From ff8383ce9092335de6c00447bb45a2a7fbbf8685 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sat, 21 Feb 2009 14:57:41 -0500
Subject: make sure we're explicitly capturing return codes in places where
 they are tested, in case things are being run set -e

---
 src/share/common                | 17 ++++++++++-------
 src/share/m/ssh_proxycommand    | 10 ++++++----
 src/share/m/subkey_to_ssh_agent | 10 ++++------
 src/share/ma/update_users       |  5 +++--
 4 files changed, 23 insertions(+), 19 deletions(-)

(limited to 'src/share')

diff --git a/src/share/common b/src/share/common
index 653d58b..5e0cb6a 100644
--- a/src/share/common
+++ b/src/share/common
@@ -586,8 +586,8 @@ gpg2authorized_keys() {
 # FIXME: need to figure out how to retrieve all matching keys
 # (not just first N (5 in this case))
 gpg_fetch_userid() {
+    local returnCode=0
     local userID
-    local returnCode
 
     if [ "$CHECK_KEYSERVER" != 'true' ] ; then
 	return 0
@@ -626,6 +626,7 @@ gpg_fetch_userid() {
 #
 # expects global variable: "MODE"
 process_user_id() {
+    local returnCode=0
     local userID
     local requiredCapability
     local requiredPubCapability
@@ -657,10 +658,10 @@ process_user_id() {
     # output gpg info for (exact) userid and store
     gpgOut=$(gpg --list-key --fixed-list-mode --with-colon \
 	--with-fingerprint --with-fingerprint \
-	="$userID" 2>/dev/null)
+	="$userID" 2>/dev/null) || returnCode="$?"
 
     # if the gpg query return code is not 0, return 1
-    if [ "$?" -ne 0 ] ; then
+    if [ "$returnCode" -ne 0 ] ; then
         log verbose " no primary keys found."
         return 1
     fi
@@ -890,6 +891,7 @@ process_host_known_hosts() {
 # update the known_hosts file for a set of hosts listed on command
 # line
 update_known_hosts() {
+    local returnCode=0
     local nHosts
     local nHostsOK
     local nHostsBAD
@@ -919,9 +921,9 @@ update_known_hosts() {
 
     for host ; do
 	# process the host
-	process_host_known_hosts "$host"
+	process_host_known_hosts "$host" || returnCode="$?"
 	# note the result
-	case "$?" in
+	case "$returnCode" in
 	    0)
 		nHostsOK=$((nHostsOK+1))
 		;;
@@ -1043,6 +1045,7 @@ process_uid_authorized_keys() {
 # update the authorized_keys files from a list of user IDs on command
 # line
 update_authorized_keys() {
+    local returnCode=0
     local userID
     local nIDs
     local nIDsOK
@@ -1072,10 +1075,10 @@ update_authorized_keys() {
     for userID ; do
 	# process the user ID, change return code if key not found for
 	# user ID
-	process_uid_authorized_keys "$userID"
+	process_uid_authorized_keys "$userID" || returnCode="$?"
 
 	# note the result
-	case "$?" in
+	case "$returnCode" in
 	    0)
 		nIDsOK=$((nIDsOK+1))
 		;;
diff --git a/src/share/m/ssh_proxycommand b/src/share/m/ssh_proxycommand
index bd09588..abe068d 100644
--- a/src/share/m/ssh_proxycommand
+++ b/src/share/m/ssh_proxycommand
@@ -18,6 +18,7 @@
 # "marginal case" ouput in the case that there is not a full
 # validation path to the host
 output_no_valid_key() {
+    local returnCode=0
     local sshKeyOffered
     local userID
     local type
@@ -112,11 +113,11 @@ EOF
 		fi
 		;;
 	esac
-    done
+    done || returnCode="$?"
 
     # if no key match was made (and the "while read" subshell returned
     # 1) output how many keys were found
-    if (($? != 1)) ; then
+    if (( returnCode != 1 )) ; then
 	cat <<EOF | log info
 None of the found keys matched the key offered by the host.
 Run the following command for more info about the found keys:
@@ -200,12 +201,13 @@ fi
 CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
 
 # update the known_hosts file for the host
-update_known_hosts "$HOSTP"
+local returnCode=0
+update_known_hosts "$HOSTP" || returnCode="$?"
 
 # output on depending on the return of the update-known_hosts
 # subcommand, which is (ultimately) the return code of the
 # update_known_hosts function in common
-case $? in
+case "$returnCode" in
     0)
 	# acceptable host key found so continue to ssh
 	true
diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent
index 818f4f7..a2cf9a0 100644
--- a/src/share/m/subkey_to_ssh_agent
+++ b/src/share/m/subkey_to_ssh_agent
@@ -14,11 +14,11 @@
 # try to add all authentication subkeys to the agent
 
 subkey_to_ssh_agent() {
-    local sshaddresponse
+    local sshaddresponse=0
     local secretkeys
     local authsubkeys
     local workingdir
-    local keysuccess
+    local keysuccess=0
     local subkey
     local publine
     local kname
@@ -38,8 +38,7 @@ For more details, see:
 
     # and if it looks like it's running, but we can't actually talk to
     # it, bail out:
-    ssh-add -l >/dev/null
-    sshaddresponse="$?"
+    ssh-add -l >/dev/null || sshaddresponse="$?"
     if [ "$sshaddresponse" = "2" ]; then
 	failure "Could not connect to ssh-agent"
     fi
@@ -100,8 +99,7 @@ You might want to 'monkeysphere gen-subkey'"
 
 	    passphrase_prompt "Enter passphrase for key $kname: " "$workingdir/passphrase"
 	    wait %2
-	fi
-	keysuccess="$?"
+	fi || keysuccess="$?"
 
 	rm -f "$workingdir/$kname"
     done
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 092d108..bfefc31 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -93,8 +93,8 @@ for uname in $unames ; do
 
 	    # process authorized_user_ids file, as monkeysphere user
 	    su_monkeysphere_user \
-		". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS"
-	    RETURN="$?"
+		". ${SYSSHAREDIR}/common; process_authorized_user_ids $TMP_AUTHORIZED_USER_IDS" \
+		|| RETURN="$?"
 	else
 	    log debug "not processing authorized_user_ids."
 	fi
@@ -154,4 +154,5 @@ for uname in $unames ; do
     rm -rf "$TMPLOC"
 done
 
+return $RETURN
 }
-- 
cgit v1.2.3


From bb8f498db80efcfffdf60ef317254d7355ea54ef Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sat, 21 Feb 2009 15:37:30 -0500
Subject: import-key now requires a hostname be specified, and no longer does
 any hostname guessing.  this is so that we don't have to worry about
 prompting the user when guessing the hostname.  also updated documentation.

---
 man/man8/monkeysphere-host.8       | 11 +++++------
 src/monkeysphere-host              |  2 +-
 src/share/mh/import_key            | 30 ++----------------------------
 website/getting-started-admin.mdwn | 14 ++++----------
 4 files changed, 12 insertions(+), 45 deletions(-)

(limited to 'src/share')

diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 0a9fc1b..7909b62 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -23,14 +23,13 @@ connection authentication.
 
 \fBmonkeysphere-host\fP takes various subcommands:
 .TP
-.B import-key FILE [NAME[:PORT]]
+.B import-key FILE NAME[:PORT]
 Import a pem-encoded ssh secret host key from file FILE.  If FILE
 is '-', then the key will be imported from stdin.  NAME[:PORT] is used
-to specify the hostname (and port) used in the user ID of the new
-OpenPGP key.  If NAME is not specified, then the system
-fully-qualified domain name will be used (ie. `hostname -f').  If PORT
-is not specified, the no port is added to the user ID, which means
-port 22 is assumed.  `i' may be used in place of `import-key'.
+to specify the fully-qualified hostname (and port) used in the user ID
+of the new OpenPGP key.  If PORT is not specified, the no port is
+added to the user ID, which means port 22 is assumed.  `i' may be used
+in place of `import-key'.
 .TP
 .B show-key
 Output information about host's OpenPGP and SSH keys.  `s' may be used
diff --git a/src/monkeysphere-host b/src/monkeysphere-host
index efa48cd..540a8ab 100755
--- a/src/monkeysphere-host
+++ b/src/monkeysphere-host
@@ -54,7 +54,7 @@ usage: $PGRM <subcommand> [options] [args]
 Monkeysphere host admin tool.
 
