2 files changed, 20 insertions, 21 deletions

diff --git a/src/share/m/update_authorized_keys b/src/share/m/update_authorized_keys
index 5449951..7fae9cd 100644
--- a/src/share/m/update_authorized_keys
+++ b/src/share/m/update_authorized_keys
@@ -12,27 +12,36 @@
 # 3 or later.
 
 update_authorized_keys() {
+    local newUmask
     local tmpFile
 
-    log debug "updating authorized_keys file:"
-    log debug " $AUTHORIZED_KEYS"
+    if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
+	log error "empty or absent authorized_user_ids file."
+	failure
+    fi
+    check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" \
+	|| failure "Bad permissions governing authorized_user_ids file '$AUTHORIZED_USER_IDS'"
 
-    check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" || failure
-    check_key_file_permissions $(whoami) "$AUTHORIZED_USER_IDS" || failure
+    # touch the authorized_keys file so that the file permission check
+    # below won't fail upon not finding the file
+    touch_key_file_or_fail "$AUTHORIZED_KEYS"
+    check_key_file_permissions $(whoami) "$AUTHORIZED_KEYS" \
+	|| failure "Bad permissions governing authorized_keys file $AUTHORIZED_KEYS"
 
     lock create "$AUTHORIZED_KEYS"
 
     # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
-    trap "lock remove $AUTHORIZED_KEYS" EXIT
+    trap "log debug TRAP; lock remove $AUTHORIZED_KEYS" EXIT
 
     tmpFile=$(mktemp "${AUTHORIZED_KEYS}.monkeysphere.XXXXXX")
 
-    trap "lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
+    trap "log debug TRAP; lock remove $AUTHORIZED_KEYS; rm -f $tmpFile" EXIT
 
     # remove any monkeysphere lines from authorized_keys file this is
     # to insure that that all old authorized keys that are no longer
     # authorized are removed
-    remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile"
+    log debug "removing old monkeysphere lines..."
+    remove_monkeysphere_lines <"$AUTHORIZED_KEYS" >"$tmpFile" || true
 
     process_authorized_user_ids "$tmpFile" \
 	< "$AUTHORIZED_USER_IDS"
diff --git a/src/share/m/update_known_hosts b/src/share/m/update_known_hosts
index 737666d..57176b8 100644
--- a/src/share/m/update_known_hosts
+++ b/src/share/m/update_known_hosts
@@ -21,28 +21,18 @@ update_known_hosts() {
 
     # touch the known_hosts file so that the file permission check
     # below won't fail upon not finding the file
-    if [ ! -f "$KNOWN_HOSTS" ]; then
-	# make sure to create any files or directories with the appropriate write bits turned off:
-	newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
-	[ -d $(dirname "$KNOWN_HOSTS") ] \
-	    || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
-	    || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
-	# make sure to create this file with the appropriate bits turned off:
-	(umask "$newUmask" && touch "$KNOWN_HOSTS") \
-	    || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
-    fi
-
+    touch_key_file_or_fail "$KNOWN_HOSTS"
     check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
-	|| failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
+	|| failure "Bad permissions governing known_hosts file $KNOWN_HOSTS"
 
     lock create "$KNOWN_HOSTS"
 
     # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
-    trap "lock remove $KNOWN_HOSTS" EXIT
+    trap "log debug TRAP; lock remove $KNOWN_HOSTS" EXIT
 
     tmpFile=$(mktemp "${KNOWN_HOSTS}.monkeysphere.XXXXXX")
 
-    trap "lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
+    trap "log debug TRAP; lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
 
     cat "$KNOWN_HOSTS" >"$tmpFile"