fix doubled agents
This commit is contained in:
Jakobus Schürz
parent
25a9657fd6
commit
e5350dc312
1 changed files with 65 additions and 30 deletions
|
|
@ -57,17 +57,23 @@ ssh_runinagent() {
|
||||||
|
|
||||||
local SSH_AUTH_SOCK
|
local SSH_AUTH_SOCK
|
||||||
local SSH_AGENT_PID
|
local SSH_AGENT_PID
|
||||||
|
local PKCS11_MODULE
|
||||||
local agentfile
|
local agentfile
|
||||||
local command
|
local command
|
||||||
local agentfile=${1}
|
local agentfile=${1}
|
||||||
shift
|
shift
|
||||||
local sshcommand=${@}
|
local sshcommand=${@}
|
||||||
|
|
||||||
|
logdebug "agentfile: ${agentfile}"
|
||||||
logtrace "run command »$sshcommand« in agent $agentfile"
|
logtrace "run command »$sshcommand« in agent $agentfile"
|
||||||
if [ -e "$agentfile" ]; then
|
if [ -e "$agentfile" ]; then
|
||||||
/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID; \
|
#/bin/sh -c "unset SSH_AUTH_SOCK SSH_AGENT_PID PKCS11_MODULE; eval $(<$agentfile) >/dev/null 2>&1; echo SSH_AUTH_SOCK ${SSH_AUTH_SOCK:-not set} >&2; $sshcommand"
|
||||||
. $agentfile >/dev/null 2>/dev/null; \
|
#unset SSH_AUTH_SOCK SSH_AGENT_PID PKCS11_MODULE
|
||||||
$sshcommand"
|
. $agentfile >&2
|
||||||
|
logdebug "SSH_AUTH_SOCK: ${SSH_AUTH_SOCK:-not set}"
|
||||||
|
logdebug "SSH_AGENT_PID: ${SSH_AGENT_PID:-not set}"
|
||||||
|
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||||
|
$sshcommand
|
||||||
ret=$?
|
ret=$?
|
||||||
else
|
else
|
||||||
logwarning "agentfile not existent"
|
logwarning "agentfile not existent"
|
||||||
|
|
@ -111,26 +117,35 @@ start_or_restart_local_agent() {
|
||||||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||||
for i in $(pgrep -f ${SSH_AUTH_SOCK})
|
for i in $(pgrep -f ${SSH_AUTH_SOCK})
|
||||||
do
|
do
|
||||||
|
logdebug "$(stat ${SSH_AUTH_SOCK})"
|
||||||
logdebug "found pid: $i"
|
logdebug "found pid: $i"
|
||||||
[ -n "${SSH_AGENT_PID:+x}" ] \
|
logdebug "is SSH_AGENT_PID set?" [ -n "${SSH_AGENT_PID:+x}" ]
|
||||||
&& [ $i -eq ${SSH_AGENT_PID} ] \
|
logdebug "is $SSH_AGENT_PID same as found pid $i:" [ $i -eq ${SSH_AGENT_PID} ]
|
||||||
|| { logwarning "kill unused ssh-agent with pid $i"; kill $i; }
|
${REMOTE_UNUSED_AGENTS:-false} && { [ -n "${SSH_AGENT_PID:+x}" ] && [ $i -eq ${SSH_AGENT_PID} ] || { logwarning "kill unused ssh-agent with pid $i"; kill $i; }; }
|
||||||
done
|
done
|
||||||
case $(pgrep -f ${SSH_AUTH_SOCK}|wc -l) in
|
if [ -e ${ssh_socketfile} ]
|
||||||
0)
|
then
|
||||||
logdebug "no ssh-agents for file ${ssh_socketfile}"
|
case $(pgrep -f ${SSH_AUTH_SOCK}|wc -l) in
|
||||||
ret=2
|
0)
|
||||||
;;
|
logdebug "no ssh-agents for file ${ssh_socketfile}"
|
||||||
1)
|
ret=3
|
||||||
logdebug "one running agent for file ${ssh_socketfile}. Use it"
|
;;
|
||||||
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -l 2>&1")"
|
1)
|
||||||
ret=$?
|
logdebug "one running agent for file ${ssh_socketfile}. Use it"
|
||||||
;;
|
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -v -l 2>&1")"
|
||||||
*)
|
ret=$?
|
||||||
logdebug "more than one ssh-agents for file ${ssh_socketfile}"
|
logdebug "SSH_AUTH_SOCK: $SSH_AUTH_SOCK"
|
||||||
return 3
|
;;
|
||||||
;;
|
*)
|
||||||
esac
|
logdebug "more than one ssh-agents for file ${ssh_socketfile}"
|
||||||
|
return 3
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
else
|
||||||
|
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||||
|
msg="$(ssh_runinagent $ssh_agentfile "ssh-add -v -l 2>&1")"
|
||||||
|
ret=$?
|
||||||
|
fi
|
||||||
logdebug "ret: $ret"
|
logdebug "ret: $ret"
|
||||||
#msg="$(ssh-add -l 2>&1)"
|
#msg="$(ssh-add -l 2>&1)"
|
||||||
logtrace "Output from check for running agent: $msg"
|
logtrace "Output from check for running agent: $msg"
|
||||||
|
|
@ -142,22 +157,35 @@ start_or_restart_local_agent() {
|
||||||
logdebug "agent is running, but:"
|
logdebug "agent is running, but:"
|
||||||
logwarning "$msg"
|
logwarning "$msg"
|
||||||
;;
|
;;
|
||||||
2|99)
|
2|3|99)
|
||||||
logdebug "former agent is not running -> start it"
|
logdebug "former agent is not running -> start it"
|
||||||
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||||
logdebug "remove agentfile: $( rm -v -f "$ssh_agentfile" )"
|
logdebug "remove agentfile: $( rm -v -f "$ssh_agentfile" )"
|
||||||
|
#logdebug "$(ssh-agent -k)"
|
||||||
|
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
|
||||||
|
logtrace "$(ssh-agent -a $ssh_socketfile ${SSH_AGENT_OPTIONS} > $ssh_agentfile )"
|
||||||
|
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||||
|
sed '/^PKCS11_MODULE/d' ${ssh_agentfile}
|
||||||
|
[ -n "${PKCS11_MODULE:+x}" ] && logdebug "add PKCS11_MODULE to ${ssh_agentfile}"
|
||||||
|
[ -n "${PKCS11_MODULE:+x}" ] && echo "PKCS11_MODULE=$PKCS11_MODULE; export PKCS11_MODULE" >> ${ssh_agentfile}
|
||||||
|
logdebug "agent started"
|
||||||
|
;;
|
||||||
|
4)
|
||||||
|
logdebug "this is strange"
|
||||||
;;
|
;;
|
||||||
esac
|
esac
|
||||||
else
|
else
|
||||||
logdebug "ssh_agentfile ${ssh_agentfile} does not exist"
|
logdebug "ssh_agentfile ${ssh_agentfile} does not exist"
|
||||||
|
logdebug "remove socketfile: $( rm -v -f "$ssh_socketfile" )"
|
||||||
|
logdebug "remove agentfile: $( rm -v -f "$ssh_agentfile" )"
|
||||||
|
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
|
||||||
|
logtrace "$(ssh-agent -a $ssh_socketfile ${SSH_AGENT_OPTIONS} > $ssh_agentfile )"
|
||||||
|
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
||||||
|
sed '/^PKCS11_MODULE/d' ${ssh_agentfile}
|
||||||
|
[ -n "${PKCS11_MODULE:+x}" ] && logdebug "add PKCS11_MODULE to ${ssh_agentfile}"
|
||||||
|
[ -n "${PKCS11_MODULE:+x}" ] && echo "PKCS11_MODULE=$PKCS11_MODULE; export PKCS11_MODULE" >> ${ssh_agentfile}
|
||||||
|
logdebug "agent started"
|
||||||
fi
|
fi
|
||||||
logdebug "SSH_AGENT_OPTIONS: $SSH_AGENT_OPTIONS"
|
|
||||||
logtrace "$(ssh-agent -a $ssh_socketfile ${SSH_AGENT_OPTIONS} > $ssh_agentfile )"
|
|
||||||
logdebug "PKCS11_MODULE: ${PKCS11_MODULE:-not set}"
|
|
||||||
sed '/^PKCS11_MODULE/d' ${ssh_agentfile}
|
|
||||||
[ -n "${PKCS11_MODULE:+x}" ] && logdebug "add PKCS11_MODULE to ${ssh_agentfile}"
|
|
||||||
[ -n "${PKCS11_MODULE:+x}" ] && echo "PKCS11_MODULE=$PKCS11_MODULE; export PKCS11_MODULE" >> ${ssh_agentfile}
|
|
||||||
logdebug "agent started"
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -183,6 +211,13 @@ EOF
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
logdebug "Only local agent allowed"
|
logdebug "Only local agent allowed"
|
||||||
|
if [ -e ${ssh_agentfile} -a $(grep SSH_AUTH_SOCK ${ssh_agentfile}|echo $?) ]
|
||||||
|
then
|
||||||
|
logdebug "agentfile exists"
|
||||||
|
else
|
||||||
|
logdebug "agentfile is missing -> kill all ssh-agents for socket"
|
||||||
|
pkill -f ${ssh_socketfile}
|
||||||
|
fi
|
||||||
if [ -L ${ssh_socketfile} ]
|
if [ -L ${ssh_socketfile} ]
|
||||||
then
|
then
|
||||||
logdebug "${ssh_socketfile} is symlinked to $(readlink -f ${ssh_socketfile}). Remove it"
|
logdebug "${ssh_socketfile} is symlinked to $(readlink -f ${ssh_socketfile}). Remove it"
|
||||||
|
|
@ -253,7 +288,7 @@ logtrace " SSH_IDENTITIES_DIR: $SSH_IDENTITIES_DIR"
|
||||||
|
|
||||||
set_and_load_identity_config ${1}
|
set_and_load_identity_config ${1}
|
||||||
loginfo " SSH_ADD_OPTIONS=${SSH_ADD_OPTIONS:-not set}"
|
loginfo " SSH_ADD_OPTIONS=${SSH_ADD_OPTIONS:-not set}"
|
||||||
loginfo "SSH_AGENT_ALLOW_FROM_REMOTE=${SSH_AGENT_ALLOW_FROM_REMOTE:-not set}"
|
loginfo "SSH_AGENT_ALLOW_FROM_REMOTE=${SSH_AGENT_ALLOW_FROM_REMOTE:-false}"
|
||||||
loginfo " PKCS11_MODULE=${PKCS11_MODULE:-not set}"
|
loginfo " PKCS11_MODULE=${PKCS11_MODULE:-not set}"
|
||||||
loginfo " P11M=${P11M:-not set}"
|
loginfo " P11M=${P11M:-not set}"
|
||||||
loginfo " SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-not set}"
|
loginfo " SSH_AUTH_SOCK=${SSH_AUTH_SOCK:-not set}"
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue