Index: bin/fix_pkcs11_token.sh |
diff --git a/bin/fix_pkcs11_token.sh b/bin/fix_pkcs11_token.sh |
index 89571962f424065c1e96f5c56c59fb1c7685ea2f..6902b97b660458298b77c57e34987e82331baa01 100755 |
--- a/bin/fix_pkcs11_token.sh |
+++ b/bin/fix_pkcs11_token.sh |
@@ -14,13 +14,28 @@ ROOT_TOKEN_LINK="$OPENCRYPTOKI_DIR/tpm/root" |
USER_TOKEN_DIR="/home/$USERNAME/user/.tpm" |
-if [ -e "$USER_TOKEN_DIR/PUBLIC_ROOT_KEY.pem" -a \ |
- ! -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" ]; then |
- # A token with a public key but no private key is a sign that |
- # initialization timed out. The only way to recover seems to be to wipe |
- # out the whole token and try again. |
- logger "PKCS#11 token appears to be broken, deleting: $USER_TOKEN_DIR/*" |
- rm -rf "$USER_TOKEN_DIR"/* |
+log() { |
+ if [ -t 1 ]; then |
+ echo "$@" 1>&2 |
+ else |
+ logger -t $(basename "$0") "$@" |
+ fi |
+} |
+ |
+if [ ! -f "$USER_TOKEN_DIR/PUBLIC_ROOT_KEY.pem" ]; then |
+ log "No PKCS#11 token found for $USERNAME." |
+else |
+ if [ -e "$USER_TOKEN_DIR/PRIVATE_ROOT_KEY.pem" -a \ |
+ -e "$USER_TOKEN_DIR/TOK_OBJ/70000000" ]; then |
Chris Masone
2010/08/25 00:33:13
-f or -e, be consistent.
|
+ log "PKCS#11 token for $USERNAME looks ok." |
+ else |
+ # If these files are missing, it's a sign that initialization timed out. |
+ # The only way to recover seems to be to wipe out the whole token and try |
+ # again. |
+ log "PKCS#11 token for $USERNAME appears to be broken, deleting:" \ |
+ "$USER_TOKEN_DIR/*" |
+ rm -rf "$USER_TOKEN_DIR"/* |
+ fi |
fi |
# Ensure the directories exist |