 subcommands:
- import-key (i) FILE [NAME[:PORT]]   import existing ssh key to gpg
+ import-key (i) FILE NAME[:PORT]     import existing ssh key to gpg
  show-key (s)                        output all host key information
  publish-key (p)                     publish host key to keyserver
  set-expire (e) [EXPIRE]             set host key expiration
diff --git a/src/share/mh/import_key b/src/share/mh/import_key
index c545388..f7c69c3 100644
--- a/src/share/mh/import_key
+++ b/src/share/mh/import_key
@@ -26,39 +26,13 @@ if [ -z "$sshKeyFile" ] ; then
     failure "Must specify ssh key file to import, or specify '-' for stdin."
 fi
 
-# use the default hostname if not specified
+# fail if hostname not specified
 if [ -z "$hostName" ] ; then
-    hostName=$(hostname -f) || failure "Could not determine hostname."
-    # test that the domain is not obviously illegitimate
-    domain=${foo##*.}
-    case $domain in
-	'local'|'localdomain')
-	    failure "Host domain '$domain' is not legitimate.  Aborting key import."
-	    ;;
-    esac
-    # test that there are at least two parts
-    if (( $(echo "$hostName" | tr . ' ' | wc -w) < 2 )) ; then
-	failure "Host name '$hostName' is not legitimate.  Aborting key import."
-    fi
+    failure "You must specify a fully-qualified domain name for use in the host certificate user ID."
 fi
 
 userID="ssh://${hostName}"
 
-if [ "$PROMPT" = "true" ] ; then
-    cat <<EOF
-The ssh key will be imported and an OpenPGP certificate for this host
-will be generated with the following user ID:
-  $userID
-EOF
-    read -p "Are you sure you would like to create certificate? [Y/n] " OK; OK=${OK:-Y}
-    if [ "${OK/y/Y}" != 'Y' ] ; then
-	failure "ssh key not imported."
-    fi
-else
-    log debug "importing key without prompting."
-fi
-
-
 # create host home
 mkdir -p "${MHDATADIR}"
 mkdir -p "${GNUPGHOME_HOST}"
diff --git a/website/getting-started-admin.mdwn b/website/getting-started-admin.mdwn
index c4c2e64..d76d783 100644
--- a/website/getting-started-admin.mdwn
+++ b/website/getting-started-admin.mdwn
@@ -22,19 +22,13 @@ To begin, you must first import an ssh host key.  This assumes that
 you have the ssh server installed, and that you have generated a host
 RSA key.  Once that has been done, import the key:
 
-	# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key
+	# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key server.example.net
 
 This will generate an OpenPGP certificate for server.  The primary
 user ID for this certificate will be the ssh service URI for the host,
-which by default is based on the output of `hostname -f`
-(eg. `ssh://server.example.net`).  If the name determined from
-`hostname -f` is not the name you want to have in the service URI,
-then you can enter one manually:
-
-	# monkeysphere-host import-key /etc/ssh/ssh_host_rsa_key host.example.net
-
-Remember that the name you provide here must be a fully qualified
-domain name for the host in order for the monkeysphere to work.
+(eg. `ssh://server.example.net`).  Remember that the name you provide
+here must be a fully qualified domain name for the host in order for
+the monkeysphere to work.
 
 Now you can display information about the host key's certificate with
 the 'show-key' command:
-- 
cgit v1.2.3


From 5eba4661d75f977b46c8db028c0e79241dd36d76 Mon Sep 17 00:00:00 2001
From: Jameson Graef Rollins <jrollins@finestructure.net>
Date: Sat, 21 Feb 2009 15:39:44 -0500
Subject: fix return in subkey_to_ssh_agent, so that it returns, instead of
 exits

---
 src/share/m/subkey_to_ssh_agent | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/share')

diff --git a/src/share/m/subkey_to_ssh_agent b/src/share/m/subkey_to_ssh_agent
index a2cf9a0..7fb2fdb 100644
--- a/src/share/m/subkey_to_ssh_agent
+++ b/src/share/m/subkey_to_ssh_agent
@@ -110,5 +110,5 @@ You might want to 'monkeysphere gen-subkey'"
     # FIXME: sort out the return values: we're just returning the
     # success or failure of the final authentication subkey in this
     # case.  What if earlier ones failed?
-    exit "$keysuccess"
+    return "$keysuccess"
 }
-- 
cgit v1.2.3