Upgrade this to V1.1:

- Add support for handling different usernames
- Add file-format support for different ports.  There is so far no way to
  specify a different port, but the "database" for safesh will not need to
  change to accomodate it.

Note that this is NOT compatible with the naming conventions used in 1.0;
as 1.0 was available for 55 minutes yesterday before being marked as
BROKEN, I hope nobody was too much inconvenienced.

3 files changed, 54 insertions, 35 deletions

diff --git a/security/safesh/Makefile b/security/safesh/Makefile
index 47068e25a168..1f3c0403665d 100644
--- a/security/safesh/Makefile
+++ b/security/safesh/Makefile
@@ -8,15 +8,13 @@
 #
 
 PORTNAME=	safesh
-PORTVERSION=	1.0
+PORTVERSION=	1.1
 CATEGORIES=	security
 MASTER_SITES=	# none
 DISTFILES=	# none
 
 MAINTAINER=	eivind@FreeBSD.org
 
-BROKEN="Incompatible upgrade coming shortly"
-
 NO_BUILD=	yes
 NO_WRKSUBDIR=	yes
 
diff --git a/security/safesh/src/safesh.1 b/security/safesh/src/safesh.1
index d9f3fcff059a..ab599b824892 100644
--- a/security/safesh/src/safesh.1
+++ b/security/safesh/src/safesh.1
@@ -53,10 +53,10 @@ When run,
 .It
 Normalizes the hostname you are talking about, using the $HOME/.safesh/map file.
 .It
-Checks if the host has an ssh dsa key in $HOME/.safesh, and creates one using 
+Checks if the user and host has an ssh dsa key in $HOME/.safesh, and creates one using 
 .Xr ssh-keygen 1
 if it does not.
-The DSA key is stored in $HOME/.safesh/$HOST/dsa_id.
+The DSA key is stored in $HOME/.safesh/$USER@$HOST-$PORT/dsa_id.
 You will be asked for a passphrase when the key is created.
 Note that if you use the same passphrase for all
 .Nm
@@ -69,7 +69,7 @@ Checks if you have the
 for this host running, and starts it if not.
 .It
 Checks what keys you are supposed to have active when connecting to this host
-(the key for the host and any keys listed in $HOME/.safesh/$HOST/extra_keys),
+(the key for the host and any keys listed in $HOME/.safesh/$USER@$HOST-$PORT/extra_keys),
 and which of these are missing from the active agent.
 .It
 If any identities were missing from the agent, it executes
@@ -78,7 +78,7 @@ to add them to the agent.
 .It
 Executes
 .Xr ssh 1
-with either $HOST or the extra command line supplied by the user.
+with either $USER@$HOST or the extra command line supplied by the user.
 .El
 
 .Sh BASIC CONCEPT DESCRIPTION
@@ -100,9 +100,6 @@ do authentication forwarding to it.
 .Bl -tag -width "$HOME/.safesh" -compact
 .It Pa $HOME
 is replaced with the path your home directory,
-$HOST is replaced with the name of the host you are
-.Xr ssh 1 ing
-to,
 .It Pa $HOST
 is replaced with the name of the host you are running
 .Nm
@@ -131,6 +128,18 @@ $AUTHTARGET is a machine you are
 to
 .Pa from
 $HOST.
+The format of $AUTHTARGET is <user>@<somehost>-<someport>, where <user>
+defaults to the username you run
+.Nm
+as, and <someport> default to 22 (and it is not possible to set anything
+else at this time.)
+.It Pa $USER
+is replaced with The username used on $HOST; defaults to the same as the
+username you have on $YOURHOST, but will be different if you do safesh
+user@host instead of just safesh host.
+.It Pa $PORT
+The port used on $HOST.
+Presently always 22.
 .El
 
 .Sh FILES
@@ -142,7 +151,7 @@ Directory containing information for
 .It Pa $HOME/.safesh/map
 Mapping file for
 .Nm ,
-describing how to map names to their canonical form.
+describing how to map host names to their canonical form.
 This is usually used to map short names to their long form.
 The format of the file is one mapping per line, what it is mapped from as the
 first word, what it is mapped to as the second.
@@ -152,26 +161,26 @@ the name of the host as the first parameter, and the name of the host with a
 period (.) at the end as the second parameter.
 E.g, "freefall.freebsd.org freefall.freebsd.org."
 
-.It Pa $HOME/.safesh/$HOST/
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/
 Directory with data for a particular hostname.
 Automatically generated on first connect to a host with
 .Nm .
 
-.It Pa $HOME/.safesh/$HOST/dsa_id
-Private key for use against $HOST.
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id
+Private key for use to authenticate as $USER@$HOST.
 Automatically generated on first connect to a host with
 .Nm .
 
-.It Pa $HOME/.safesh/$HOST/dsa_id.pub
-Public key for use by $HOST.
-To connect to $HOST using 
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/dsa_id.pub
+Public key for use by $HOST to authenticate $USER.
+To connect to $HOST as $USER using 
 .Nm
 without giving a password, add the contents of this file
 to the end of $HOME/.ssh/authorized_keys2.
 Automatically generated on first connect to a host with
 .Nm .
 
-.It Pa $HOME/.safesh/$HOST/$AUTHTARGET
+.It Pa $HOME/.safesh/$USER@$HOST-$PORT/$AUTHTARGET
 Private key for use when $HOST authenticates towards $AUTHTARGET.
 This is used in preference to $HOME/.safesh/$AUTHTARGET/dsa_id for authentication
 forwarding through $HOST to $AUTHTARGET.
@@ -202,17 +211,20 @@ Public key corresponding to the private key described above.
 
 .It Pa $HOME/.safesh/$HOST/extra_keys
 List of extra keys to make available for this host.
-Each line in the file is first attempted matched against the host database in
-$HOME/.safesh/.
-If a key exists here, 
+Each line in the file is first attempted matched against the host/user/port
+database in $HOME/.safesh/.
+Username and/or port is added if just the hostname is specified extra_keys, and
+the hostname is always normalized using the map file.
+If a key exists in $HOME/.safesh/, 
 .Nm
 attempts to add that.
-Otherwise, it first tries to look for a file of this name relative to /, then
+Otherwise, it first tries to look for the line as a file relative to /, then
 relative to $HOME.
 If it does not find either of these,
 .Nm
 will exit with an error message.
-If it finds one, it will add it.
+If it finds one, it will add it using
+.Xr ssh-add 1 .
 
 .It Pa $HOME/.safesh/$HOST/activeagent-$YOURHOST.sh
 Bourne shell (see
diff --git a/security/safesh/src/safesh.sh b/security/safesh/src/safesh.sh
index d1a74a8e7a1c..bd7417964516 100644
--- a/security/safesh/src/safesh.sh
+++ b/security/safesh/src/safesh.sh
@@ -1,7 +1,12 @@
 #!/bin/sh
 
-HOST=$1
 AKEYS=${HOME}/.safesh/
+# Use username as supplied on the command line if user@host syntax is used,
+# otherwise use the presently active username
+USER=`whoami`
+USER=`echo $1 | sed  -e "/^[^@]*\$/s/.*/$USER/" -e "/@/s/\\(.*\\)@.*/\\1/"`
+# Use hostname as supplied on commandline, without username
+HOST=`echo $1 | sed -e 's/.*@//' | tr A-Z a-z`
 
 # MY eXit
 myx() {
@@ -31,17 +36,18 @@ fi
 #
 shift 2> /dev/null;
 
-if [ ! -d $AKEYS/$HOST ]; then
-	mkdir -p $AKEYS/$HOST || myx "Unable to create $AKEYS/$HOST"
+HOSTDIR=$AKEYS/$USER@${HOST}-22
+if [ ! -d $HOSTDIR ]; then
+	mkdir -p $HOSTDIR || myx "Unable to create $HOSTDIR"
 fi
 
-if [ ! -e $AKEYS/$HOST/id_dsa ]; then
-	ssh-keygen -t dsa -f $AKEYS/$HOST/id_dsa || myx "Unable to create $AKEYS/$HOST/id_dsa"
+if [ ! -e $HOSTDIR/id_dsa ]; then
+	ssh-keygen -t dsa -f $HOSTDIR/id_dsa || myx "Unable to create $HOSTDIR/id_dsa"
 fi
 
-# We now have a key in $AKEYS/$HOST/id_dsa
+# We now have a key in $HOSTDIR/id_dsa
 
-ACTIVEAGENT=$AKEYS/$HOST/activeagent-`hostname`
+ACTIVEAGENT=$HOSTDIR/activeagent-`hostname`
 if [ -e $ACTIVEAGENT.sh ]; then
 	. $ACTIVEAGENT.sh || myx "Unable to read $ACTIVEAGENT.sh"
 fi
@@ -59,10 +65,13 @@ fi
 # We now have a live agent, possibly without any keys in it
 
 
-for i in $HOST $(cat ${AKEYS}/$HOST/extra_keys 2> /dev/null); do
-	tmp=`normalizehost $i`
-	if [ -f $AKEYS/$HOST/$tmp ]; then
-		IDENTITY=$AKEYS/$HOST/$tmp
+for i in $USER@${HOST}-22 `cat $HOSTDIR/extra_keys 2> /dev/null`; do
+	tmpuser=`echo $i | sed  -e "/^[^@]*\$/s/.*/$USER/" -e "/@/s/\\(.*\\)@.*/\\1/"`
+	tmpport=`echo $i | sed -e '/-\([0-9][0-9]*\)/!s/$/-22/' -e 's/.*-\([0-9][0-9]*\)/\1/'`
+	tmphost=`echo $1 | sed -e 's/.*@\(.*\)//' -e 's/-[0-9][0-9]*$//' | tr A-Z a-z`
+	tmp=$USER@`normalizehost $tmphost`-$tmpport
+	if [ -f $HOSTDIR/$tmp ]; then
+		IDENTITY=$HOSTDIR/$tmp
 	elif [ -d $AKEYS/$tmp/ ]; then
 		if ! [ -f $AKEYS/$tmp/id_dsa -a -r $AKEYS/$tmp/id_dsa ]; then
 			myx "Missing key for $tmp"
@@ -88,7 +97,7 @@ if [ "${KEYLIST}" != "" ]; then
 fi
 
 if [ "$1" = "" ]; then
-	exec ssh $HOST
+	exec ssh $USER@$HOST
 else
 	exec ssh "$@"
 fi