add ability to bypass prompting with a MONKEYSPHERE_PROMPT variable,

for functions that prompt for confirmation.  Also fix publish_key
function (NOT TESTED).

10 files changed, 83 insertions, 34 deletions

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index 60cb5f2..c349e6f 100755
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -114,11 +114,14 @@ gpg_core_sphere_sig_transfer() {
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file
+# unset variables that should be defined only in config file of in
+# MONKEYSPHERE_ variables
+unset LOG_LEVEL
 unset KEYSERVER
 unset AUTHORIZED_USER_IDS
 unset RAW_AUTHORIZED_KEYS
 unset MONKEYSPHERE_USER
+unset PROMPT
 
 # load configuration file
 [ -e ${MONKEYSPHERE_AUTHENTICATION_CONFIG:="${SYSCONFIGDIR}/monkeysphere-authentication.conf"} ] && . "$MONKEYSPHERE_AUTHENTICATION_CONFIG"
@@ -130,6 +133,7 @@ KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
 AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
 RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
 
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
@@ -142,8 +146,9 @@ CORE_KEYLENGTH=${MONKEYSPHERE_CORE_KEYLENGTH:="2048"}
 export DATE
 export MODE
 export LOG_LEVEL
-export MONKEYSPHERE_USER
 export KEYSERVER
+export MONKEYSPHERE_USER
+export PROMPT
 export CHECK_KEYSERVER
 export REQUIRED_USER_KEY_CAPABILITY
 export GNUPGHOME_CORE
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index a7b9697..2dc6003 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -177,6 +177,7 @@ show_key() {
     # trap to remove tmp dir if break
     trap "rm -rf $GNUPGHOME" EXIT
 
+    # import the host key into the tmp dir
     gpg --quiet --import <"$HOST_KEY_FILE"
 
     HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
@@ -208,9 +209,12 @@ show_key() {
 # MAIN
 ########################################################################
 
-# unset variables that should be defined only in config file
+# unset variables that should be defined only in config file of in
+# MONKEYSPHERE_ variables
+unset LOG_LEVEL
 unset KEYSERVER
 unset MONKEYSPHERE_USER
+unset PROMPT
 
 # load configuration file
 [ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] && . "$MONKEYSPHERE_HOST_CONFIG"
@@ -219,9 +223,8 @@ unset MONKEYSPHERE_USER
 # defaults
 LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=${LOG_LEVEL:="INFO"}}
 KEYSERVER=${MONKEYSPHERE_KEYSERVER:=${KEYSERVER:="pool.sks-keyservers.net"}}
-AUTHORIZED_USER_IDS=${MONKEYSPHERE_AUTHORIZED_USER_IDS:=${AUTHORIZED_USER_IDS:="%h/.monkeysphere/authorized_user_ids"}}
-RAW_AUTHORIZED_KEYS=${MONKEYSPHERE_RAW_AUTHORIZED_KEYS:=${RAW_AUTHORIZED_KEYS:="%h/.ssh/authorized_keys"}}
 MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=${MONKEYSPHERE_USER:="monkeysphere"}}
+PROMPT=${MONKEYSPHERE_PROMPT:=${PROMPT:="true"}}
 
 # other variables
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:="true"}
@@ -231,8 +234,10 @@ GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}
 export DATE
 export MODE
 export LOG_LEVEL
-export MONKEYSPHERE_USER
 export KEYSERVER
+export MONKEYSPHERE_USER
+export PROMPT
+export CHECK_KEYSERVER
 export GNUPGHOME_HOST
 export GNUPGHOME
 export HOST_FINGERPRINT=
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 28c229a..54ea673 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -36,8 +36,6 @@ local fingerprint
 local ltsignCommand
 local trustval
 
-PROMPT=true
-
 # get options
 while true ; do
     case "$1" in
@@ -53,10 +51,6 @@ while true ; do
 	    depth="$2"
 	    shift 2
 	    ;;
-	-y)
-	    PROMPT=false
-	    shift 1
-	    ;;
 	*)
 	    if [ "$(echo "$1" | cut -c 1)" = '-' ] ; then
 		failure "Unknown option '$1'.
@@ -114,7 +108,7 @@ fi
 log info "key found:"
 gpg_sphere "--fingerprint 0x${fingerprint}!"
 
-if [ "$PROMPT" = true ] ; then
+if [ "$PROMPT" = "true" ] ; then
     echo "Are you sure you want to add the above key as a"
     read -p "certifier of users on this system? (y/N) " OK; OK=${OK:-N}
     if [ "${OK/y/Y}" != 'Y' ] ; then
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 4e56264..8271ae0 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -23,13 +23,16 @@ if [ -z "$keyID" ] ; then
     failure "You must specify the key ID of a key to remove."
 fi
 
-if gpg_sphere "--list-key --fingerprint 0x${keyID}!" ; then
+# FIXME: should we be doing a fancier list_certifier output here?
+gpg_core --list-key --fingerprint "0x${keyID}!" || failure
+
+if [ "$PROMPT" = "true" ] ; then
     read -p "Really remove above listed identity certifier? (y/N) " OK; OK=${OK:-N}
     if [ "${OK/y/Y}" != 'Y' ] ; then
 	failure "Identity certifier not removed."
     fi
 else
-    failure
+    log debug "certifier removed without prompting."
 fi
 
 # delete the requested key from the sphere keyring
diff --git a/src/share/mh/add_hostname b/src/share/mh/add_hostname
index 910faf6..70bbec3 100644
--- a/src/share/mh/add_hostname
+++ b/src/share/mh/add_hostname
@@ -31,11 +31,15 @@ userID="ssh://${1}"
 find_host_userid > /dev/null && \
     failure "Host userID '$userID' already exists."
 
