better tokenhandling
This commit is contained in:
parent
210a838a31
commit
977f8c87c9
1 changed files with 17 additions and 7 deletions
|
@ -42,17 +42,17 @@ EOF
|
||||||
}
|
}
|
||||||
|
|
||||||
check_token(){
|
check_token(){
|
||||||
loginfo "a P11M: ${P11M}"
|
loginfo "a P11M: ${P11M}"
|
||||||
loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
|
loginfo "a PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||||
|
|
||||||
[ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
|
[ -n "${P11M:+x}" ] && export PKCS11_MODULE=${P11M}
|
||||||
loginfo "b P11M: ${P11M}"
|
loginfo "b P11M: ${P11M}"
|
||||||
loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
|
loginfo "b PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||||
# it's the same as "token" in functions.sh
|
# it's the same as "token" in functions.sh
|
||||||
# defined here also, to work also in environments, where functions.sh couldn't be sourced
|
# defined here also, to work also in environments, where functions.sh couldn't be sourced
|
||||||
[ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
|
[ -z "${PKCS11_MODULE:+x}" ] && { PKCS11_MODULE=$P11M; export PKCS11_MODULE; }
|
||||||
|
|
||||||
loginfo "c P11M: ${P11M}"
|
loginfo "c P11M: ${P11M}"
|
||||||
loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
|
loginfo "c PKCS11_MODULE: ${PKCS11_MODULE}"
|
||||||
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
|
# If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
|
||||||
# So remember and unset DISPLAY, and set it at the end again, if it was set before
|
# So remember and unset DISPLAY, and set it at the end again, if it was set before
|
||||||
|
@ -63,11 +63,21 @@ check_token(){
|
||||||
# Write public keys of all in agent stored keys to a temporary file
|
# Write public keys of all in agent stored keys to a temporary file
|
||||||
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
|
local tmppubkey="$(mktemp -p ${XDG_RUNTIME_DIR} pubkey.XXXXXX.pub)"
|
||||||
logtrace "tmppubkey: $tmppubkey"
|
logtrace "tmppubkey: $tmppubkey"
|
||||||
ssh-add -L > $tmppubkey || return $?
|
logdebug "C"
|
||||||
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
|
tmpIFS="${IFS}"
|
||||||
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
|
IFS=$'\n'
|
||||||
|
for tmppk in $(ssh-add -L)
|
||||||
|
do
|
||||||
|
printf "%s" "$tmppk" |tee "${tmppubkey}" || return $?
|
||||||
|
#echo "${tmppk}" > $tmppubkey || return $?
|
||||||
|
#ssh-add -L > $tmppubkey || return $?
|
||||||
|
# Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token.
|
||||||
|
loginfo "$(ssh-add -T ${tmppubkey}|| { ssh-add -e $PKCS11_MODULE; ssh-add -s $PKCS11_MODULE; } )"
|
||||||
|
logdebug "$(ssh-add -l )"
|
||||||
|
done
|
||||||
logdebug "$(rm "${tmppubkey}")"
|
logdebug "$(rm "${tmppubkey}")"
|
||||||
logdebug "$(ssh-add -l )"
|
IFS=$tmpIFS
|
||||||
|
unset tmpIFS
|
||||||
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
|
[ $DISPLAY_ORIG ] && logtrace "reset DISPLAY=$DISPLAY_ORIG"
|
||||||
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
|
[ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue