Overview
| Comment: | More testing of the Tcl implementation of the SSH agent |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: | 24e37c4dabf274f87e5522c425afc4e7fb61cf9e |
| User & Date: | rkeene on 2019-06-12 22:41:22 |
| Other Links: | manifest | tags |
Context
|
2019-08-08
| ||
| 16:52 | Added softokn3 wrapper module check-in: 3eb54f93b1 user: rkeene tags: trunk | |
|
2019-06-12
| ||
| 22:41 | More testing of the Tcl implementation of the SSH agent check-in: 24e37c4dab user: rkeene tags: trunk | |
| 19:40 | Tcl-based interface to JS SSH Agent check-in: 7ef094be65 user: rkeene tags: trunk | |
Changes
Modified build/tcl/ssh-agent.tcl from [757d0fe647] to [3e65cda43f].
1 1 #! /usr/bin/env tclsh 2 2 3 -lappend auto_path /home/rkeene/devel/tcl-duktape/build/work /home/rkeene/devel/tuapi /home/rkeene/devel/tclpkcs11-fossil/build/work {*}[glob -nocomplain -directory /opt/appfs/rkeene.org/tcllib/platform/latest/lib/ tcllib*] 3 +if {[info exists ::env(SSH_AGENT_LIB_PATH)]} { 4 + lappend auto_path {*}$::env(SSH_AGENT_LIB_PATH) 5 +} 4 6 5 -package provide pki 0.10 6 -catch { 7 - source /home/rkeene/devel/tcllib-pki/pki.tcl 7 +if {[info exists ::env(SSH_AGENT_PKCS11_MODULE)]} { 8 + set ::pkcs11ModuleFilename $::env(SSH_AGENT_PKCS11_MODULE) 9 +} else { 10 + set ::pkcs11ModuleFilename /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so 8 11 } 9 -package require duktape 12 + 13 +package require duktape 0.7 10 14 package require tuapi 11 -package require pki::pkcs11 15 +package require pki 0.6 16 +package require pki::pkcs11 0.9.9 17 + 18 +## HACK: Fix up older versions of "pki" to include the raw certificate 19 +## this is needed 20 +apply {{} { 21 + set procToUpdate ::pki::x509::parse_cert 22 + if {![string match "*set ret(raw)*" [info body $procToUpdate]]} { 23 + set body [info body $procToUpdate] 24 + set body [string map { 25 + "::asn::asnGetSequence cert_seq wholething" 26 + "set ret(raw) $cert_seq; binary scan $ret(raw) H* ret(raw); ::asn::asnGetSequence cert_seq wholething" 27 + } $body] 28 + proc $procToUpdate [info args $procToUpdate] $body 29 + } 30 +}} 12 31 13 32 proc pkcs11ModuleHandle {} { 14 33 if {![info exists ::pkcs11ModuleHandle]} { 15 - set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule /home/rkeene/tmp/cackey/build/tcl/softokn3-pkcs11.so] 34 + set ::pkcs11ModuleHandle [::pki::pkcs11::loadmodule $::pkcs11ModuleFilename] 16 35 } 17 36 return $::pkcs11ModuleHandle 18 37 } 19 38 20 39 proc pkcs11ModuleUnload {handle} { 21 40 if {[info exists ::pkcs11ModuleHandle] && $handle eq $::pkcs11ModuleHandle} { 22 41 unset ::pkcs11ModuleHandle ................................................................................ 107 126 } 108 127 } 109 128 X509.parseCert = __parseCert; 110 129 delete __parseCert; 111 130 } 112 131 } 113 132 114 -proc initSSHAgent {} { 115 - foreach file {chrome-emu.js ssh-agent-noasync.js} { 116 - unset -nocomplain fd 133 +proc readFile {fileName} { 134 + if {![info exists ::readFile($fileName)]} { 117 135 catch { 118 - set fd [open $file] 119 - set js($file) [read $fd] 136 + set fd [open $fileName] 137 + set ::readFile($fileName) [read $fd] 120 138 } 121 139 catch { 122 140 close $fd 123 141 } 124 142 } 125 143 144 + return $::readFile($fileName) 145 +} 146 + 147 +proc initSSHAgent {} { 126 148 set jsHandle [::duktape::init -safe true] 127 149 128 150 ::duktape::tcl-function $jsHandle __puts {args} { 129 151 if {[llength $args] ni {1 2}} { 130 152 return -code error "wrong # args: puts ?{stderr|stdout}? message" 131 153 } 132 154 if {[llength $args] == 2} { ................................................................................ 142 164 runtime = {}; 143 165 runtime.puts = __puts; 144 166 runtime.stderr = "stderr"; 145 167 delete __puts; 146 168 } 147 169 148 170 ::duktape::eval $jsHandle {var goog = {DEBUG: false};} 149 - ::duktape::eval $jsHandle $js(chrome-emu.js) 171 + ::duktape::eval $jsHandle [readFile chrome-emu.js] 150 172 addRSAToJS $jsHandle 151 - ::duktape::eval $jsHandle $js(ssh-agent-noasync.js) 173 + ::duktape::eval $jsHandle [readFile ssh-agent-noasync.js] 152 174 ::duktape::eval $jsHandle {cackeySSHAgentFeatures.enabled = true;} 153 - ::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = true;} 175 + ::duktape::eval $jsHandle {cackeySSHAgentFeatures.includeCerts = false;} 176 + ::duktape::eval $jsHandle {cackeySSHAgentFeatures.legacy = false;} 154 177 ::duktape::eval $jsHandle { 155 178 function connection(callback) { 156 179 this.sender = { 157 180 id: "pnhechapfaindjhompbnflcldabbghjo" 158 181 }; 159 182 this.onMessage = { 160 183 listeners: [], ................................................................................ 336 359 puts stderr "ERROR: $::errorInfo" 337 360 close $sock 338 361 } 339 362 } 340 363 341 364 proc incomingConnection {sock args} { 342 365 if {[catch { 343 - set jsHandle [initSSHAgent] 366 + if {![info exists ::jsHandle]} { 367 + set ::jsHandle [initSSHAgent] 368 + } 369 + set jsHandle $::jsHandle 344 370 345 371 ::duktape::eval $jsHandle {var socket = new connection(handleDataFromAgent);} 346 372 ::duktape::eval $jsHandle "socket.handle = \"$sock\";" 347 373 ::duktape::eval $jsHandle {chrome.runtime.externalConnect(socket);} 348 374 349 375 fconfigure $sock -translation binary -encoding binary -blocking true 350 376 fileevent $sock readable [list handleData $sock $jsHandle]