key was found
+	nKeys=$((nKeys+1))
+
 	ok=$(echo "$line" | cut -d: -f1)
 	keyid=$(echo "$line" | cut -d: -f2)
 
 	sshKey=$(gpg2ssh "$keyid")
 
 	# remove the old host key line, and note if removed
-	remove_line "$KNOWN_HOSTS" "$sshKey" && idRemoved=true
+	remove_line "$KNOWN_HOSTS" "$sshKey"
 
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
+	    # note that key was found ok
+	    nKeysOK=$((nKeysOK+1))
+
 	    # hash if specified
 	    if [ "$HASH_KNOWN_HOSTS" = 'true' ] ; then
 		# FIXME: this is really hackish cause ssh-keygen won't
@@ -415,21 +430,19 @@ process_host_known_hosts() {
 	    else
 		ssh2known_hosts "$host" "$sshKey" >> "$KNOWN_HOSTS"
 	    fi
-
-	    # note that at least one ok id was found
-	    idOK=true
 	fi
     done
 
-    # if at least one ok id was found, return 0
-    if [ "$idOK" ] ; then
-	return 0
-
-    # if ids were only removed, return 2
-    elif [ "$idRemoved" ] ; then
-	return 2
-
-    # else return 1, to indicate nothing happened
+    # if at least one key was found...
+    if [ "$nKeys" -gt 0 ] ; then
+	# if ok keys were found, return 0
+	if [ "$nKeysOK" -gt 0 ] ; then
+	    return 0
+	# else return 2
+	else
+	    return 2
+	fi
+    # if no keys were found, return 1
     else
 	return 1
     fi
@@ -439,9 +452,9 @@ process_host_known_hosts() {
 # line
 update_known_hosts() {
     local nHosts
-    local host
     local nHostsOK
     local nHostsBAD
+    local host
 
     # the number of hosts specified on command line
     nHosts="$#"
@@ -480,17 +493,19 @@ update_known_hosts() {
 	log "known_hosts file updated."
     fi
 
-    # if all hosts were OK, return 0
-    if [ "$nHostsOK" -eq "$nHosts" ] ; then
+    # if an acceptable host was found, return 0
+    if [ "$nHostsOK" -gt 0 ] ; then
 	return 0
-
-    # if all hosts were BAD, return 2
-    elif [ "$nHostsBAD" -eq "$nHosts" ] ; then
-	return 2
-
-    # else return 1
+    # else if no ok hosts were found...
     else
-	return 1
+	# if no bad host were found then no hosts were found at all,
+	# and return 1
+	if [ "$nHostsBAD" -eq 0 ] ; then
+	    return 1
+	# else if at least one bad host was found, return 2
+	else
+	    return 2
+	fi
     fi
 }
 
@@ -511,42 +526,49 @@ process_known_hosts() {
 # process uids for the authorized_keys file
 process_uid_authorized_keys() {
     local userID
+    local nKeys
+    local nKeysOK
     local ok
     local keyid
-    local idOK
-    local idRemoved
 
     userID="$1"
 
     log "processing user ID: $userID"
 
+    nKeys=0
+    nKeysOK=0
+
     for line in $(process_user_id "$userID") ; do
+	# note that key was found
+	nKeys=$((nKeys+1))
+
 	ok=$(echo "$line" | cut -d: -f1)
 	keyid=$(echo "$line" | cut -d: -f2)
 
 	sshKey=$(gpg2ssh "$keyid")
 
 	# remove the old host key line
-	remove_line "$AUTHORIZED_KEYS" "$sshKey" && idRemoved=true
+	remove_line "$AUTHORIZED_KEYS" "$sshKey"
 
 	# if key OK, add new host line
 	if [ "$ok" -eq '0' ] ; then
-	    ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
+	    # note that key was found ok
+	    nKeysOK=$((nKeysOK+1))
 
-	    # note that at least one ok id was found
-	    idOK=true
+	    ssh2authorized_keys "$userID" "$sshKey" >> "$AUTHORIZED_KEYS"
 	fi
     done
 
-    # if at least one ok id was found, return 0
-    if [ "$idOK" ] ; then
-	return 0
-
-    # if ids were only removed, return 2
-    elif [ "$idRemoved" ] ; then
-	return 2
-
-    # else return 1, to indicate nothing happened
+    # if at least one key was found...
+    if [ "$nKeys" -gt 0 ] ; then
+	# if ok keys were found, return 0
+	if [ "$nKeysOK" -gt 0 ] ; then
+	    return 0
+	# else return 2
+	else
+	    return 2
+	fi
+    # if no keys were found, return 1
     else
 	return 1
     fi
@@ -599,17 +621,19 @@ update_authorized_keys() {
 	log "authorized_keys file updated."
     fi
 
-    # if all ids were OK, return 0
-    if [ "$nIDsOK" -eq "$nIDs" ] ; then
+    # if an acceptable id was found, return 0
+    if [ "$nIDsOK" -gt 0 ] ; then
 	return 0
-
-    # if all ids were BAD, return 2
-    elif [ "$nIDsBAD" -eq "$nIDs" ] ; then
-	return 2
-
-    # else return 1
+    # else if no ok ids were found...
     else
-	return 1
+	# if no bad ids were found then no ids were found at all, and
+	# return 1
+	if [ "$nIDsBAD" -eq 0 ] ; then
+	    return 1
+	# else if at least one bad id was found, return 2
+	else
+	    return 2
+	fi
     fi
 }
 
diff --git a/src/monkeysphere b/src/monkeysphere
index b10adb7..59b7e4a 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -11,18 +11,15 @@
 ########################################################################
 PGRM=$(basename $0)
 
-SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
-export SHAREDIR
-. "${SHAREDIR}/common" || exit 1
-
-GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}/monkeysphere.conf"}
-[ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG"
+SHARE=${MONKEYSPHERE_SHARE:-"/usr/share/monkeysphere"}
+export SHARE
+. "${SHARE}/common" || exit 1
 
 # date in UTF format if needed
 DATE=$(date -u '+%FT%T')
 
 # unset some environment variables that could screw things up
-GREP_OPTIONS=
+unset GREP_OPTIONS
 
 # default return code
 ERR=0
@@ -40,6 +37,8 @@ subcommands:
   update-known_hosts (k) [HOST]...  update known_hosts file
   update-authorized_keys (a)        update authorized_keys file
   gen-subkey (g) KEYID              generate an 'a' capable subkey
+    -l|--length BITS                  key length in bits (2048)
+    -e|--expire EXPIRE                date to expire
   help (h,?)                        this help
 
 EOF
@@ -79,11 +78,12 @@ gen_subkey(){
     fi
 
     # set subkey defaults
-    SUBKEY_TYPE=${SUBKEY_TYPE:-"RSA"}
-    SUBKEY_LENGTH=${SUBKEY_LENGTH:-}
-    SUBKEY_USAGE=${SUBKEY_USAGE:-"auth"}
-    SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"}
-    cat <<EOF
+    KEY_TYPE="RSA"
+    KEY_LENGTH=${KEY_LENGTH:-}
+    KEY_USAGE="auth"
+    # prompt about key expiration if not specified
+    if [ -z "$KEY_EXPIRE" ] ; then
+	cat <<EOF
 Please specify how long the key should be valid.
          0 = key does not expire
       <n>  = key expires in n days
@@ -91,7 +91,16 @@ Please specify how long the key should be valid.
       <n>m = key expires in n months
       <n>y = key expires in n years
 EOF
-    read -p "Key is valid for? ($SUBKEY_EXPIRE) " SUBKEY_EXPIRE; SUBKEY_EXPIRE=${SUBKEY_EXPIRE:-"0"}
+	while [ -z "$KEY_EXPIRE" ] ; do
+	    read -p "Key is valid for? (0) " KEY_EXPIRE
+	    if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then
+		echo "invalid value"
+		unset KEY_EXPIRE
+	    fi
+	done
+    elif ! test_gpg_expire "$KEY_EXPIRE" ; then
+	failure "invalid key expiration value '$KEY_EXPIRE'."
+    fi
 
     # generate the list of commands that will be passed to edit-key
     editCommands=$(cat <<EOF
@@ -101,8 +110,8 @@ S
 E
 A
 Q
-$SUBKEY_LENGTH
-$SUBKEY_EXPIRE
+$KEY_LENGTH
+$KEY_EXPIRE
 save
 EOF
 )
@@ -116,47 +125,85 @@ EOF
 # MAIN
 ########################################################################
 
+# unset variables that should be defined only in config file
+unset KEYSERVER
+unset CHECK_KEYSERVER
+unset KNOWN_HOSTS
+unset HASH_KNOWN_HOSTS
+unset AUTHORIZED_KEYS
+
+# load global config
+[ -r "${ETC}/monkeysphere.conf" ] && . "${ETC}/monkeysphere.conf"
+
+# set monkeysphere home directory
+MONKEYSPHERE_HOME=${MONKEYSPHERE_HOME:="${HOME}/.config/monkeysphere"}
+mkdir -p -m 0700 "$MONKEYSPHERE_HOME"
+
+# load local config
+[ -e ${MONKEYSPHERE_CONFIG:="${MONKEYSPHERE_HOME}/monkeysphere.conf"} ] && . "$MONKEYSPHERE_CONFIG"
+
+# set empty config variables with ones from the environment, or from
+# config file, or with defaults
+GNUPGHOME=${MONKEYSPHERE_GNUPGHOME:=${GNUPGHOME:="${HOME}/.gnupg"}}
+KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}}
+CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=${CHECK_KEYSERVER:="true"}}
+KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=${KNOWN_HOSTS:="${HOME}/.ssh/known_hosts"}}
+HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=${HASH_KNOWN_HOSTS:="true"}}
+AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=${AUTHORIZED_KEYS:="${HOME}/.ssh/authorized_keys"}}
+
+# other variables not in config file
+AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:="${MONKEYSPHERE_HOME}/authorized_user_ids"}
+REQUIRED_HOST_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_HOST_KEY_CAPABILITY:="a"}
+REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
+
+# export GNUPGHOME and make sure gpg home exists with proper
+# permissions
+export GNUPGHOME
+mkdir -p -m 0700 "$GNUPGHOME"
+
+# get subcommand
 COMMAND="$1"
 [ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
 shift
 
-# set ms home directory
-MS_HOME=${MS_HOME:-"${HOME}/.config/monkeysphere"}
-
-# load configuration file
-MS_CONF=${MS_CONF:-"${MS_HOME}/monkeysphere.conf"}
-[ -e "$MS_CONF" ] && . "$MS_CONF"
-
-# set empty config variable with defaults
-GNUPGHOME=${GNUPGHOME:-"${HOME}/.gnupg"}
-KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
-CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
-KNOWN_HOSTS=${KNOWN_HOSTS:-"${HOME}/.ssh/known_hosts"}
-HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-"true"}
-AUTHORIZED_KEYS=${AUTHORIZED_KEYS:-"${HOME}/.ssh/authorized_keys"}
-
-# other variables
-AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"${MS_HOME}/authorized_user_ids"}
-REQUIRED_HOST_KEY_CAPABILITY=${REQUIRED_HOST_KEY_CAPABILITY:-"a"}
-REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-
-export GNUPGHOME
-
-# make sure gpg home exists with proper permissions
-mkdir -p -m 0700 "$GNUPGHOME"
-
-# make sure the user monkeysphere home directory exists
-mkdir -p -m 0700 "$MS_HOME"
-touch "$AUTHORIZED_USER_IDS"
+# unset option variables
+unset KEY_LENGTH
+unset KEY_EXPIRE
+
+# get options for key generation and add-certifier functions
+TEMP=$(getopt -o l:e: -l length:,expire: -n "$PGRM" -- "$@")
+
+if [ $? != 0 ] ; then
+    usage
+    exit 1
+fi
+
+# Note the quotes around `$TEMP': they are essential!
+eval set -- "$TEMP"
+
+while true ; do
+    case "$1" in
+	-l|--length)
+	    KEY_LENGTH="$2"
+	    shift 2
+	    ;;
+	-e|--expire)
+	    KEY_EXPIRE="$2"
+	    shift 2
+	    ;;
+	--)
+	    shift
+	    ;;
+        *)
+            break
+            ;;
+    esac
+done
 
 case $COMMAND in
     'update-known_hosts'|'update-known-hosts'|'k')
 	MODE='known_hosts'
 
-        # touch the known_hosts file to make sure it exists
-	# ssh-keygen complains if it doesn't exist
-	touch "$KNOWN_HOSTS"
-
         # if hosts are specified on the command line, process just
         # those hosts
 	if [ "$1" ] ; then
@@ -167,7 +214,7 @@ case $COMMAND in
         # in the user's known_hosts file
 	else
 	    if [ ! -s "$KNOWN_HOSTS" ] ; then
-		failure "known_hosts file '$KNOWN_HOSTS' is empty."
+		failure "known_hosts file '$KNOWN_HOSTS' is empty or does not exist."
 	    fi
 
 	    process_known_hosts
@@ -180,7 +227,7 @@ case $COMMAND in
 
         # fail if the authorized_user_ids file is empty
 	if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
-	    failure "$AUTHORIZED_USER_IDS is empty."
+	    failure "$AUTHORIZED_USER_IDS is empty or does not exist."
 	fi
 
 	# process authorized_user_ids file
diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index a080076..b7e82d8 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -11,7 +11,7 @@
 ########################################################################
 PGRM=$(basename $0)
 
-SHARE=${SHARE:-"/usr/share/monkeysphere"}
+SHARE=${MONKEYSPHERE_SHARE:="/usr/share/monkeysphere"}
 export SHARE
 . "${SHARE}/common" || exit 1
 
@@ -22,7 +22,7 @@ export VARLIB
 DATE=$(date -u '+%FT%T')
 
 # unset some environment variables that could screw things up
-GREP_OPTIONS=
+unset GREP_OPTIONS
 
 # default return code
 ERR=0
@@ -38,12 +38,21 @@ MonkeySphere server admin tool.
 
 subcommands:
   update-users (u) [USER]...            update users authorized_keys files
+
   gen-key (g) [HOSTNAME]                generate gpg key for the server
+    -l|--length BITS                      key length in bits (2048)
+    -e|--expire EXPIRE                    date to expire
+    -r|--revoker FINGERPRINT              add a revoker
   show-fingerprint (f)                  show server's host key fingerprint
   publish-key (p)                       publish server's host key to keyserver
-  add-certifier (a) KEYID               import and tsign a certification key
-  remove-certifier (r) KEYID            remove a certification key
-  list-certifiers (l)                   list certification keys
+
+  add-identity-certifier (a) KEYID      import and tsign a certification key
+    -n|--domain DOMAIN                    domain of certifier ()
+    -t|--trust TRUST                      trust level of certifier ('full')
+    -d|--depth DEPTH                      trust depth for certifier (1)
+  remove-identity-certifier (r) KEYID   remove a certification key
+  list-identity-certifiers (l)          list certification keys
+
   help (h,?)                            this help
 
 EOF
@@ -76,6 +85,9 @@ gpg_host() {
 }
 
 # function to interact with the authentication gnupg keyring
+# FIXME: this function requires basically accepts only a single
+# argument because of problems with quote expansion.  this needs to be
+# fixed/improved.
 gpg_authentication() {
     GNUPGHOME="$GNUPGHOME_AUTHENTICATION"
     export GNUPGHOME
@@ -199,20 +211,20 @@ gen_key() {
     local fingerprint
 
     hostName=${1:-$(hostname --fqdn)}
+    userID="ssh://${hostName}"
 
-    SERVICE=${SERVICE:-"ssh"}
-    userID="${SERVICE}://${hostName}"
-
+    # check for presense of key with user ID
     if gpg_host --list-key ="$userID" > /dev/null 2>&1 ; then
 	failure "Key for '$userID' already exists"
     fi
 
-    # set key defaults
-    KEY_TYPE=${KEY_TYPE:-"RSA"}
-    KEY_LENGTH=${KEY_LENGTH:-"2048"}
-    KEY_USAGE=${KEY_USAGE:-"auth"}
-    KEY_EXPIRE=${KEY_EXPIRE:-"0"}
-    cat <<EOF
+    # set key variables
+    KEY_TYPE="RSA"
+    KEY_LENGTH=${KEY_LENGTH:="2048"}
+    KEY_USAGE="auth"
+    # prompt about key expiration if not specified
+    if [ -z "$KEY_EXPIRE" ] ; then
+	cat <<EOF
 Please specify how long the key should be valid.
          0 = key does not expire
       <n>  = key expires in n days
@@ -220,7 +232,16 @@ Please specify how long the key should be valid.
       <n>m = key expires in n months
       <n>y = key expires in n years
 EOF
-    read -p "Key is valid for? ($KEY_EXPIRE) " KEY_EXPIRE; KEY_EXPIRE=${KEY_EXPIRE:-"0"}
+	while [ -z "$KEY_EXPIRE" ] ; do
+	    read -p "Key is valid for? (0) " KEY_EXPIRE
+	    if ! test_gpg_expire ${KEY_EXPIRE:=0} ; then
+		echo "invalid value"
+		unset KEY_EXPIRE
+	    fi
+	done
+    elif ! test_gpg_expire "$KEY_EXPIRE" ; then
+	failure "invalid key expiration value '$KEY_EXPIRE'."
+    fi
 
     # set key parameters
     keyParameters=$(cat <<EOF
@@ -233,12 +254,10 @@ EOF
 )
 
     # add the revoker field if specified
-    # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.  why?
-    # FIXME: why is this marked "sensitive"?  how will this signature ever
-    # be transmitted to the expected revoker?
+    # FIXME: the "1:" below assumes that $REVOKER's key is an RSA key.
+    # FIXME: key is marked "sensitive"?  is this appropriate?
     if [ "$REVOKER" ] ; then
 	keyParameters="${keyParameters}"$(cat <<EOF
-
 Revoker: 1:$REVOKER sensitive
 EOF
 )
@@ -313,14 +332,14 @@ add_certifier() {
     gpg_host --export-ownertrust | gpg_authentication "--import-ownertrust"
 
     # get the key from the key server
-    gpg_authentication "--keyserver $KEYSERVER --recv-key $keyID"
+    gpg_authentication "--keyserver $KEYSERVER --recv-key '$keyID'"
 
     # get the full fingerprint of a key ID
     fingerprint=$(gpg_authentication "--list-key --with-colons --with-fingerprint $keyID" | \
 	grep '^fpr:' | grep "$keyID" | cut -d: -f10)
 
     if [ -z "$fingerprint" ] ; then
-	failure "Could not find key '$keyID'."
+	failure "Could not find key \"${keyID}\"."
     fi
 
     echo "key found:"
@@ -335,15 +354,16 @@ add_certifier() {
     gpg_authentication "--export $keyID" | gpg_host --import
 
     # default values for trust depth and domain
-    DEPTH=${DEPTH:-1}
     DOMAIN=${DOMAIN:-}
+    TRUST=${TRUST:-2}
+    DEPTH=${DEPTH:-1}
 
     # ltsign command
     # NOTE: *all* user IDs will be ltsigned
     ltsignCommand=$(cat <<EOF
 ltsign
 y
-2
+$TRUST
 $DEPTH
 $DOMAIN
 y
@@ -381,27 +401,29 @@ list_certifiers() {
 # MAIN
 ########################################################################
 
-COMMAND="$1"
-[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
-shift
+# unset variables that should be defined only in config file
+unset KEYSERVER
+unset AUTHORIZED_USER_IDS
+unset RAW_AUTHORIZED_KEYS
+unset MONKEYSPHERE_USER
 
 # load configuration file
-MS_CONF=${MS_CONF:-"${ETC}/monkeysphere-server.conf"}
-[ -e "$MS_CONF" ] && . "$MS_CONF"
+[ -e ${MONKEYSPHERE_SERVER_CONFIG:="${ETC}/monkeysphere-server.conf"} ] && . "$MONKEYSPHERE_SERVER_CONFIG"
 
-# set empty config variable with defaults
-MONKEYSPHERE_USER=${MONKEYSPHERE_USER:-"monkeysphere"}
-KEYSERVER=${KEYSERVER:-"subkeys.pgp.net"}
-CHECK_KEYSERVER=${CHECK_KEYSERVER:="true"}
-AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"%h/.config/monkeysphere/authorized_user_ids"}
-RAW_AUTHORIZED_KEYS=${RAW_AUTHORIZED_KEYS:-"%h/.ssh/authorized_keys"}
+# set empty config variable with ones from the environment, or with
+# defaults
+KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="subkeys.pgp.net"}}
+AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.config/monkeysphere/authorized_user_ids"}}
+RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
+MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
 
 # other variables
-REQUIRED_USER_KEY_CAPABILITY=${REQUIRED_USER_KEY_CAPABILITY:-"a"}
-GNUPGHOME_HOST=${GNUPGHOME_HOST:-"${VARLIB}/gnupg-host"}
-GNUPGHOME_AUTHENTICATION=${GNUPGHOME_AUTHENTICATION:-"${VARLIB}/gnupg-authentication"}
+CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
+REQUIRED_USER_KEY_CAPABILITY=${MONKEYSPHERE_REQUIRED_USER_KEY_CAPABILITY:="a"}
+GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${VARLIB}/gnupg-host"}
+GNUPGHOME_AUTHENTICATION=${MONKEYSPHERE_GNUPGHOME_AUTHENTICATION:="${VARLIB}/gnupg-authentication"}
 
-# export variables
+# export variables needed in su invocation
 export DATE
 export MODE
 export MONKEYSPHERE_USER
@@ -412,6 +434,65 @@ export GNUPGHOME_HOST
 export GNUPGHOME_AUTHENTICATION
 export GNUPGHOME
 
+# get subcommand
+COMMAND="$1"
+[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
+shift
+
+# unset option variables
+unset KEY_LENGTH
+unset KEY_EXPIRE
+unset REVOKER
+unset DOMAIN
+unset TRUST
+unset DEPTH
+
+# get options for key generation and add-certifier functions
+TEMP=$(getopt -o l:e:r:n:t:d: -l length:,expire:,revoker:,domain:,trust:,depth: -n "$PGRM" -- "$@")
+
+if [ $? != 0 ] ; then
+    usage
+    exit 1
+fi
+
+# Note the quotes around `$TEMP': they are essential!
+eval set -- "$TEMP"
+
+while true ; do
+    case "$1" in
+	-l|--length)
+	    KEY_LENGTH="$2"
+	    shift 2
+	    ;;
+	-e|--expire)
+	    KEY_EXPIRE="$2"
+	    shift 2
+	    ;;
+	-r|--revoker)
+	    REVOKER="$2"
+	    shift 2
+	    ;;
+	-n|--domain)
+	    DOMAIN="$2"
+	    shift 2
+	    ;;
+	-t|--trust)
+	    TRUST="$2"
+	    shift 2
+	    ;;
+	-d|--depth)
+	    DEPTH="$2"
+	    shift 2
+	    ;;
+	--)
+	    shift
+	    ;;
+        *)
+            break
+            ;;
+    esac
+done
+
 case $COMMAND in
     'update-users'|'update-user'|'u')
 	update_users "$@"
@@ -429,21 +510,21 @@ case $COMMAND in
 	publish_server_key
 	;;
 
-    'add-certifier'|'a')
+    'add-identity-certifier'|'add-certifier'|'a')
 	if [ -z "$1" ] ; then
 	    failure "You must specify a key ID."
 	fi
 	add_certifier "$1"
 	;;
 
-    'remove-certifier'|'r')
+    'remove-identity-certifier'|'remove-certifier'|'r')
 	if [ -z "$1" ] ; then
 	    failure "You must specify a key ID."
 	fi
 	remove_certifier "$1"
 	;;
 
-    'list-certifiers'|'l')
+    'list-identity-certifiers'|'list-certifiers'|'list-certifier'|'l')
 	list_certifiers "$@"
 	;;
 
diff --git a/src/monkeysphere-ssh-proxycommand b/src/monkeysphere-ssh-proxycommand
index b70f3c6..6d6d3c0 100755
--- a/src/monkeysphere-ssh-proxycommand
+++ b/src/monkeysphere-ssh-proxycommand
@@ -53,27 +53,30 @@ URI="ssh://${HOSTP}"
 # if the host is in the gpg keyring...
 if gpg --list-key ="${URI}" 2>&1 >/dev/null ; then
     # do not check the keyserver
-    CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"}
+    CHECK_KEYSERVER="false"
 
 # if the host is NOT in the keyring...
 else
     # if the host key is found in the known_hosts file...
     # FIXME: this only works for default known_hosts location
     hostKey=$(ssh-keygen -F "$HOST")
+
     if [ "$hostKey" ] ; then
 	# do not check the keyserver
 	# FIXME: more nuanced checking should be done here to properly
 	# take into consideration hosts that join monkeysphere by
 	# converting an existing and known ssh key
-	CHECK_KEYSERVER=${CHECK_KEYSERVER:-"false"}
+	CHECK_KEYSERVER="false"
 
     # if the host key is not found in the known_hosts file...
     else
 	# check the keyserver
-	CHECK_KEYSERVER=${CHECK_KEYSERVER:-"true"}
+	CHECK_KEYSERVER="true"
     fi
 fi
-export CHECK_KEYSERVER
+
+MONKEYSPHERE_CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="$CHECK_KEYSERVER"}
+export MONKEYSPHERE_CHECK_KEYSERVER
 
 # update the known_hosts file for the host
 monkeysphere update-known_hosts "$HOSTP"