From 977f8c87c92c976a1e017f585079f1035ccc6368 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakobus=20Sch=C3=BCrz?= <jakobus.schuerz@bmi.gv.at>
Date: Thu, 15 Jun 2023 11:15:05 +0200
Subject: [PATCH] better tokenhandling

---
 bin/startagent | 24 +++++++++++++++++-------
 1 file changed, 17 insertions(+), 7 deletions(-)

diff --git a/bin/startagent b/bin/startagent
index caa0aca..37c014f 100755
--- a/bin/startagent
+++ b/bin/startagent
@@ -42,17 +42,17 @@ EOF
 }
 
 check_token(){
-    loginfo "a P11M: ${P11M}"
+    loginfo "a P11M:          ${P11M}"
     loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
 
     [ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
-    loginfo "b P11M: ${P11M}"
+    loginfo "b P11M:          ${P11M}"
     loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
     # it's the same as "token" in functions.sh
     # defined here also, to work also in environments, where functions.sh couldn't be sourced
     [ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
 
-    loginfo "c P11M: ${P11M}"
+    loginfo "c P11M:          ${P11M}"
     loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
     # If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
     # So remember and unset DISPLAY, and set it at the end again, if it was set before
@@ -63,11 +63,21 @@ check_token(){
     # Write public keys of all in agent stored keys to a temporary file
     local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
     logtrace "tmppubkey: $tmppubkey"
-    ssh-add -L > $tmppubkey || return $?
-    # Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token. 
-    loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
+    logdebug "C"
+    tmpIFS="${IFS}"
+    IFS=$'\n'
+    for tmppk in $(ssh-add -L)
+    do
+        printf "%s" "$tmppk" |tee "${tmppubkey}" || return $?
+        #echo "${tmppk}" > $tmppubkey || return $?
+        #ssh-add -L > $tmppubkey || return $?
+        # Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token. 
+        loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
+        logdebug "$(ssh-add -l )"
+    done
     logdebug "$(rm "${tmppubkey}")"
-    logdebug "$(ssh-add -l )"
+    IFS=$tmpIFS
+    unset tmpIFS
     [ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
     [ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG