chiark / gitweb /
profile.d/01gnupg: Remove spurious initial `%' from `email' address.
[distorted-keys] / keyfunc.sh.in
CommitLineData
53263601
MW
1### -*-sh-*-
2###
3### Common key management functions.
4###
5### (c) 2011 Mark Wooding
6###
7
8###----- Licensing notice ---------------------------------------------------
9###
599c8f75
MW
10### This file is part of the distorted.org.uk key management suite.
11###
12### distorted-keys is free software; you can redistribute it and/or modify
53263601
MW
13### it under the terms of the GNU General Public License as published by
14### the Free Software Foundation; either version 2 of the License, or
15### (at your option) any later version.
16###
599c8f75 17### distorted-keys is distributed in the hope that it will be useful,
53263601
MW
18### but WITHOUT ANY WARRANTY; without even the implied warranty of
19### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20### GNU General Public License for more details.
21###
22### You should have received a copy of the GNU General Public License
599c8f75 23### along with distorted-keys; if not, write to the Free Software Foundation,
53263601
MW
24### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
25
26quis=${0##*/}
27
28###--------------------------------------------------------------------------
29### Configuration variables.
30
e787e19c 31## Automatically configured pathnames.
53263601 32PACKAGE="@PACKAGE@" VERSION="@VERSION@"
53263601
MW
33bindir="@bindir@"
34
e787e19c 35## Read user configuration.
c47f2aba 36if [ -f $ETC/keys.conf ]; then . $ETC/keys.conf; fi
599c8f75 37
e787e19c 38## Maybe turn on debugging.
599c8f75
MW
39case "${KEYS_DEBUG+t}" in t) set -x ;; esac
40
ec208149
MW
41## Fake up caller credentials if not called via userv.
42case "${USERV_USER+t}" in
43 t) ;;
44 *) USERV_USER=${LOGNAME-${USER-$(id -un)}} USERV_UID=$(id -u) ;;
45esac
46case "${USERV_GROUP+t}" in
47 t) ;;
48 *) USERV_GROUP=$(id -Gn) USERV_GID=$(id -gn) ;;
49esac
50
53263601
MW
51###--------------------------------------------------------------------------
52### Cleanup handling.
53
54cleanups=""
c47f2aba
MW
55cleanup () { cleanups=${cleanups+$cleanups }$1; }
56runcleanups () { for i in $cleanups; do $i; done; }
57trap 'rc=$?; runcleanups; exit $rc' EXIT
58trap 'trap "" EXIT; runcleanups; exit 127' INT TERM
53263601
MW
59
60###--------------------------------------------------------------------------
61### Utility functions.
62
c47f2aba
MW
63reqsafe () {
64 ## Fail unless a safe directory is set.
65
66 err="$quis: (CONFIGURATION ERROR)"
67 case ${SAFE+t} in
68 t) ;;
69 *) echo >&2 "$err: no SAFE directory"; exit 1 ;;
70 esac
71 if [ ! -d "$SAFE" ]; then
72 echo >&2 "$err: SAFE path \`$SAFE' isn't a directory"
73 exit 1
74 fi
75 case "$SAFE" in
76 [!/]* | *[][[:space:]*?]*)
77 echo >&2 "$err: SAFE path \`$SAFE' contains bad characters"
78 exit 1
79 ;;
80 esac
81 ls -ld "$SAFE" | {
82 me=$(id -un)
83 read perm _ user stuff
84 case "$perm:$user" in
85 d???------:"$me") ;;
86 *)
87 echo >&2 "$err: SAFE path \`$SAFE' has bad owner or permissions"
88 exit 1
89 ;;
90 esac
91 }
92}
93
53263601
MW
94## Temporary directory.
95unset tmp
c47f2aba
MW
96rmtmp () { case ${tmp+t} in t) cd /; rm -rf $tmp ;; esac; }
97cleanup rmtmp
53263601 98mktmp () {
c47f2aba 99 ## Make a temporary directory and store its name in `tmp'.
53263601 100
c47f2aba
MW
101 case "${tmp+t}" in t) return ;; esac
102 reqsafe
103 tmp="$SAFE/keys.tmp.$$"
53263601
MW
104 rm -rf "$tmp"
105 mkdir -m700 "$tmp"
53263601
MW
106}
107
c47f2aba
MW
108reqtmp () {
109 ## Fail unless a temporary directory is set.
