sys/src/cmd/tlssrv.c

   1 #include <u.h>
   2 #include <libc.h>
   3 #include <bio.h>
   4 #include <mp.h>
   5 #include <libsec.h>
   6 #include <auth.h>
   7
   8 int debug, auth;
   9 char *keyspec = "";
  10 char *remotesys = "";
  11 char *logfile = nil;
  12
  13 static int
  14 reporter(char *fmt, ...)
  15 {
  16         va_list ap;
  17         char buf[2000];
  18
  19         va_start(ap, fmt);
  20         if(logfile){
  21                 vsnprint(buf, sizeof buf, fmt, ap);
  22                 syslog(0, logfile, "%s tls reports %s", remotesys, buf);
  23         }else{
  24                 fprint(2, "%s: %s tls reports ", argv0, remotesys);
  25                 vfprint(2, fmt, ap);
  26                 fprint(2, "\n");
  27         }
  28         va_end(ap);
  29         return 0;
  30 }
  31
  32 void
  33 usage(void)
  34 {
  35         fprint(2, "usage: tlssrv [-D] -[aA] [-k keyspec]] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
  36         fprint(2, "  after  auth/secretpem key.pem > /mnt/factotum/ctl\n");
  37         exits("usage");
  38 }
  39
  40 void
  41 main(int argc, char *argv[])
  42 {
  43         TLSconn *conn;
  44         char *cert;
  45         int fd;
  46
  47         cert = nil;
  48         ARGBEGIN{
  49         case 'D':
  50                 debug++;
  51                 break;
  52         case 'a':
  53                 auth = 1;
  54                 break;
  55         case 'A':
  56                 auth = -1;      /* authenticate, but dont change user */
  57                 break;
  58         case 'k':
  59                 keyspec = EARGF(usage());
  60                 break;
  61         case 'c':
  62                 cert = EARGF(usage());
  63                 break;
  64         case 'l':
  65                 logfile = EARGF(usage());
  66                 break;
  67         case 'r':
  68                 remotesys = EARGF(usage());
  69                 break;
  70         default:
  71                 usage();
  72         }ARGEND
  73
  74         if(*argv == nil)
  75                 usage();
  76
  77         conn = (TLSconn*)mallocz(sizeof *conn, 1);
  78         if(conn == nil)
  79                 sysfatal("out of memory");
  80
  81         if(auth){
  82                 AuthInfo *ai;
  83
  84                 ai = auth_proxy(0, nil, "proto=p9any role=server %s", keyspec);
  85                 if(ai == nil)
  86                         sysfatal("auth_proxy: %r");
  87
  88                 if(auth == 1)
  89                 if(auth_chuid(ai, nil) < 0)
  90                         sysfatal("auth_chuid: %r");
  91
  92                 conn->pskID = "p9secret";
  93                 conn->psk = ai->secret;
  94                 conn->psklen = ai->nsecret;
  95         }
  96
  97         if(cert){
  98                 conn->chain = readcertchain(cert);
  99                 if(conn->chain == nil)
 100                         sysfatal("%r");
 101                 conn->cert = conn->chain->pem;
 102                 conn->certlen = conn->chain->pemlen;
 103                 conn->chain = conn->chain->next;
 104         }
 105
 106         if(conn->cert == nil && conn->psklen == 0)
 107                 sysfatal("no certificate or shared secret");
 108
 109         if(debug)
 110                 conn->trace = reporter;
 111
 112         fd = tlsServer(0, conn);
 113         if(fd < 0){
 114                 reporter("failed: %r");
 115                 exits(0);
 116         }
 117         if(debug)
 118                 reporter("open");
 119
 120         dup(fd, 0);
 121         dup(fd, 1);
 122         if(fd > 1)
 123                 close(fd);
 124
 125         exec(*argv, argv);
 126         reporter("can't exec %s: %r", *argv);
 127         exits("exec");
 128 }