diff options
| author | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-02-01 22:49:20 +0100 |
|---|---|---|
| committer | cinap_lenrek <cinap_lenrek@felloff.net> | 2016-02-01 22:49:20 +0100 |
| commit | cc8e8c978cb48955417db592b799c4c65881c2b8 (patch) | |
| tree | d0611263b54a2e22d3a9553702b0d6b351397af1 /sys/src/cmd/tlssrv.c | |
| parent | a291bbdeddfd41a2f0907ecbd7b819f0eedffdaf (diff) | |
tlssrv: p9any authentication support using TLS-PSK cipher suits
Diffstat (limited to 'sys/src/cmd/tlssrv.c')
| -rw-r--r-- | sys/src/cmd/tlssrv.c | 52 |
1 files changed, 41 insertions, 11 deletions
diff --git a/sys/src/cmd/tlssrv.c b/sys/src/cmd/tlssrv.c index d9d24489c..853e208d6 100644 --- a/sys/src/cmd/tlssrv.c +++ b/sys/src/cmd/tlssrv.c @@ -3,10 +3,12 @@ #include <bio.h> #include <mp.h> #include <libsec.h> +#include <auth.h> +int debug, auth; +char *keyspec = ""; char *remotesys = ""; char *logfile = nil; -int debug = 0; static int reporter(char *fmt, ...) @@ -30,7 +32,7 @@ reporter(char *fmt, ...) void usage(void) { - fprint(2, "usage: tlssrv -c cert [-D] [-l logfile] [-r remotesys] cmd [args...]\n"); + fprint(2, "usage: tlssrv [-a [-k keyspec]] [-c cert] [-D] [-l logfile] [-r remotesys] cmd [args...]\n"); fprint(2, " after auth/secretpem key.pem > /mnt/factotum/ctl\n"); exits("usage"); } @@ -47,6 +49,12 @@ main(int argc, char *argv[]) case 'D': debug++; break; + case 'a': + auth++; + break; + case 'k': + keyspec = EARGF(usage()); + break; case 'c': cert = EARGF(usage()); break; @@ -63,21 +71,41 @@ main(int argc, char *argv[]) if(*argv == nil) usage(); - if(cert == nil) - sysfatal("no certificate specified"); conn = (TLSconn*)mallocz(sizeof *conn, 1); if(conn == nil) sysfatal("out of memory"); - conn->chain = readcertchain(cert); - if(conn->chain == nil) - sysfatal("%r"); - conn->cert = conn->chain->pem; - conn->certlen = conn->chain->pemlen; - conn->chain = conn->chain->next; + + if(auth){ + AuthInfo *ai; + + ai = auth_proxy(0, nil, "proto=p9any role=server %s", keyspec); + if(ai == nil) + sysfatal("auth_proxy: %r"); + + if(auth_chuid(ai, nil) < 0) + sysfatal("auth_chuid: %r"); + + conn->pskID = "p9secret"; + conn->psk = ai->secret; + conn->psklen = ai->nsecret; + } + + if(cert){ + conn->chain = readcertchain(cert); + if(conn->chain == nil) + sysfatal("%r"); + conn->cert = conn->chain->pem; + conn->certlen = conn->chain->pemlen; + conn->chain = conn->chain->next; + } + + if(conn->cert == nil && conn->psklen == 0) + sysfatal("no certificate or shared secret"); + if(debug) conn->trace = reporter; - fd = tlsServer(1, conn); + fd = tlsServer(0, conn); if(fd < 0){ reporter("failed: %r"); exits(0); @@ -87,6 +115,8 @@ main(int argc, char *argv[]) dup(fd, 0); dup(fd, 1); + if(fd > 1) + close(fd); exec(*argv, argv); reporter("can't exec %s: %r", *argv); |