53263601 110
c47f2aba
MW
111 case ${tmp+t} in
112 t) ;;
113 *) echo >&2 "$quis (INTERNAL): no tmp directory set"; exit 127 ;;
53263601
MW
114 esac
115}
116
c47f2aba
MW
117parse_keylabel () {
118 key=$1
119 ## Parse the key label string KEY. Set `kdir' to the base path to use for
120 ## the key's storage, and `kowner' to the key owner's name.
121
122 case "$key" in
123 *:*) kowner=${key%%:*} klabel=${key#*:} ;;
124 *) kowner=$USERV_USER klabel=$key ;;
53263601 125 esac
c47f2aba
MW
126 checkword "key owner name" "$kowner"
127 checklabel "key" "$klabel"
128 kdir=$KEYS/store/$kowner/$klabel
129 knub=$KEYS/nub/$kowner/$klabel
53263601
MW
130}
131
4c8c4065
MW
132runas () {
133 user=$1 service=$2; shift 2
134 ## If the current (effective) user is not USER then reinvoke via `userv',
135 ## as the specified service, with the remaining arguments.
136
137 case $(id -un) in
138 "$user") ;;
139 *) exec userv "$user" "$service" "$@" ;;
140 esac
141}
142
c47f2aba
MW
143###--------------------------------------------------------------------------
144### Input validation functions.
145
146nl="
147"
148check () {
149 ckwhat=$1 ckpat=$2 thing=$3
150 ## Verify that THING matches the (anchored, basic) regular expression
151 ## CKPAT. Since matching newlines is hard to do portably, also check that
152 ## THING doesn't contain any. If the checks fail, report an error and
153 ## exit.
154
155 validp=t
599c8f75 156 case "$thing" in
ec3628d8
MW
157 *"$nl"*)
158 validp=nil
159 ;;
160 *)
161 if ! expr >/dev/null "Q$thing" : "\(Q$ckpat\)\$"; then
162 validp=nil
163 fi
164 ;;
c47f2aba
MW
165 esac
166 case $validp in
167 nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
599c8f75
MW
168 esac
169}
170
c47f2aba
MW
171## Regular expressions for validating input.
172R_IDENTCHARS="A-Za-z0-9_"
09c56d3e
MW
173R_GOODPUNCT="!%@+="
174R_WORDCHARS="-$R_IDENTCHARS$R_GOODPUNCT"
c47f2aba
MW
175R_IDENT="[$R_IDENTCHARS][$R_IDENTCHARS]*"
176R_WORD="[$R_WORDCHARS][$R_WORDCHARS]*"
09c56d3e 177R_ACLCHARS="][$R_IDENTCHARS$R_GOODPUNCT*?:.#"
c47f2aba 178R_WORDSEQ="[$R_WORDCHARS[:space:]][$R_WORDCHARS[:space:]]*"
09c56d3e 179R_ACL="[$R_ACLCHARS[:space:]-][$R_ACLCHARS[:space:]-]*"
c47f2aba
MW
180R_NUMERIC='\(\([1-9][0-9]*\)\{0,1\}0\{0,1\}\)'
181R_LABEL="\($R_WORD\(/$R_WORD\)*\)"
182R_LINE=".*"
183
184## Various validation functions.
185checknumber () { check "$1" "$R_NUMERIC" "$2"; }
186checkident () { check "$1" "$R_IDENT" "$2"; }
187checkword () { check "$1" "$R_WORD" "$2"; }
188checklabel () { check "$1 label" "$R_LABEL" "$2"; }
189
53263601 190###--------------------------------------------------------------------------
c47f2aba
MW
191### Key storage and properties.
192
193getsysprofile () {
194 profile=$1
195 ## Write the named system PROFILE to standard output.
196
b65e1f93 197 $bindir/extract-profile "$profile" $ETC/profile.d/
c47f2aba
MW
198}
199
200setprops () {
201 what=$1 prefix=$2; shift 2
202 ## Set variables based on the NAME=VALUE assignments in the arguments. The
203 ## value for property NAME is stored in the shell variable PREFIX_NAME.
204
205 for assg in "$@"; do
206 goodp=t
207 case "$assg" in
208 *\=*) name=${assg%%=*} value=${assg#*=} ;;
209 *) goodp=nil ;;
210 esac
211 case "$goodp,$name" in t,*[!0-9A-Za-z_]*=*) goodp=nil ;; esac
212 case "$goodp" in
213 nil) echo >&2 "$quis: bad $what assignment \`$assg'"; exit 1 ;;
214 esac
215 eval "$prefix$name=\$value"
216 done
217}
53263601 218
c47f2aba
MW
219checkprops () {
220 whatprop=$1 prefix=$2; shift 2
221 ## Check that property variables are set in accordance with the remaining
222 ## TABLE arguments. Each row of TABLE has the form
53263601 223 ##
c47f2aba
MW
224 ## NAME OMIT PAT
225 ##
226 ## A table row is satisfied if there is a variable PREFIXNAME whose value
227 ## matces the (basic) regular expression PAT, or if the variable is unset
228 ## and OMIT is `t'.
229
230 for table in "$@"; do
231 case "$table" in ?*) ;; *) continue ;; esac
232 while read -r name omit pat; do
233 eval foundp=\${$prefix$name+t}
234 case "$foundp,$omit" in
235 ,t) continue ;;
236 ,nil)
237 echo >&2 "$quis: missing $whatprop \`$name' required"
238 exit 1
239 ;;
240 esac
241 eval value=\$$prefix$name
242 check "value for $whatprop \`$name'" "$pat" "$value"
243 done <<EOF
244$table
245EOF
246 done
247}
53263601 248
f9431707
MW
249dumpprops () {
250 prefix=$1
251 ## Write the properties stored in the variables beginning with PREFIX.
252
253 set | sed -n "/^$prefix/{s/=.*\$//;p}" | sort | while read name; do
254 eval value=\$$name
255 echo "${name#$prefix}=$value"
256 done
257}
258
c47f2aba
MW
259defprops () {
260 name=$1
261 ## Define a properties table NAME.
262
263 table=$(cat)
264 eval $name=\$table
265}
266
267defprops g_props <<EOF
268type nil $R_IDENT
269recovery t $R_WORDSEQ
270random t $R_WORD
2a877b7f
MW
271nub_hash t $R_WORD
272nubid_hash t $R_WORD
273nub_random_bytes t $R_NUMERIC
09c56d3e
MW
274acl_encrypt t $R_ACL
275acl_decrypt t $R_ACL
276acl_sign t $R_ACL
277acl_verify t $R_ACL
278acl_info t $R_ACL
c47f2aba
MW
279EOF
280
281readprops () {
282 file=$1
283 ## Read a profile from a file. This doesn't check the form of the
284 ## filename, so it's not suitable for unchecked input. Properties are set
285 ## using `setprops' with prefix `kprop_'.
286
287 ## Parse the settings from the file.
288 exec 3<"$file"
289 while read line; do
290 case "$line" in "" | \#*) continue ;; esac
291 setprops "property" kprop_ "$line"
292 done <&3
293 exec 3>&-
294 checkprops "property" kprop_ "$g_props"
295
296 ## Fetch the key-type handling library.
297 if [ ! -f $KEYSLIB/ktype.$kprop_type ]; then
298 echo >&2 "$quis: unknown key type \`$kprop_type'"
299 exit 1
300 fi
301 . $KEYSLIB/ktype.$kprop_type
302 checkprops "property" kprop_ "$k_props"
303}
304
305readmeta () {
306 kdir=$1
307 ## Read key metadata from KDIR.
308
309 { read profile; } <"$kdir"/meta
310}
311
312makenub () {
313 ## Generate a key nub in the default way, and write it to standard output.
2a877b7f
MW
314 ## The properties `random', `nub_random_bytes' and `nub_hash' are referred
315 ## to.
c47f2aba
MW
316
317 dd 2>/dev/null \
2a877b7f
MW
318 if=/dev/${kprop_random-random} bs=1 count=${kprop_nub_random_bytes-64} |
319 openssl dgst -${kprop_nub_hash-sha256} -binary |
c47f2aba
MW
320 openssl base64
321}
322
323nubid () {
324 ## Compute a hash of the key nub in stdin, and write it to stdout in hex.
2a877b7f 325 ## The property `nubid_hash' is used.
c47f2aba 326
21a21fff
MW
327 ## Stupid dance because the output incompatibly grew a filename, in order
328 ## to demonstrate the same idiocy as GNU mumblesum.
329 set _ $({ echo "distorted-keys nubid"; cat -; } |
330 openssl dgst -${kprop_nubid_hash-sha256})
37ba6d05 331 if [ $# -gt 2 ]; then shift; fi
21a21fff 332 echo $2
c47f2aba
MW
333}
334
335subst () {
336 what=$1 templ=$2 prefix=$3 pat=$4
337 ## Substitute option values into the template TEMPL. Each occurrence of
338 ## %{VAR} is replaced by the value of the variable PREFIXVAR. Finally, an
339 ## error is reported unless the final value matches the regular expression
340 ## PAT.
341
342 out=""
343 rest=$templ
344 while :; do
345
346 ## If there are no more markers to substitute, then finish.
347 case "$rest" in *"%{"*"}"*) ;; *) out=$out$rest; break ;; esac
348
349 ## Split the template into three parts.
350 left=${rest%%\%\{*} right=${rest#*\%\{}
351 var=${right%%\}*} rest=${right#*\}}
352 case "$var" in
353 *-*) default=${var#*-} var=${var%%-*} defaultp=t ;;
354 *) defaultp=nil ;;
355 esac
356
357 ## Find the variable value.
358 checkident "template variable name" "$var"
359 eval foundp=\${$prefix$var+t}
360 case $foundp,$defaultp in
361 t,*) eval value=\$$prefix$var ;;
362 ,t) value=$default ;;
363 *)
364 echo >&2 "$quis: option \`$var' unset, used in template \`$templ'"
365 exit 1
366 ;;
367 esac
368
369 ## Do the substitution.
370 out=$out$left$value
371 done
372
373 ## Check the final result.
374 check "$what" "$pat" "$out"
375
376 ## Done.
377 echo "$out"
378}
379
380read_profile () {
e9cf7079 381 owner=$1 profile=$2
c47f2aba 382 ## Read property settings from a profile. The PROFILE name has the form
e9cf7079
MW
383 ## [USER:]LABEL; USER defaults to OWNER. Properties are set using
384 ## `setprops' with prefix `kprop_'.
c47f2aba
MW
385
386 reqtmp
387 case "$profile" in
388 :*)
389 label=${profile#:} uservp=nil
390 ;;
53263601 391 *)
e9cf7079 392 user=$kowner label=$profile uservp=t
c47f2aba
MW
393 ;;
394 *:*)
395 user=${profile%%:*} label=${profile#*:} uservp=t
396 ;;
397 esac
398 checkword "profile label" "$label"
399
400 ## Fetch the profile settings from the user.
401 reqtmp
402 case $uservp in
403 t)
404 checkword "profile user" "$user"
21a21fff 405 userv "$user" cryptop-profile "$label" >$tmp/profile </dev/null
c47f2aba
MW
406 ;;
407 nil)
b65e1f93 408 $bindir/extract-profile "$label" $ETC/profile.d/ >$tmp/profile
53263601
MW
409 ;;
410 esac
411
c47f2aba
MW
412 ## Read the file.
413 readprops $tmp/profile
53263601
MW
414}
415
c47f2aba
MW
416###--------------------------------------------------------------------------
417### General crypto operations.
418
419c_genkey () {
420 profile=$1 kdir=$2 knub=$3 hook=$4; shift 4
421 ## Generate a key, and associate it with the named PROFILE (which is
422 ## assumed already to have been read!); store the main data in KDIR, and
423 ## the nub separately in the file KNUB; run HOOK after generation, passing
424 ## it the working key directory and nub file. Remaining arguments are
425 ## options to the key type.
426
427 ## Set options and check them.
428 setprops "option" kopt_ "$@"
429 checkprops "option" kopt_ "$k_genopts"
430
431 ## Create directory structure and start writing metadata.
432 rm -rf "$kdir.new"
433 mkdir -m755 -p "$kdir.new"
89f8efd7 434 case "$knub" in */*) mkdir -m755 -p "${knub%/*}" ;; esac
c47f2aba
MW
435 cat >"$kdir.new/meta" <<EOF
436$profile
437EOF
53263601 438
c47f2aba 439 ## Generate the key.
28bb1ec3 440 (umask 077; makenub >"$knub.new")
c47f2aba
MW
441 k_generate "$kdir.new" "$knub.new"
442 $hook "$kdir.new" "$knub.new"
443
444 ## Hash the nub.
445 nubid <"$knub.new" >"$kdir.new/nubid"
446
447 ## Juggle everything into place. Doing this atomically is very difficult,
448 ## and requires more machinery than I can really justify here. If
449 ## something goes wrong halfway, it should always be possible to fix it,
450 ## either by backing out (if $kdir.new still exists) or pressing on
451 ## forwards (if not).
452 rm -rf "$kdir.old"
453 if [ -e "$kdir" ]; then mv "$kdir" "$kdir.old"; fi
454 mv "$kdir.new" "$kdir"
455 mv "$knub.new" "$knub"
456 rm -rf "$kdir.old"
53263601
MW
457}
458
c47f2aba
MW
459c_encrypt () { k_encrypt "$@"; }
460c_decrypt () {
461 if k_decrypt "$@" >$tmp/plain; then cat $tmp/plain
462 else return $?
463 fi
464}
465c_sign () { k_sign "$@"; }
466c_verify () { k_verify "$@"; }
467
468## Stub implementations.
469notsupp () { op=$1; echo >&2 "$quis: operation \`$op' not supported"; }
470k_info () { :; }
fff6c653 471k_import () { :; }
c47f2aba
MW
472k_encrypt () { notsupp encrypt; }
473k_decrypt () { notsupp decrypt; }
474k_sign () { notsupp sign; }
475k_verify () { notsupp verify; }
476
477prepare () {
478 key=$1 op=$2
479 ## Prepare for a crypto operation OP, using the KEY. This validates the
5cff41ea
MW
480 ## key label, reads the profile, and checks the access-control list. If OP
481 ## is `-' then allow the operation unconditionally.
c47f2aba
MW
482
483 ## Find the key properties.
484 parse_keylabel "$key"
485 if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
486 readmeta $kdir
e9cf7079 487 read_profile $kowner "$profile"
c47f2aba
MW
488
489 ## Check whether we're allowed to do this thing. This is annoyingly
490 ## fiddly.
5cff41ea 491 case $op in -) return ;; esac
c47f2aba
MW
492 eval acl=\${kprop_acl_$op-!owner}
493 verdict=forbid
494 while :; do
495
496 ## Remove leading whitespace.
497 while :; do
498 case "$acl" in
499 [[:space:]]*) acl=${acl#?} ;;
500 *) break ;;
501 esac
502 done
503
504 ## If there's nothing left, leave.
505 case "$acl" in ?*) ;; *) break ;; esac
506
507 ## Split off the leading word.
508 case "$acl" in
509 *[[:space:]]*) word=${acl%%[[:space:]]*} acl=${acl#*[[:space:]]} ;;
510 *) word=$acl acl="" ;;
511 esac
512
513 ## See what sense it has if it matches.
514 case "$word" in
515 -*) sense=forbid rest=${word#-} ;;
516 *) sense=allow rest=$word ;;
517 esac
518
519 ## See whether the calling user matches.
520 case "$rest" in
521 !owner) pat=$kowner list=$USERV_USER ;;
522 !*) echo >&2 "$quis: unknown ACL token \`$word'" ;;
523 %*) pat=${rest#%} list="$USERV_GROUP $USERV_GID" ;;
524 *) pat=$rest list="$USERV_USER $USERV_UID" ;;
525 esac
526 matchp=nil
527 for i in $list; do case "$i" in $pat) matchp=t; break ;; esac; done
528 case $matchp in t) verdict=$sense; break ;; esac
529 done
530
531 case $verdict in
68023101 532 forbid) echo >&2 "$quis: $op access to key \`$key' forbidden"; exit 1 ;;
c47f2aba 533 esac
53263601
MW
534}
535
c47f2aba
MW
536###--------------------------------------------------------------------------
537### Crypto operations for infrastructure purposes.
538
539c_sysprofile () {
540 profile=$1
541 ## Select the profile in FILE for future crypto operations.
53263601 542
c47f2aba
MW
543 unset $(set | sed -n '/^kprop_/s/=.*$//p')
544 reqtmp
545 getsysprofile "$profile" >$tmp/profile
546 readprops $tmp/profile
53263601
MW
547}
548
c47f2aba
MW
549c_gensyskey () {
550 profile=$1 kdir=$2 knub=$3; shift 3
551 ## Generate a system key using PROFILE; store the data in KDIR and the nub
552 ## in KNUB. Remaining arguments are options.
53263601 553
c47f2aba
MW
554 c_sysprofile "$profile"
555 c_genkey "$profile" "$kdir" "$knub" : "$@"
53263601
MW
556}
557
c47f2aba
MW
558c_sysprepare () {
559 kdir=$1
560 readmeta "$kdir"
561 c_sysprofile "$profile"
562}
599c8f75 563
c47f2aba
MW
564c_sysop () {
565 op=$1 kdir=$2; shift 1
566 c_sysprepare "$kdir"
567 c_$op "$@"
599c8f75
MW
568}
569
c47f2aba
MW
570c_sysencrypt () { c_sysop encrypt "$1" /dev/null; }
571c_sysdecrypt () { c_sysop decrypt "$1" "$2"; }
572c_syssign () { c_sysop sign "$1" "$2"; }
573c_sysverify () { c_sysop verify "$1" /dev/null; }
574
575###--------------------------------------------------------------------------
576### Recovery operations.
577
2661d8aa
MW
578sharethresh () {
579 pf=$1
580 ## Return the sharing threshold from the parameter file PARAM.
581
582 read param <"$pf"
583 case "$param" in
584 shamir-params:*) ;;
585 *)
586 echo >&2 "$quis: secret sharing parameter file damaged (wrong header)"
587 exit 1
588 ;;
589 esac
590 t=";${param#*:}"
591 case "$t" in
592 *";t="*) ;;
593 *)
594 echo >&2 "$quis: secret sharing parameter file damaged (missing t)"
595 exit 1
596 ;;
597 esac
598 t=${t#*;t=}
599 t=${t%%;*}
600 echo "$t"
601}
602
c47f2aba
MW
603stash () {
604 recov=$1 label=$2
605 ## Stash a copy of stdin encrypted under the recovery key RECOV, with a
606 ## given LABEL.
607 checkword "recovery key label" "$recov"
608 checklabel "secret" "$label"
609
610 rdir=$KEYS/recov/$recov/current
611 if [ ! -d $rdir/store ]; then
612 echo >&2 "$quis: unknown recovery key \`$recov'"
613 exit 1
614 fi
615 case $label in */*) mkdir -m755 -p $rdir/${label%/*} ;; esac
616 (c_sysencrypt $rdir/store >$rdir/$label.new)
617 mv $rdir/$label.new $rdir/$label.recov
618}
599c8f75 619
c47f2aba 620recover () {
ae0eb898 621 recov=$1 inst=$2 label=$3
c47f2aba
MW
622 ## Recover a stashed secret, protected by RECOV and stored as LABEL, and
623 ## write it to stdout.
624 checkword "recovery key label" "$recov"
ae0eb898 625 checkword "recovery instance" "$inst"
c47f2aba
MW
626 checklabel "secret" "$label"
627
ae0eb898 628 rdir=$KEYS/recov/$recov/$inst
c47f2aba 629 if [ ! -f $rdir/$label.recov ]; then
1581d63e 630 echo >&2 "$quis: recovery key \`$recov/$inst' has no blob for \`$label'"
c47f2aba
MW
631 exit 1
632 fi
633 reqsafe
ae0eb898
MW
634 tag=$recov.$inst
635 nub=$SAFE/keys.reveal/$tag/nub
c47f2aba 636 if [ ! -f $nub ]; then
1581d63e 637 echo >&2 "$quis: recovery key \`$recov/$inst' not revealed"
c47f2aba
MW
638 exit 1;
639 fi
640 mktmp
641 c_sysdecrypt $rdir/store $nub <$rdir/$label.recov
599c8f75
MW
642}
643
53263601
MW
644###--------------------------------------------------------------------------
645### Help text.
646
c47f2aba
MW
647defhelp () {
648 read umsg
865fd3f4 649 usage=$umsg
c47f2aba
MW
650 help=$(cat)
651 case "$KEYS_HELP" in t) help; exit ;; esac
53263601
MW
652}
653
53263601
MW
654help () { showhelp; }
655showhelp () {
656 cat <<EOF
865fd3f4 657Usage: $quis${usage:+ $usage}
53263601
MW
658
659$help
660EOF
661}
662
865fd3f4
MW
663usage () {
664 : ${cmdargs=$usage}
665 echo "usage: $quis${cmdname:+ $cmdname}${cmdargs:+ $cmdargs}"
666}
667usage_err () { usage >&2; exit 1; }
c47f2aba
MW
668
669###--------------------------------------------------------------------------
670### Subcommand handling.
671
672version () {
1d0c984e 673 echo "$quis, $PACKAGE version $VERSION"
c47f2aba
MW
674}
675
865fd3f4
MW
676unset cmdargs
677unset cmdname
678cmds=""
679defcmd () {
680 cmd=$1; shift; args=$*
681 help=$(cat)
682 eval help_$cmd=\$help
683 cmds="${cmds:+$cmds
684}$cmd $args"
685}
686
687defcmd help "[COMMAND ...]" <<EOF
688Show help about the COMMANDs, or about $quis if none are named.
689EOF
c47f2aba
MW
690cmd_help () {
691 rc=0
692 version
693 case $# in
694 0)
695 cat <<EOF
696
865fd3f4 697Usage: $quis${usage:+ $usage}
c47f2aba
MW
698
699Options:
700 -h Show this help text.
701 -v Show the program version number.
702
865fd3f4 703Commands provided:
c47f2aba 704EOF
865fd3f4
MW
705 while read cmd args; do echo " $cmd${args:+ $args}"; done <<EOF
706$cmds
707EOF
708 case ${prefix+t} in
709 t)
710 cd $KEYSLIB
711 for i in $prefix.*; do
712 if [ ! -x "$i" ]; then continue; fi
713 sed -n "/<<HELP/{n;s/^/ ${i#$prefix.} /;p;q;}" "$i"
714 done
715 ;;
716 esac
c47f2aba
MW
717 ;;
718 *)
865fd3f4 719 for cmd in "$@"; do
c47f2aba 720 echo
865fd3f4
MW
721 foundp=nil
722 while read cmdname cmdargs; do
723 case $cmdname in "$cmd") foundp=t; break ;; esac
724 done <<EOF
725$cmds
726EOF
727 case $foundp in
728 t)
0bc47568 729 usage; echo
865fd3f4
MW
730 eval help=\$help_$cmdname; echo "$help"
731 ;;
732 nil)
733 if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then
734 echo >&2 "$quis: unrecognized command \`$cmd'"
735 rc=1
736 continue
737 elif ! KEYS_HELP=t "$KEYSLIB/$prefix.$cmd"; then
738 rc=1
739 fi
740 ;;
741 esac
c47f2aba
MW
742 done
743 ;;
744 esac
745 return $rc
746}
747
748dispatch () {
865fd3f4 749 case $# in 0) usage_err ;; esac
c47f2aba 750 cmd=$1; shift
865fd3f4
MW
751 foundp=nil
752 while read cmdname cmdargs; do
753 case $cmdname in "$cmd") foundp=t; break ;; esac
754 done <<EOF
755$cmds
756EOF
757 case $foundp in
758 t)
759 OPTIND=1
760 cmd_$cmdname "$@"
761 ;;
762 nil)
763 if [ ! -x "$KEYSLIB/$prefix.$cmd" ]; then
764 echo >&2 "$quis: unrecognized command \`$cmd'"
765 exit 1
766 fi
767 unset KEYS_HELP
768 exec "$KEYSLIB/$prefix.$cmd" "$@"
769 ;;
770 esac
c47f2aba
MW
771}
772
53263601 773###----- That's all, folks --------------------------------------------------