change some functions
This commit is contained in:
parent
edcf7e15b3
commit
ddc89dca6c
1 changed files with 30 additions and 176 deletions
206
functions.sh
206
functions.sh
|
@ -681,6 +681,7 @@ utoken () {
|
||||||
|
|
||||||
token () {
|
token () {
|
||||||
|
|
||||||
|
[ -z "${SSH_ADD_OPTIONS+x}" ] && { SSH_ADD_OPTIONS=${SSH_ADD_DEFAULT_OPTIONS}; export SSH_ADD_OPTIONS; }
|
||||||
local FORCE
|
local FORCE
|
||||||
local ssh_identity
|
local ssh_identity
|
||||||
FORCE=false
|
FORCE=false
|
||||||
|
@ -702,99 +703,29 @@ token () {
|
||||||
if [ -n "${ssh_identity+x}" ]; then
|
if [ -n "${ssh_identity+x}" ]; then
|
||||||
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
|
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
|
||||||
if [ -e "$agentfile" ]; then
|
if [ -e "$agentfile" ]; then
|
||||||
local SSH_AUTH_SOCK
|
fingerprints=( $(ssh-runinagent $agentfile "ssh-add -l|awk '{print \$2}'") )
|
||||||
local SSH_AGENT_PID
|
tokenfingerprint="$(ssh-keygen -l -D $PKCS11_MODULE|tr -s ' '|awk '{print $2}')"
|
||||||
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; ssh-add -l; ssh-add -e $PKCS11_MODULE; ssh-add -l"
|
|
||||||
fi
|
echo fingerprints ${fingerprints[*]}
|
||||||
fi
|
echo -n "${tokenfingerprint}: "
|
||||||
|
if [[ ${fingerprints[*]} =~ $tokenfingerprint ]]; then
|
||||||
echo SSH_AUTH_SOCK: $SSH_AUTH_SOCK
|
echo "loaded"
|
||||||
echo SSH_AGENT_PID: $SSH_AGENT_PID
|
if $FORCE; then
|
||||||
export SSH_AUTH_SOCK SSH_AGENT_PID
|
echo "remove token and readd it again" >&2
|
||||||
ssh-add -l
|
ssh-runinagent $agentfile ssh-add -e $PKCS11_MODULE
|
||||||
fingerprints=( $(ssh-add -l|awk '{print $2}') )
|
ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s $PKCS11_MODULE
|
||||||
tokenfingerprint="$(ssh-keygen -l -D $PKCS11_MODULE|tr -s ' '|awk '{print $2}')"
|
fi
|
||||||
|
|
||||||
echo fingerprints ${fingerprints[*]}
|
|
||||||
echo -n "${tokenfingerprint}: "
|
|
||||||
if [[ ${fingerprints[*]} =~ $tokenfingerprint ]]; then
|
|
||||||
echo "loaded"
|
|
||||||
$FORCE && { \
|
|
||||||
ssh-add -e $PKCS11_MODULE; \
|
|
||||||
ssh-add -s $PKCS11_MODULE; \
|
|
||||||
}
|
|
||||||
else
|
|
||||||
echo "not loaded"
|
|
||||||
$FORCE && ssh-add -e $PKCS11_MODULE
|
|
||||||
ssh-add -s $PKCS11_MODULE
|
|
||||||
fi
|
|
||||||
|
|
||||||
return
|
|
||||||
|
|
||||||
ssh-add -l 2>/dev/null
|
|
||||||
if [ "$?" == 2 ]; then
|
|
||||||
test -r ~/.ssh-agent && \
|
|
||||||
echo "create new ssh-agent" >&2
|
|
||||||
eval "$(<~/.ssh-agent)" >&2
|
|
||||||
#eval "$(<~/.ssh-agent)" >/dev/null
|
|
||||||
|
|
||||||
ssh-add -l 2>/dev/null
|
|
||||||
if [ "$?" == 2 ]; then
|
|
||||||
echo "create new ssh-agent and load env for it" >&2
|
|
||||||
(umask 066; ssh-agent > ~/.ssh-agent)
|
|
||||||
eval "$(<~/.ssh-agent)" >&2
|
|
||||||