-echo "The following user ID will be added to the host key:"
-echo "  $userID"
-read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "User ID not added."
+if [ "$PROMPT" = "true" ] ; then
+    echo "The following user ID will be added to the host key:"
+    echo "  $userID"
+    read -p "Are you sure you would like to add this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "User ID not added."
+    fi
+else
+    log debug "adding user ID without prompting."
 fi
 
 # edit-key script command to add user ID
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 1464ae8..b4113df 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -77,10 +77,14 @@ fi
 log info "key found:"
 gpg_host --fingerprint "0x${fingerprint}!"
 
-echo "Are you sure you want to add the above key as a"
-read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N}
-if [ "${OK/y/Y}" != 'Y' ] ; then
-    failure "Revoker not added."
+if [ "$PROMPT" = "true" ] ; then
+    echo "Are you sure you want to add the above key as a"
+    read -p "revoker of the host key? (y/N) " OK; OK=${OK:-N}
+    if [ "${OK/y/Y}" != 'Y' ] ; then
+	failure "revoker not added."
+    fi
+else
+    log debug "adding revoker without prompting."
 fi
 
 # edit-key script to add revoker
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index 600dfcf..b433ad7 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -15,12 +15,33 @@
 
 publish_key() {
 
-read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "key not published."
+local GNUPGHOME
+
+if [ "$PROMPT" = "true" ] ; then
+    read -p "Really publish host key to $KEYSERVER? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "key not published."
+    fi
+else
+    log debug "publishing key without prompting."
 fi
 
+# create a temporary gnupg directory from which to publish the key
+export GNUPGHOME=$(mktemp -d)
+
+# trap to remove tmp dir if break
+trap "rm -rf $GNUPGHOME" EXIT
+
+# import the host key into the tmp dir
+su_monkeysphere_user \
+    "gpg --quiet --import" <"$HOST_KEY_FILE"
+
 # publish host key
-gpg_sphere "--keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'"
+su_monkeysphere_user \
+    "gpg --keyserver $KEYSERVER --send-keys '0x${HOST_FINGERPRINT}!'"
+
+# remove the tmp file
+trap - EXIT
+rm -rf "$GNUPGHOME"
 
 }
diff --git a/src/share/mh/revoke_hostname b/src/share/mh/revoke_hostname
index 99ba603..77f1f0d 100644
--- a/src/share/mh/revoke_hostname
+++ b/src/share/mh/revoke_hostname
@@ -42,11 +42,15 @@ userID="ssh://${1}"
 uidIndex=$(find_host_userid) || \
     failure "No non-revoked user ID found matching '$userID'."
 
-echo "The following host key user ID will be revoked:"
-echo "  $userID"
-read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
-if [ ${OK/y/Y} != 'Y' ] ; then
-    failure "User ID not revoked."
+if [ "$PROMPT" = "true" ] ; then
+    echo "The following host key user ID will be revoked:"
+    echo "  $userID"
+    read -p "Are you sure you would like to revoke this user ID? (y/N) " OK; OK=${OK:=N}
+    if [ ${OK/y/Y} != 'Y' ] ; then
+	failure "User ID not revoked."
+    fi
+else
+    log debug "revoking user ID without prompting."
 fi
 
 # edit-key script command to revoke user ID
diff --git a/src/share/mh/set_expire b/src/share/mh/set_expire
index 0b581d9..14d2501 100644
--- a/src/share/mh/set_expire
+++ b/src/share/mh/set_expire
@@ -21,6 +21,15 @@ local extendTo
 # get the new expiration date
 extendTo=$(get_gpg_expiration "$1")
 
+if [ "$PROMPT" = "true" ] ; then
+    read -p "Are you sure you want to change the expiration on the host key to '$extendTo'? (y/N) " OK; OK=${OK:-N}
+    if [ "${OK/y/Y}" != 'Y' ] ; then
+	failure "expiration not set."
+    fi
+else
+    log debug "extending without prompting."
+fi
+
 log info "setting host key expiration to ${extendTo}:"
 
 log debug "executing host expire script..."
diff --git a/tests/basic b/tests/basic
index d78a594..9114f32 100755
--- a/tests/basic
+++ b/tests/basic
@@ -242,7 +242,7 @@ gpg --export testuser | monkeysphere-authentication gpg-cmd --import
 echo "##################################################"
 echo "### update server authorized_keys file for this testuser..."
 monkeysphere-authentication update-users $(whoami)
-# FIXME: NOT FAILING PROPERLY FOR:
+# FIXME: this is maybe not failing properly for:
 # ms: improper group or other writability on path '/tmp'.