/[gentoo-src]/keychain/keychain.cygwin
Gentoo

Contents of /keychain/keychain.cygwin

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1.3 - (show annotations) (download)
Sat Aug 17 22:35:40 2002 UTC (18 years, 1 month ago) by drobbins
Branch: MAIN
CVS Tags: HEAD
Changes since 1.2: +1 -1 lines
FILE REMOVED
Keychain 2.0

1 #!/bin/sh
2 # Copyright 1999-2002 Gentoo Technologies, Inc.
3 # Distributed under the terms of the GNU General Public License v2
4 # Author: Daniel Robbins <drobbins@gentoo.org>
5 # $Header: /home/cvsroot/gentoo-src/keychain/keychain.cygwin,v 1.2 2002/03/21 19:22:21 drobbins Exp $
6
7 version=1.9
8
9 trap "" INT || { echo "$0: warning: trapping signal 2 instead of INT" 1>&2; trap "" 2; }
10 PATH="/sbin:/usr/sbin:${PATH}:/usr/ucb"; export PATH;
11 KEYCHAIN_KEYS=""
12
13 # pidf holds the specific name of the keychain .ssh-agent-myhostname file.
14 # We use the new hostname extension for NFS compatibility. cshpidf is the
15 # .ssh-agent file with csh-compatible syntax. lockf is the lockfile, used
16 # to serialize the execution of multiple ssh-agent processes started
17 # simultaneously (only works if lockfile from the procmail package is
18 # available.
19
20 hostname=`uname -n`
21 if [ -z "`echo ${@} | grep '\-\-local'`" ]
22 then
23 pidf="${HOME}/.ssh-agent-${hostname}"
24 cshpidf="${HOME}/.ssh-agent-csh-${hostname}"
25 lockf="${HOME}/.keychain-lock-${hostname}"
26 else
27 pidf="${HOME}/.ssh-agent"
28 cshpidf="${HOME}/.ssh-agent-csh"
29 lockf="${HOME}/.keychain-lock"
30 fi
31
32 # perform lock if we have lockfile available
33 if type lockfile >/dev/null 2>&1; then
34 lockfile -1 -r 30 -l 35 -s 2 "$lockf"
35 if [ $? != 0 ]; then
36 echo "Error: Couldn't get lock" >&2
37 exit 1
38 fi
39 fi
40
41 for x in ${@}
42 do
43 # if it's not an --option, add it to our list of keys
44 case ${x} in
45 -*)
46 ;;
47 *)
48 KEYCHAIN_KEYS="$KEYCHAIN_KEYS ${x}"
49 ;;
50 esac
51 done
52
53 #auto-detect whether echo -e works.
54 unset BLUE GREEN OFF CYAN E
55 if [ -z "`echo -e`" ]
56 then
57 E="-e"
58 # color variables won't be defined if --nocolor is present
59 fi
60 if [ -z "`echo ${@} | grep '\-\-nocolor'`" ]
61 then
62 BLUE="\033[34;01m"
63 GREEN="\033[32;01m"
64 OFF="\033[0m"
65 CYAN="\033[36;01m"
66 fi
67
68 quiet_mode="no"
69 if [ -n "`echo ${@} | grep '\-\-quiet'`" ] || [ -n "`echo $* | grep '\-q'`" ] ;
70 then
71 quiet_mode="yes"
72 fi
73
74 if [ "$quiet_mode" = "no" ]
75 then
76 echo
77 echo $E "${GREEN}KeyChain ${version}; ${BLUE}http://www.gentoo.org/projects/keychain${OFF}"
78 echo $E " Copyright 2001 Gentoo Technologies, Inc.; Distributed under the GPL"
79 fi
80
81 #Special cygwin version
82 psopts="-u `whoami` -f"
83 #End special cygwin version
84
85 mypids=`ps $psopts 2>/dev/null | grep "[s]sh-agent" | awk '{print $2}'` > /dev/null 2>&1
86
87 if [ -n "`echo $* | grep '\-\-stop'`" ] || [ -n "`echo $* | grep '\-k'`" ]
88 then
89 # --stop tells keychain to kill the existing ssh-agent(s), then exit
90 kill $mypids > /dev/null 2>&1
91 rm -f "${pidf}" "${cshpidf}" "$lockf" 2> /dev/null
92 #`whoami` (rather than the $LOGNAME var) gives us the euid rather than the uid (what we want)
93 if [ "$quiet_mode" = "no" ]
94 then
95 echo $E " ${GREEN}*${OFF} All ssh-agent(s) started by" `whoami` "are now stopped."
96 echo
97 fi
98 exit 0
99 fi
100
101 if [ -n "`echo $* | grep '\-h'`" ]
102 then
103 echo $E Usage: ${CYAN}${0}${OFF} [ ${GREEN}options${OFF} ] ${CYAN}sshkey${OFF} ...
104 cat <<EOHELP
105
106 Description:
107
108 Keychain is an OpenSSH key manager, typically run from ~/.bash_profile. When
109 run, it will make sure ssh-agent is running; if not, it will start ssh-agent.
110 It will redirect ssh-agent's output to ~/.ssh-agent-[hostname], so that cron
111 jobs that need to use ssh-agent keys can simply source this file and make the
112 necessary passwordless ssh connections. In addition, when keychain runs, it
113 will check with ssh-agent and make sure that the ssh RSA/DSA keys that you
114 specified on the keychain command line have actually been added to ssh-agent.
115 If not, you are prompted for the appropriate passphrases so that they can be
116 added by keychain.
117
118 Typically, one uses keychain by adding the following to the top of their
119 ~/.bash_profile (or ~/.zlogin, in case of zsh):
120
121 EOHELP
122 echo $E " ${CYAN}keychain ~/.ssh/id_rsa ~/.ssh/id_dsa"
123 echo $E " . ~/.ssh-agent-\${HOSTNAME}${OFF}"
124 echo
125 echo $E " # alt. syntax: . ~/.ssh-agent-\`uname -n\`"
126 echo $E " # note the use of back-quotes (\`) rather than single-quotes (') above."
127 echo $E " # We now append the hostname (\`uname -n\`) to the .ssh-agent filename"
128 echo $E " # for NFS-compatibility."
129 echo
130 echo " You can make keychain work with your csh-compatible shell by adding the"
131 echo " following to your .cshrc:"
132 echo
133 echo $E " ${CYAN}keychain ~/.ssh/id_rsa ~/.ssh/id_dsa"
134 echo $E " source ~/.ssh-agent-csh-\${HOSTNAME}${OFF}"
135 echo
136 cat <<EOHELP
137 Keychain allows all your apps and cron jobs to use a single ssh-agent process
138 as an authentication agent. By default, the ssh-agent started by keychain is
139 long-running and will continue to run, even after you have logged out from the
140 system. If you'd like to tighten up security a bit, take a look at the
141 EOHELP
142 echo $E " ${GREEN}--clear${OFF} option, described below."
143 echo
144 echo Options:
145 echo
146 echo $E " ${GREEN}--local${OFF}"
147 echo
148 cat <<EOHELP
149 Prevents keychain from appending the hostname to any of the files. This
150 makes life simpler in a non NFS world.
151 EOHELP
152 echo
153 echo $E " ${GREEN}--clear${OFF}"
154 echo
155 cat <<EOHELP
156 Tells keychain to delete all of ssh-agent's host keys. Typically, This is
157 used in the ~/.bash_profile. The theory behind this is that keychain should
158 assume that you are an intruder until proven otherwise. However, while this
159 option increases security, it still allows your cron jobs to use your ssh keys
160 when you're logged out.
161 EOHELP
162 echo
163 echo $E " ${GREEN}--noask${OFF}"
164 echo
165 cat <<EOHELP
166 This option tells keychain do everything it normally does (ensure ssh-agent is
167 running, set up the ~/.ssh-agent-[hostname] file) except that it will not
168 prompt you to add any of the keys you specified if they haven't yet been added
169 to ssh-agent.
170 EOHELP
171 echo
172 echo $E " ${GREEN}--nocolor${OFF}"
173 echo
174 echo " This option disables color highlighting for non vt-100-compatible terms."
175 echo
176 echo $E " ${GREEN}--stop | -k${OFF}"
177 echo
178 cat <<EOHELP
179 This option tells keychain to stop all running ssh-agent processes, and then
180 exit.
181 EOHELP
182 echo
183 echo $E " ${GREEN}--quiet | -q${OFF}"
184 echo
185 cat <<EOHELP
186 This option tells keychain to turn off verbose mode and only print error
187 messages and interactive messages. This is useful for login scripts etc.
188 EOHELP
189 #' this line is a simple fix for vim syntax highlighting
190 rm -f "$lockf" 2> /dev/null
191 exit 1
192 fi
193
194 if [ -f $pidf ]
195 then
196 . $pidf
197 else
198 SSH_AGENT_PID="NULL"
199 fi
200
201 match="no"
202 for x in $mypids
203 do
204 if [ "$x" = "$SSH_AGENT_PID" ]
205 then
206 if [ "$quiet_mode" = "no" ]
207 then
208 echo $E " ${GREEN}*${OFF} Found existing ssh-agent at PID ${x}"
209 fi
210 match="yes"
211 break
212 fi
213 done
214
215 if [ "$match" = "no" ]
216 then
217 if [ -n "$mypids" ]
218 then
219 kill $mypids > /dev/null 2>&1
220 fi
221 if [ "$quiet_mode" = "no" ]
222 then
223 echo $E " ${GREEN}*${OFF} All previously running ssh-agent(s) have been stopped."
224 echo $E " ${GREEN}*${OFF} Initializing ${pidf} file..."
225 fi
226 # "> pidf" doesn't work ash. But it should work with any sh-compatible shell
227 > "$pidf" || { echo "$0: Cannot create ${pidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
228 [ "$quiet_mode" = "no" ] && echo $E " ${GREEN}*${OFF} Initializing ${cshpidf} file..."
229 > "$cshpidf" || { echo "$0: Cannot create ${cshpidf}; exiting." 1>&2; rm -f "$pidf" "$cshpidf" "$lockf" 2> /dev/null; exit 1; }
230 chmod 0600 "$pidf" "$cshpidf"
231 [ "$quiet_mode" = "no" ] && echo $E " ${GREEN}*${OFF} Starting new ssh-agent"
232 nohup ssh-agent -s | grep -v 'Agent pid' > "$pidf"
233 . "$pidf"
234 echo "setenv SSH_AUTH_SOCK $SSH_AUTH_SOCK;" > "$cshpidf"
235 echo "setenv SSH_AGENT_PID $SSH_AGENT_PID;" >> "$cshpidf"
236 fi
237
238 if [ -n "`echo $* | grep '\-\-clear'`" ]
239 then
240 echo $E " ${GREEN}*${OFF} \c"
241 ssh-add -D
242 fi
243
244 #now that keys are potentially cleared, it's safe to be aborted by ^C
245 trap - INT || trap - 2
246
247 if [ -n "`echo $* | grep '\-\-noask'`" ]
248 then
249 # --noask means "don't ask for keys", so skip this next part
250 echo
251 exit 0
252 fi
253
254 # hook in to existing agent
255 . "$pidf"
256
257 missingkeys="START"
258 #below, previous count of missing keys, and count of missing keys, respectively.
259 #when the difference between these two numbers does not abort after three tries,
260 #we abort the loop (using $countdown)
261 pmcount=0
262 mcount=0
263 countdown=3
264 while [ $countdown -gt 1 ] && [ "$missingkeys" != "" ]
265 do
266 pmcount=$mcount
267 mcount=0
268 missingkeys=""
269 myavail=`ssh-add -l | cut -f2 -d " "`
270 if [ $? -ne 0 ]
271 then
272 echo $E " ${CYAN}*${OFF} Problems listing keys; exiting..."
273 exit 1
274 fi
275 for x in $KEYCHAIN_KEYS
276 do
277 if [ ! -f "$x" ]
278 then
279 echo $E " ${CYAN}*${OFF} Can't find ${x}; skipping..."
280 continue
281 fi
282 if [ -f "${x}.pub" ]
283 then
284 myfing=`ssh-keygen -l -f ${x}.pub 2>&1`
285 else
286 myfing=`ssh-keygen -l -f ${x} 2>&1`
287 if [ $? -ne 0 ]
288 then
289 echo $E " ${CYAN}*${OFF} Warning: ${x}.pub missing; can't tell if key ${x} already loaded."
290 myfail=3
291 fi
292 fi
293 myfing=`echo ${myfing} | cut -f2 -d " "`
294 skip=0
295 for y in $myavail
296 do
297 if [ "$y" = "$myfing" ]
298 then
299 skip=1
300 break
301 fi
302 done
303 if [ $skip -ne 1 ]
304 then
305 missingkeys="$missingkeys $x"
306 mcount=`expr $mcount + 1`
307 fi
308 done
309 if [ "$missingkeys" = "" ]
310 then
311 break
312 fi
313 if [ `expr $pmcount - $mcount` -eq 0 ]
314 then
315 countdown=`expr $countdown - 1`
316 else
317 countdown=3
318 fi
319 if [ "$quiet_mode" = "no" ]
320 then
321 echo $E " ${GREEN}*${OFF} ${BLUE}${mcount}${OFF} more keys to add..."
322 fi
323 ssh-add ${missingkeys}
324 if [ $? -ne 0 ]
325 then
326 myfail=`expr $myfail + 1`
327 echo $E " ${CYAN}*${OFF} Problem adding key${OFF}..."
328 fi
329 done
330 if [ "$quiet_mode" = "no" ]
331 then
332 echo
333 fi
334 #remove lockfile if it exists
335 rm -f "$lockf" 2> /dev/null

  ViewVC Help
Powered by ViewVC 1.1.20