;;
esac
checkword "profile label" "$label"
-read_profile $profile
+read_profile $USERV_USER $profile
## Generate the key.
c_genkey $profile $kdir $knub genhook_recov "$@"
parse_keylabel "$key"
if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
checkword "recovery key label" "$recov"
+case $kowner in
+ $USERV_USER) ;;
+ *) echo >&2 "$quis: you're not the owner of key \`$key'"; exit 1 ;;
+esac
mktmp
nubid=$(cat $kdir/nubid)
readmeta $kdir
-read_profile "$profile"
+read_profile $kowner "$profile"
if [ -f $knub ]; then
nubbin=$(nubid <$knub)
case "$nubbin" in
}
read_profile () {
- profile=$1
+ owner=$1 profile=$2
## Read property settings from a profile. The PROFILE name has the form
- ## [USER:]LABEL. Properties are set using `setprops' with prefix `kprop_'.
+ ## [USER:]LABEL; USER defaults to OWNER. Properties are set using
+ ## `setprops' with prefix `kprop_'.
reqtmp
case "$profile" in
label=${profile#:} uservp=nil
;;
*)
- user=$USERV_USER label=$profile uservp=t
+ user=$kowner label=$profile uservp=t
;;
*:*)
user=${profile%%:*} label=${profile#*:} uservp=t
parse_keylabel "$key"
if [ ! -d $kdir ]; then echo >&2 "$quis: unknown key \`$key'"; exit 1; fi
readmeta $kdir
- read_profile "$profile"
+ read_profile $kowner "$profile"
## Check whether we're allowed to do this thing. This is annoyingly
## fiddly.