Clean up REQUIRED_KEY_CAPABILITY option passing to process_user_id.

Get rid of 'MODE' stuff, since it was not very clear and wasn't really
being used.

diff --git a/src/monkeysphere-authentication b/src/monkeysphere-authentication
index df7d9bcf6ddf8fd2db17971973a37b7ca20ec0c8..f00bf5eef7658f89687f300052f6ea44f50bf57c 100755 (executable)
--- a/src/monkeysphere-authentication
+++ b/src/monkeysphere-authentication
@@ -136,7 +136,6 @@ LOG_PREFIX=${MONKEYSPHERE_LOG_PREFIX:='ms: '}
 
 # export variables needed in su invocation
 export DATE
-export MODE
 export LOG_LEVEL
 export KEYSERVER
 export MONKEYSPHERE_USER

diff --git a/src/share/common b/src/share/common
index 4aa3f7ce14857b60390a2c2da02bf1cabddaeee7..0c06dde5b9e846e46aae3a216323da19bd7f7b91 100644 (file)
--- a/src/share/common
+++ b/src/share/common
@@ -559,7 +559,7 @@ gpg_fetch_userid() {
 # userid and key policy checking
 # the following checks policy on the returned keys
 # - checks that full key has appropriate valididy (u|f)
-# - checks key has specified capability (REQUIRED_*_KEY_CAPABILITY)
+# - checks key has specified capability (REQUIRED_KEY_CAPABILITY)
 # - checks that requested user ID has appropriate validity
 # (see /usr/share/doc/gnupg/DETAILS.gz)
 # output is one line for every found key, in the following format:
@@ -571,8 +571,6 @@ gpg_fetch_userid() {
 #
 # all log output must go to stderr, as stdout is used to pass the
 # flag:sshKey to the calling function.
-#
-# expects global variable: "MODE"
 process_user_id() {
     local returnCode=0
     local userID
@@ -593,11 +591,7 @@ process_user_id() {
     userID="$1"
 
     # set the required key capability based on the mode
-    if [ "$MODE" = 'known_hosts' ] ; then
-       requiredCapability="$REQUIRED_HOST_KEY_CAPABILITY"
-    elif [ "$MODE" = 'authorized_keys' ] ; then
-       requiredCapability="$REQUIRED_USER_KEY_CAPABILITY"      
-    fi
+    requiredCapability=${REQUIRED_KEY_CAPABILITY:="a"}
     requiredPubCapability=$(echo "$requiredCapability" | tr "[:lower:]" "[:upper:]")
 
     # fetch the user ID if necessary/requested
@@ -770,7 +764,7 @@ process_host_known_hosts() {
     local tmpfile
 
     # set the key processing mode
-    export MODE='known_hosts'
+    export REQUIRED_KEY_CAPABILITY="$REQUIRED_HOST_KEY_CAPABILITY"
 
     host="$1"
     userID="ssh://${host}"
@@ -954,7 +948,7 @@ process_uid_authorized_keys() {
     local sshKey
 
     # set the key processing mode
-    export MODE='authorized_keys'
+    export REQUIRED_KEY_CAPABILITY="$REQUIRED_USER_KEY_CAPABILITY"
 
     userID="$1"
 

diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 31b53bfc1df13bdebc26e3dd9c24dd411f8b3aae..0086cd32f57dc8573d8f6d5df8a5585e00bd0fc4 100644 (file)
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -27,9 +27,6 @@ else
     unames=$(list_users)
 fi
 
-# set mode
-MODE="authorized_keys"
-
 # set gnupg home
 GNUPGHOME="$GNUPGHOME_SPHERE"