better tokenhandling

This commit is contained in:
Jakobus Schürz 2023-06-15 11:15:05 +02:00 committed by Jakobus Schürz
parent 210a838a31
commit 977f8c87c9

View file

@ -42,17 +42,17 @@ EOF
} }
check_token(){ check_token(){
loginfo "a P11M: ${P11M}" loginfo "a P11M: ${P11M}"
loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}" loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
[ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M} [ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
loginfo "b P11M: ${P11M}" loginfo "b P11M: ${P11M}"
loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}" loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
# it's the same as "token" in functions.sh # it's the same as "token" in functions.sh
# defined here also, to work also in environments, where functions.sh couldn't be sourced # defined here also, to work also in environments, where functions.sh couldn't be sourced
[ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; } [ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
loginfo "c P11M: ${P11M}" loginfo "c P11M: ${P11M}"
loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}" loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work # If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
# So remember and unset DISPLAY, and set it at the end again, if it was set before # So remember and unset DISPLAY, and set it at the end again, if it was set before
@ -63,11 +63,21 @@ check_token(){
# Write public keys of all in agent stored keys to a temporary file # Write public keys of all in agent stored keys to a temporary file
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)" local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
logtrace "tmppubkey: $tmppubkey" logtrace "tmppubkey: $tmppubkey"
ssh-add -L > $tmppubkey || return $? logdebug "C"
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token. tmpIFS="${IFS}"
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )" IFS=$'\n'
for tmppk in $(ssh-add -L)
do
printf "%s" "$tmppk" |tee "${tmppubkey}" || return $?
#echo "${tmppk}" > $tmppubkey || return $?
#ssh-add -L > $tmppubkey || return $?
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
logdebug "$(ssh-add -l )"
done
logdebug "$(rm "${tmppubkey}")" logdebug "$(rm "${tmppubkey}")"
logdebug "$(ssh-add -l )" IFS=$tmpIFS
unset tmpIFS
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG" [ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG [ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG