/[gentoo-src]/keychain/keychain.cygwin
Gentoo

Contents of /keychain/keychain.cygwin

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.2 - (hide annotations) (download)
Thu Mar 21 19:22:21 2002 UTC (18 years, 7 months ago) by drobbins
Branch: MAIN
Changes since 1.1: +4 -4 lines
new keychain stuff

1 drobbins 1.1 #!/bin/sh
2 drobbins 1.2 # Copyright 1999-2002 Gentoo Technologies, Inc.
3     # Distributed under the terms of the GNU General Public License v2
4 drobbins 1.1 # Author: Daniel Robbins <drobbins@gentoo.org>
5 drobbins 1.2 # $Header: /home/cvsroot/gentoo-src/keychain/keychain.cygwin,v 1.1 2002/03/04 18:48:09 drobbins Exp $
6 drobbins 1.1
7 drobbins 1.2 version=1.9
8 drobbins 1.1
9     trap "" INT || { echo "$0: warning: trapping signal 2 instead of INT" 1>&2; trap "" 2; }
10     PATH="/sbin:/usr/sbin:${PATH}:/usr/ucb"; export PATH;
11     KEYCHAIN_KEYS=""
12    
13     # pidf holds the specific name of the keychain .ssh-agent-myhostname file.
14     # We use the new hostname extension for NFS compatibility. cshpidf is the
15     # .ssh-agent file with csh-compatible syntax. lockf is the lockfile, used
16     # to serialize the execution of multiple ssh-agent processes started
17     # simultaneously (only works if lockfile from the procmail package is
18     # available.
19    
20     hostname=`uname -n`
21     if [ -z "`echo ${@} | grep '\-\-local'`" ]
22     then
23     pidf="${HOME}/.ssh-agent-${hostname}"
24     cshpidf="${HOME}/.ssh-agent-csh-${hostname}"
25     lockf="${HOME}/.keychain-lock-${hostname}"
26     else
27     pidf="${HOME}/.ssh-agent"
28     cshpidf="${HOME}/.ssh-agent-csh"
29     lockf="${HOME}/.keychain-lock"
30     fi
31    
32     # perform lock if we have lockfile available
33     if type lockfile >/dev/null 2>&1; then
34     lockfile -1 -r 30 -l 35 -s 2 "$lockf"
35     if [ $? != 0 ]; then
36     echo "Error: Couldn't get lock" >&2
37     exit 1
38     fi
39     fi
40    
41     for x in ${@}
42     do
43     # if it's not an --option, add it to our list of keys
44     case ${x} in
45     -*)
46     ;;
47     *)
48     KEYCHAIN_KEYS="$KEYCHAIN_KEYS ${x}"
49     ;;
50     esac
51     done
52    
53     #auto-detect whether echo -e works.
54     unset BLUE GREEN OFF CYAN E
55     if [ -z "`echo -e`" ]
56     then
57     E="-e"
58     # color variables won't be defined if --nocolor is present
59     fi
60     if [ -z "`echo ${@} | grep '\-\-nocolor'`" ]
61     then
62     BLUE="\033[34;01m"
63     GREEN="\033[32;01m"
64     OFF="\033[0m"
65     CYAN="\033[36;01m"
66     fi
67    
68     quiet_mode="no"
69     if [ -n "`echo ${@} | grep '\-\-quiet'`" ] || [ -n "`echo $* | grep '\-q'`" ] ;
70     then
71     quiet_mode="yes"
72     fi
73    
74     if [ "$quiet_mode" = "no" ]
75     then
76     echo
77     echo $E "${GREEN}KeyChain ${version}; ${BLUE}http://www.gentoo.org/projects/keychain${OFF}"
78     echo $E " Copyright 2001 Gentoo Technologies, Inc.; Distributed under the GPL"
79     fi
80    
81     #Special cygwin version
82     psopts="-u `whoami` -f"
83     #End special cygwin version
84    
85     mypids=`ps $psopts 2>/dev/null | grep "[s]sh-agent" | awk '{print $2}'` > /dev/null 2>&1
86    
87     if [ -n "`echo $* | grep '\-\-stop'`" ] || [ -n "`echo $* | grep '\-k'`" ]
88     then
89     # --stop tells keychain to kill the existing ssh-agent(s), then exit
90     kill $mypids > /dev/null 2>&1
91     rm -f "${pidf}" "${cshpidf}" "$lockf" 2> /dev/null
92     #`whoami` (rather than the $LOGNAME var) gives us the euid rather than the uid (what we want)
93     if [ "$quiet_mode" = "no" ]
94     then
95     echo $E " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now stopped."
96     echo
97     fi
98     exit 0
99     fi
100    
101     if [ -n "`echo $* | grep '\-h'`" ]
102     then
103     echo $E Usage: ${CYAN}${0}${OFF} [ ${GREEN}options${OFF} ] ${CYAN}sshkey${OFF} ...
104     cat <<EOHELP
105    
106     Description:
107    
108     Keychain is an OpenSSH key manager, typically run from ~/.bash_profile. When
109     run, it will make sure ssh-agent is running; if not, it will start ssh-agent.
110     It will redirect ssh-agent's output to ~/.ssh-agent-[hostname], so that cron
111     jobs that need to use ssh-agent keys can simply source this file and make the
112     necessary passwordless ssh connections. In addition, when keychain runs, it
113     will check with ssh-agent and make sure that the ssh RSA/DSA keys that you
114     specified on the keychain command line have actually been added to ssh-agent.
115     If not, you are prompted for the appropriate passphrases so that they can be
116     added by keychain.
117    
118     Typically, one uses keychain by adding the following to the top of their
119     ~/.bash_profile (or ~/.zlogin, in case of zsh):
120    
121     EOHELP
122     echo $E " ${CYAN}keychain ~/.ssh/id_rsa ~/.ssh/id_dsa"
123     echo $E " . ~/.ssh-agent-\${HOSTNAME}${OFF}"
124     echo
125     echo $E " # alt. syntax: . ~/.ssh-agent-\`uname -n\`"
126     echo $E " # note the use of back-quotes (\`) rather than single-quotes (') above."
127     echo $E " # We now append the hostname (\`uname -n\`) to the .ssh-agent filename"
128     echo $E " # for NFS-compatibility."
129     echo
130     echo " You can make keychain work with your csh-compatible shell by adding the"
131     echo " following to your .cshrc:"
132     echo
133     echo $E " ${CYAN}keychain ~/.ssh/id_rsa ~/.ssh/id_dsa"
134     echo $E " source ~/.ssh-agent-csh-\${HOSTNAME}${OFF}"
135     echo
136     cat <<EOHELP
137     Keychain allows all your apps and cron jobs to use a single ssh-agent process
138     as an authentication agent. By default, the ssh-agent started by keychain is
139     long-running and will continue to run, even after you have logged out from the
140     system. If you'd like to tighten up security a bit, take a look at the
141     EOHELP
142     echo $E " ${GREEN}--clear${OFF} option, described below."
143     echo
144     echo Options:
145     echo
146     echo $E " ${GREEN}--local${OFF}"
147     echo
148     cat <<EOHELP
149     Prevents keychain from appending the hostname to any of the files. This
150     makes life simpler in a non NFS world.
151     EOHELP
152     echo
153     echo $E " ${GREEN}--clear${OFF}"
154     echo
155     cat <<EOHELP
156     Tells keychain to delete all of ssh-agent's host keys. Typically, This is
157     used in the ~/.bash_profile. The theory behind this is that keychain should
158     assume that you are an intruder until proven otherwise. However, while this
159     option increases security, it still allows your cron jobs to use your ssh keys
160     when you're logged out.
161     EOHELP
162     echo
163     echo $E " ${GREEN}--noask${OFF}"
164     echo
165     cat <<EOHELP
166     This option tells keychain do everything it normally does (ensure ssh-agent is
167     running, set up the ~/.ssh-agent-[hostname] file) except that it will not
168     prompt you to add any of the keys you specified if they haven't yet been added
169     to ssh-agent.
170     EOHELP
171     echo
172     echo $E " ${GREEN}--nocolor${OFF}"
173     echo
174     echo " This option disables color highlighting for non vt-100-compatible terms."
175     echo
176     echo $E " ${GREEN}--stop | -k${OFF}"
177     echo
178     cat <<EOHELP
179     This option tells keychain to stop all running ssh-agent processes, and then
180     exit.
181     EOHELP
182     echo
183     echo $E " ${GREEN}--quiet | -q${OFF}"
184     echo
185     cat <<EOHELP
186     This option tells keychain to turn off verbose mode and only print error
187     messages and interactive messages. This is useful for login scripts etc.
188     EOHELP
189     #' this line is a simple fix for vim syntax highlighting
190     rm -f "$lockf" 2> /dev/null
191     exit 1
192     fi
193    
194     if [ -f $pidf ]
195     then
196     . $pidf
197     else
198     SSH_AGENT_PID="NULL"
199     fi
200    
201     match="no"
202     for x in $mypids
203     do
204     if [ "$x" = "$SSH_AGENT_PID" ]
205     then
206     if [ "$quiet_mode" = "no" ]
207     then
208     echo $E " ${GREEN}*${OFF} Found existing ssh-agent at PID ${x}"
209     fi
210     match="yes"
211     break
212     fi
213     done
214    
215     if [ "$match" = "no" ]
216     then
217     if [ -n "$mypids" ]
218     then
219     kill $mypids > /dev/null 2>&1
220     fi
221     if [ "$quiet_mode" = "no" ]
222     then
223     echo $E " ${GREEN}*${OFF} All previously running ssh-agent(s) have been stopped."
224     echo $E " ${GREEN}*${OFF} Initializing ${pidf} file..."
225     fi
226     # "> pidf" doesn't work ash. But it should work with any sh-compatible shell
227     > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
228     [ "$quiet_mode" = "no" ] && echo $E " ${GREEN}*${OFF} Initializing ${cshpidf} file..."
229     > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
230     chmod 0600 "$pidf" "$cshpidf"
231     [ "$quiet_mode" = "no" ] && echo $E " ${GREEN}*${OFF} Starting new ssh-agent"
232     nohup ssh-agent -s | grep -v 'Agent pid' > "$pidf"
233     . "$pidf"
234     echo "setenv SSH_AUTH_SOCK $SSH_AUTH_SOCK;" > "$cshpidf"
235     echo "setenv SSH_AGENT_PID $SSH_AGENT_PID;" >> "$cshpidf"
236     fi
237    
238     if [ -n "`echo $* | grep '\-\-clear'`" ]
239     then
240     echo $E " ${GREEN}*${OFF} \c"
241     ssh-add -D
242     fi
243    
244     #now that keys are potentially cleared, it's safe to be aborted by ^C
245     trap - INT || trap - 2
246    
247     if [ -n "`echo $* | grep '\-\-noask'`" ]
248     then
249     # --noask means "don't ask for keys", so skip this next part
250     echo
251     exit 0
252     fi
253    
254     # hook in to existing agent
255     . "$pidf"
256    
257     missingkeys="START"
258     #below, previous count of missing keys, and count of missing keys, respectively.
259     #when the difference between these two numbers does not abort after three tries,
260     #we abort the loop (using $countdown)
261     pmcount=0
262     mcount=0
263     countdown=3
264     while [ $countdown -gt 1 ] && [ "$missingkeys" != "" ]
265     do
266     pmcount=$mcount
267     mcount=0
268     missingkeys=""
269     myavail=`ssh-add -l | cut -f2 -d " "`
270     if [ $? -ne 0 ]
271     then
272     echo $E " ${CYAN}*${OFF} Problems listing keys; exiting..."
273     exit 1
274     fi
275     for x in $KEYCHAIN_KEYS
276     do
277     if [ ! -f "$x" ]
278     then
279     echo $E " ${CYAN}*${OFF} Can't find ${x}; skipping..."
280     continue
281     fi
282     if [ -f "${x}.pub" ]
283     then
284     myfing=`ssh-keygen -l -f ${x}.pub 2>&1`
285     else
286     myfing=`ssh-keygen -l -f ${x} 2>&1`
287     if [ $? -ne 0 ]
288     then
289     echo $E " ${CYAN}*${OFF} Warning: ${x}.pub missing; can't tell if key ${x} already loaded."
290     myfail=3
291     fi
292     fi
293     myfing=`echo ${myfing} | cut -f2 -d " "`
294     skip=0
295     for y in $myavail
296     do
297     if [ "$y" = "$myfing" ]
298     then
299     skip=1
300     break
301     fi
302     done
303     if [ $skip -ne 1 ]
304     then
305     missingkeys="$missingkeys $x"
306     mcount=`expr $mcount + 1`
307     fi
308     done
309     if [ "$missingkeys" = "" ]
310     then
311     break
312     fi
313     if [ `expr $pmcount - $mcount` -eq 0 ]
314     then
315     countdown=`expr $countdown - 1`
316     else
317     countdown=3
318     fi
319     if [ "$quiet_mode" = "no" ]
320     then
321     echo $E " ${GREEN}*${OFF} ${BLUE}${mcount}${OFF} more keys to add..."
322     fi
323     ssh-add ${missingkeys}
324     if [ $? -ne 0 ]
325     then
326     myfail=`expr $myfail + 1`
327     echo $E " ${CYAN}*${OFF} Problem adding key${OFF}..."
328     fi
329     done
330     if [ "$quiet_mode" = "no" ]
331     then
332     echo
333     fi
334     #remove lockfile if it exists
335     rm -f "$lockf" 2> /dev/null
336    

  ViewVC Help
Powered by ViewVC 1.1.20