keys.new-keeper: Use `$quis' in errors, rather than `$0'.

[distorted-keys] / keyfunc.sh.in

diff --git a/keyfunc.sh.in b/keyfunc.sh.in
index 5b6320e..6316816 100644 (file)
--- a/keyfunc.sh.in
+++ b/keyfunc.sh.in
@@ -129,6 +129,17 @@ parse_keylabel () {
   knub=$KEYS/nub/$kowner/$klabel
 }
 
+runas () {
+  user=$1 service=$2; shift 2
+  ## If the current (effective) user is not USER then reinvoke via `userv',
+  ## as the specified service, with the remaining arguments.
+
+  case $(id -un) in
+    "$user") ;;
+    *) exec userv "$user" "$service" "$@" ;;
+  esac
+}
+
 ###--------------------------------------------------------------------------
 ### Input validation functions.
 
@@ -144,7 +155,7 @@ check () {
   validp=t
   case "$thing" in
     *"$nl"*) validp=nil ;;
-    *) if ! expr >/dev/null "$thing" : "$ckpat\$"; then validp=nil; fi ;;
+    *) if ! expr >/dev/null "Q$thing" : "Q$ckpat\$"; then validp=nil; fi ;;
   esac
   case $validp in
     nil) echo >&2 "$quis: bad $ckwhat \`$thing'"; exit 1 ;;
@@ -153,10 +164,13 @@ check () {
 
 ## Regular expressions for validating input.
 R_IDENTCHARS="A-Za-z0-9_"
-R_WORDCHARS="-$R_IDENTCHARS!%@+="
+R_GOODPUNCT="!%@+="
+R_WORDCHARS="-$R_IDENTCHARS$R_GOODPUNCT"
 R_IDENT="[$R_IDENTCHARS][$R_IDENTCHARS]*"
 R_WORD="[$R_WORDCHARS][$R_WORDCHARS]*"
+R_ACLCHARS="][$R_IDENTCHARS$R_GOODPUNCT*?:.#"
 R_WORDSEQ="[$R_WORDCHARS[:space:]][$R_WORDCHARS[:space:]]*"
+R_ACL="[$R_ACLCHARS[:space:]-][$R_ACLCHARS[:space:]-]*"
 R_NUMERIC='\(\([1-9][0-9]*\)\{0,1\}0\{0,1\}\)'
 R_LABEL="\($R_WORD\(/$R_WORD\)*\)"
 R_LINE=".*"
@@ -241,6 +255,11 @@ random                     t       $R_WORD
 nub_hash               t       $R_WORD
 nubid_hash             t       $R_WORD
 nub_random_bytes       t       $R_NUMERIC
+acl_encrypt            t       $R_ACL
+acl_decrypt            t       $R_ACL
+acl_sign               t       $R_ACL
+acl_verify             t       $R_ACL
+acl_info               t       $R_ACL
 EOF
 
 readprops () {
@@ -339,9 +358,10 @@ subst () {
 }
 
 read_profile () {
-  profile=$1
+  owner=$1 profile=$2
   ## Read property settings from a profile.  The PROFILE name has the form
-  ## [USER:]LABEL.  Properties are set using `setprops' with prefix `kprop_'.
+  ## [USER:]LABEL; USER defaults to OWNER.  Properties are set using
+  ## `setprops' with prefix `kprop_'.
 
   reqtmp
   case "$profile" in
@@ -349,7 +369,7 @@ read_profile () {
       label=${profile#:} uservp=nil
       ;;
     *)
-      user=$USERV_USER label=$profile uservp=t
+      user=$kowner label=$profile uservp=t
       ;;
     *:*)
       user=${profile%%:*} label=${profile#*:} uservp=t
@@ -443,7 +463,7 @@ prepare () {
   parse_keylabel "$key"
   if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
   readmeta $kdir
-  read_profile "$profile"
+  read_profile $kowner "$profile"
 
   ## Check whether we're allowed to do this thing.  This is annoyingly
   ## fiddly.