#eval "$(<~/.ssh-agent)" >/dev/null
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
:
|
|
||||||
fi
|
|
||||||
|
|
||||||
ssh-add -l 2>/dev/null
|
|
||||||
#ssh-add -l & >&2
|
|
||||||
if [ "$?" == 0 ]; then
|
|
||||||
# Remove and add again $PKCS11_MODULE
|
|
||||||
ssh-add -e $PKCS11_MODULE
|
|
||||||
ssh-add -s $PKCS11_MODULE
|
|
||||||
if [ "$?" == 0 ]; then
|
|
||||||
test -n "${SSH_AUTH_SOCK+x}"
|
|
||||||
if [ "$?" == 0 ] ; then
|
|
||||||
SSH_AGENT_PID=$(sudo fuser $SSH_AUTH_SOCK | sed 's/ *//')
|
|
||||||
test -n "${SSH_AGENT_PID+x}"
|
|
||||||
if [ "$?" == 0 ]; then
|
|
||||||
SSH_AUTH_SOCK=${SSH_AUTH_SOCK}; export SSH_AUTH_SOCK;
|
|
||||||
SSH_AGENT_PID=${SSH_AGENT_PID}; export SSH_AGENT_PID;
|
|
||||||
cat << EOF > ~/.ssh-agent
|
|
||||||
SSH_AUTH_SOCK=${SSH_AUTH_SOCK}; export SSH_AUTH_SOCK;
|
|
||||||
SSH_AGENT_PID=${SSH_AGENT_PID}; export SSH_AGENT_PID;
|
|
||||||
echo Auth socket ${SSH_AUTH_SOCK};
|
|
||||||
echo Agent pid ${SSH_AGENT_PID};
|
|
||||||
EOF
|
|
||||||
else
|
else
|
||||||
SSH_AUTH_SOCK=${SSH_AUTH_SOCK}; export SSH_AUTH_SOCK;
|
echo "not loaded"
|
||||||
cat << EOF > ~/.ssh-agent
|
$FORCE && ssh-runinagent $agentfile ssh-add -e $PKCS11_MODULE
|
||||||
SSH_AUTH_SOCK=${SSH_AUTH_SOCK}; export SSH_AUTH_SOCK;
|
ssh-runinagent $agentfile ssh-add ${SSH_ADD_OPTIONS} -s $PKCS11_MODULE
|
||||||
echo Auth socket ${SSH_AUTH_SOCK};
|
|
||||||
echo Agent pid not known;
|
|
||||||
EOF
|
|
||||||
fi
|
fi
|
||||||
|
return 0
|
||||||
fi
|
fi
|
||||||
#eval "\$(<~/.ssh-agent)"
|
return 1
|
||||||
else
|
|
||||||
echo "Token not unlocked"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
return 2
|
||||||
# cat << EOF
|
|
||||||
#
|
|
||||||
#Now run
|
|
||||||
#
|
|
||||||
# eval "\$(<~/.ssh-agent)"
|
|
||||||
#
|
|
||||||
#EOF
|
|
||||||
|
|
||||||
else
|
|
||||||
echo "not able to create ssh-agent"
|
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
#EOF
|
#EOF
|
||||||
|
|
||||||
|
@ -832,104 +763,27 @@ token-list-objects() {
|
||||||
|
|
||||||
loadagent() {
|
loadagent() {
|
||||||
local af
|
local af
|
||||||
af=$(ssh-agent-start-or-restart $1)
|
af=$(ssh-agent-start-or-restart $1 2>/dev/null)
|
||||||
echo $af
|
echo $af
|
||||||
eval $(<$af)
|
# eval $(<$af)
|
||||||
}
|
. $af
|
||||||
|
|
||||||
ssh-loadagent () {
|
|
||||||
|
|
||||||
# TODO: create agent if not running
|
|
||||||
cat << EOF
|
|
||||||
SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}
|
|
||||||
SSH_AGENT_PID: ${SSH_AGENT_PID}
|
|
||||||
---------------------------------------------
|
|
||||||
EOF
|
|
||||||
ssh_identity=${1-default}
|
|
||||||
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
|
|
||||||
echo agentfile: $agentfile
|
|
||||||
|
|
||||||
if [ -n "${ssh_identity+x}" ]; then
|
|
||||||
if [ -e "$agentfile" ]; then
|
|
||||||
. $agentfile
|
|
||||||
if ssh-add -l >/dev/null ;then
|
|
||||||
echo agent is running
|
|
||||||
else
|
|
||||||
echo create new agent
|
|
||||||
mkdir -p "$(dirname $agentfile)"
|
|
||||||
ssh-agent > "$agentfile"
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo create new agent
|
|
||||||
mkdir -p "$(dirname $agentfile)"
|
|
||||||
ssh-agent > "$agentfile"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
eval $(<$agentfile)
|
|
||||||
|
|
||||||
cat << EOF
|
|
||||||
SSH_AUTH_SOCK: ${SSH_AUTH_SOCK}
|
|
||||||
SSH_AGENT_PID: ${SSH_AGENT_PID}
|
|
||||||
---------------------------------------------
|
|
||||||
Show loaded keys from current ssh-agent
|
|
||||||
EOF
|
|
||||||
ssh-add -l
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ssh-runinagent () {
|
ssh-runinagent () {
|
||||||
|
|
||||||
local agentfile
|
local agentfile
|
||||||
local command
|
local command
|
||||||
agentfile=${1-default}
|
agentfile=${1}
|
||||||
command=${2}
|
shift
|
||||||
|
sshcommand=${@}
|
||||||
|
|
||||||
if [ -n "${ssh_identity+x}" ]; then
|
echo "run command »$sshcommand« in agent $agentfile" >&2
|
||||||
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
|
if [ -e "$agentfile" ]; then
|
||||||
if [ -e "$agentfile" ]; then
|
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; . $agentfile >/dev/null 2>/dev/null; $sshcommand"
|
||||||
local SSH_AUTH_SOCK
|
return $?
|
||||||
local SSH_AGENT_PID
|
|
||||||
/bin/sh -c ". $agentfile >/dev/null 2>/dev/null; $command"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
agent-start-or-restart () {
|
|
||||||
|
|
||||||
local ssh_identity
|
|
||||||
local agentfile
|
|
||||||
local agentsocket
|
|
||||||
|
|
||||||
if [ -n "${1+x}" ]; then
|
|
||||||
ssh_identity="$1"
|
|
||||||
agentfile="${HOME}/.ssh/agents/agent-${ssh_identity}-$(hostname)"
|
|
||||||
agentsocket="${HOME}/.ssh/agents/socket-${ssh_identity}-$(hostname)"
|
|
||||||
echo ssh-identity: $ssh_identity >&2
|
|
||||||
if [ -e $agentsocket ]; then
|
|
||||||
|
|
||||||
/bin/sh -c ". $agentfile >/dev/null 2>&1; ssh-add -l >&2; exit $?"
|
|
||||||
if [ $? -eq 2 ]; then
|
|
||||||
echo agent is not running >&2
|
|
||||||
rm "$agentsocket"
|
|
||||||
ssh-agent -a $agentsocket > $agentfile 2>/dev/null
|
|
||||||
else
|
|
||||||
echo agent is running >&2
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
echo agent is not running \(2\) >&2
|
|
||||||
ssh-agent -a $agentsocket > $agentfile 2>/dev/null
|
|
||||||
echo agent startet \(2\) >&2
|
|
||||||
|
|
||||||
fi
|
|
||||||
echo -n "agent for $ssh_identity: ">&2
|
|
||||||
echo $agentfile
|
|
||||||
return 0
|
|
||||||
else
|
else
|
||||||
echo no identity given - exit >&2
|
echo "agentfile not existent" >&2
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue