summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--packaging/debian/changelog3
-rwxr-xr-xsrc/monkeysphere13
-rw-r--r--src/share/m/ssh_proxycommand42
3 files changed, 35 insertions, 23 deletions
diff --git a/packaging/debian/changelog b/packaging/debian/changelog
index 9735e6e..75957bc 100644
--- a/packaging/debian/changelog
+++ b/packaging/debian/changelog
@@ -2,8 +2,9 @@ monkeysphere (0.26~pre-1) unstable; urgency=low
* New upstream release:
- add 'refresh-keys' subcommand to monkeysphere-authentication
+ - improve marginal UI (closes MS #1141)
- -- Jameson Graef Rollins <jrollins@finestructure.net> Sat, 18 Jul 2009 14:12:02 -0400
+ -- Jameson Graef Rollins <jrollins@finestructure.net> Fri, 24 Jul 2009 10:12:25 -0400
monkeysphere (0.25-1) unstable; urgency=low
diff --git a/src/monkeysphere b/src/monkeysphere
index 341b9fd..94279f4 100755
--- a/src/monkeysphere
+++ b/src/monkeysphere
@@ -194,7 +194,18 @@ if [ -z "$KEYSERVER" ] ; then
fi
fi
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}
-KNOWN_HOSTS=${MONKEYSPHERE_KNOWN_HOSTS:=$KNOWN_HOSTS}
+# check the known_hosts file
+if [ "$MONKEYSPHERE_KNOWN_HOSTS" ] ; then
+ if [ -f "$MONKEYSPHERE_KNOWN_HOSTS" ] ; then
+ KNOWN_HOSTS="$MONKEYSPHERE_KNOWN_HOSTS"
+ else
+ failure "specified monkeysphere known_hosts file '$MONKEYSPHERE_KNOWN_HOSTS' does not exist."
+ fi
+fi
+[ -d $(dirname "$KNOWN_HOSTS") ] \
+ || mkdir -m 0700 $(dirname "$KNOWN_HOSTS")
+[ -f "$KNOWN_HOSTS" ] \
+ || touch "$KNOWN_HOSTS"
HASH_KNOWN_HOSTS=${MONKEYSPHERE_HASH_KNOWN_HOSTS:=$HASH_KNOWN_HOSTS}
AUTHORIZED_KEYS=${MONKEYSPHERE_AUTHORIZED_KEYS:=$AUTHORIZED_KEYS}
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index c90074b..96326da 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -111,27 +111,24 @@ EOF
fi
fi
- # find all 'pub' and 'sub' lines in the gpg output, which each
- # represent a retrieved key for the user ID
+ # find all keys in the gpg output ('pub' and 'sub' lines) and
+ # output the ones that match the host key or that have marginal
+ # validity
echo "$gpgOut" | cut -d: -f1,2,5,10,12 | \
while IFS=: read -r type validity keyid uidfpr usage ; do
case $type in
'pub'|'sub')
# get the ssh key of the gpg key
sshKeyGPG=$(gpg2ssh "$keyid")
-
# if a key was retrieved from the host...
if [ "$sshKeyOffered" ] ; then
-
- # if one of keys found matches the one offered by the
- # host, then output info
+ # if one of the keys matches the one offered by
+ # the host, then output info and return
if [ "$sshKeyGPG" = "$sshKeyOffered" ] ; then
log info <<EOF
An OpenPGP key matching the ssh key offered by the host was found:
EOF
-
show_key_info "$keyid" | log info
-
# this whole process is in a "while read"
# subshell. the only way to get information
# out of the subshell is to change the return
@@ -140,14 +137,14 @@ EOF
# for the ssh key offered by the host
return 1
fi
-
- # else if a key was not retrieved from the host
+ # else if a key was not retrieved from the host...
else
-
- # if the current key is marginal, show info
- if [ "$validity" = 'm' ] ; then
+ # and the current key is marginal, show info
+ if [ "$validity" = 'm' ] \
+ || [ "$validity" = 'f' ] \
+ || [ "$validity" = 'u' ] ; then
show_key_info "$keyid" | log info
- fi
+ fi
fi
;;
esac
@@ -155,21 +152,24 @@ EOF
# if no key match was made (and the "while read" subshell
# returned 1) output how many keys were found
- if (( returnCode != 1 )) ; then
-
+ if (( returnCode == 1 )) ; then
echo | log info
-
- # output different footer messages depending on if a key had
- # been retrieved from the host
+ else
+ # if a key was retrieved, but didn't match, note this
if [ "$sshKeyOffered" ] ; then
log info <<EOF
None of the found keys matched the key offered by the host.
EOF
- else
+ fi
+
+ # note how many invalid keys were found
+ nInvalidKeys=$(echo "$gpgOut" | egrep '^(pub|sub):[^(m|f|u)]:' | wc -l)
+ if ((nInvalidKeys > 0)) ; then
log info <<EOF
-There may be keys for this hostname with less than marginal validity.
+Keys found with less than marginal validity: $nInvalidKeys
EOF
fi
+
log info <<EOF
Run the following command for more info about the found keys:
gpg --check-sigs --list-options show-uid-validity =${userID}