nmav pushed to caml-crush (master). "pkcs11proxyd-softhsm-ctl: allow adding more tokens"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Apr 8 08:56:36 UTC 2015
>From 1a9e04ffc15fd82f817a1cce7dfdcbdbbb64fae8 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav at redhat.com>
Date: Wed, 8 Apr 2015 10:44:15 +0200
Subject: pkcs11proxyd-softhsm-ctl: allow adding more tokens
diff --git a/pkcs11proxyd-softhsm-ctl b/pkcs11proxyd-softhsm-ctl
index a03d3fe..a231df3 100755
--- a/pkcs11proxyd-softhsm-ctl
+++ b/pkcs11proxyd-softhsm-ctl
@@ -1,5 +1,16 @@
#!/bin/sh
+SOFTHSM_UTIL=/usr/bin/softhsm2-util
+export SOFTHSM_UTIL
+
+check_root() {
+ id|grep root >/dev/null 2>&1
+ if [ $? != 0 ];then
+ echo "This command can only be run by the administrator"
+ exit 1
+ fi
+}
+
case "$1" in
"status")
grep forbidden_functions /etc/pkcs11proxyd/filter-softhsm.conf|grep C_Create >/dev/null 2>&1
@@ -9,28 +20,44 @@ case "$1" in
echo unlocked
fi
;;
- "lock")
- id|grep root >/dev/null 2>&1
- if [ $? != 0 ];then
- echo "This command can only be run by the administrator"
+ "add")
+ check_root
+
+ if test -z "$2";then
+ echo "You need to provide the name of the token to add"
exit 1
fi
+ label=$2
+
+ set -e
+ SOFTHSM2_CONF=/var/lib/pkcs11proxyd/softhsm.conf
+ export SOFTHSM2_CONF
+ su pkcs11proxyd -p -s /bin/sh <<__EOF__
+#!/bin/sh
+SLOT=`$SOFTHSM_UTIL --show-slots|grep ^Slot|tail -1|cut -d ' ' -f 2`
+if test -z "\$SLOT";then
+ echo "Cannot determine an empty slot"
+ exit 1
+fi
+$SOFTHSM_UTIL --init-token --slot \$SLOT --label "$label"
+__EOF__
+
+ ;;
+ "lock")
+ check_root
ln -sf /var/lib/pkcs11proxyd/filter-softhsm-locked.conf /etc/pkcs11proxyd/filter-softhsm.conf
systemctl restart pkcs11proxyd-softhsm
;;
"unlock")
- id|grep root >/dev/null 2>&1
- if [ $? != 0 ];then
- echo "This command can only be run by the administrator"
- exit 1
- fi
+ check_root
ln -sf /var/lib/pkcs11proxyd/filter-softhsm-unlocked.conf /etc/pkcs11proxyd/filter-softhsm.conf
systemctl restart pkcs11proxyd-softhsm
;;
*)
echo "$0: [status|lock|unlock]"
+ echo "$0: [add] token-name"
;;
esac
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/caml-crush.git/commit/?h=master&id=1a9e04ffc15fd82f817a1cce7dfdcbdbbb64fae8
More information about the scm-commits
mailing list