commit 496e5dc377b4c7a93e9350d0831870b69446a29e
parent ae64d05f72fa7c1d1c6f7612228849b68bf6a746
Author: Jan Pobrislo <ccx@webprojekty.cz>
Date: Thu, 6 Jun 2019 22:35:23 +0200
ssh-agent locking support
Diffstat:
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/bin/zshaskpass_lock b/bin/zshaskpass_lock
@@ -12,7 +12,7 @@ fi
setopt no_unset warn_create_global
zmodload zsh/zselect
-typeset -g COPROC_OUT fd newfd prompt_end keep_running X
+typeset -g COPROC_OUT fd newfd prompt_end keep_running X die_color
typeset -a coproc_args
typeset -gA fds
@@ -26,7 +26,14 @@ if [[ $TTY == /dev/tty[1234] ]]; then
X=$[ ${TTY#/dev/tty} + 4 ]
fi
+die_color=%F{red}
prompt_end=%f
+
+die() {
+ printf '%s\n' "${(%)die_color}$^@${(%)prompt_end}"
+ exit 1
+}
+
coproc_args=(
fdmove -c 2 1
unexport ZSHASKPASS_PROMPTFD
@@ -58,6 +65,14 @@ logincap() {
printf '%s\n' ${(%)result_color}$line${(%)prompt_end}
}
+lock() {
+ ssh-add -D || die "Error removing identities"
+ s6-svc -o -wu -T 3000 /run/containers/xsession.$X.ccx/run/service/screen-locker/ || "Failed to bring up screen locker"
+ s6-svstat /run/containers/xsession.$X.ccx/run/service/screen-locker/
+ s6-svlisten1 -d /run/containers/xsession.$X.ccx/run/service/screen-locker/ zsh -c "read -sk 1 $'?Session locked, press enter to unlock.\n' || exit 98; until ssh-add -c; do sleep 2; read -sk 1 $'?\nUnlock failed, press enter to try again.\n' || exit 98; done; if ssh-add -l >/dev/null; then printf '%s\n' 'Success, stopping screen locker'; s6-svc -d '/run/containers/xsession.$X.ccx/run/service/screen-locker/'; fi"
+ ssh-add -l >/dev/null || die "Failed to load SSH agent identities (screen locker died?), exiting."
+}
+
cmd() {
case $1 in
('') ;;
@@ -78,6 +93,8 @@ cmd() {
logincap b;;
(root)
logincap "terminal rxvt-unicode importas -i PTY_FD PTY_FD s6-envdir /run/user/ccx/X$[ ${TTY#/dev/tty} + 4 ]/env urxvt -pty-fd \$PTY_FD" ;;
+ (lock)
+ lock;;
(exit)
true >/run/user/ccx/X$[ ${TTY#/dev/tty} + 4 ]/fifo
keep_running=0;;
