vmx: reset virtio queue state on device reset

[plan9front.git] / sys / src / cmd / tlssrv.c

diff --git a/sys/src/cmd/tlssrv.c b/sys/src/cmd/tlssrv.c
index 417855339f222b877f4f60d2a6a6e790afbb4df4..cd94e03c045e5ee1c58cc836f9b5d481ce4e17f9 100644 (file)
--- a/sys/src/cmd/tlssrv.c
+++ b/sys/src/cmd/tlssrv.c
@@ -3,10 +3,12 @@
 #include <bio.h>
 #include <mp.h>
 #include <libsec.h>
+#include <auth.h>
 
+int debug, auth;
+char *keyspec = "";
 char *remotesys = "";
 char *logfile = nil;
-int debug = 0;
 
 static int
 reporter(char *fmt, ...)
@@ -30,8 +32,7 @@ reporter(char *fmt, ...)
 void
 usage(void)
 {
-       fprint(2, "usage: tlssrv -c cert [-D] [-l logfile] [-r remotesys] [cmd args...]\n");
-       fprint(2, "  after  auth/secretpem key.pem > /mnt/factotum/ctl\n");
+       fprint(2, "usage: tlssrv [-D] -[aA] [-k keyspec]] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
        exits("usage");
 }
 
@@ -47,6 +48,15 @@ main(int argc, char *argv[])
        case 'D':
                debug++;
                break;
+       case 'a':
+               auth = 1;
+               break;
+       case 'A':
+               auth = -1;      /* authenticate, but dont change user */
+               break;
+       case 'k':
+               keyspec = EARGF(usage());
+               break;
        case 'c':
                cert = EARGF(usage());
                break;
@@ -60,21 +70,54 @@ main(int argc, char *argv[])
                usage();
        }ARGEND
 
-       if(cert == nil)
-               sysfatal("no certificate specified");
+       if(*argv == nil)
+               usage();
+
        conn = (TLSconn*)mallocz(sizeof *conn, 1);
        if(conn == nil)
                sysfatal("out of memory");
-       conn->chain = readcertchain(cert);
-       if(conn->chain == nil)
-               sysfatal("can't read certificate %s", cert);
-       conn->cert = conn->chain->pem;
-       conn->certlen = conn->chain->pemlen;
-       conn->chain = conn->chain->next;
+
+       if(auth){
+               AuthInfo *ai;
+
+               ai = auth_proxy(0, nil, "proto=p9any role=server %s", keyspec);
+               if(ai == nil)
+                       sysfatal("auth_proxy: %r");
+
+               if(auth == 1){
+                       Dir nd;
+
+                       if(auth_chuid(ai, nil) < 0)
+                               sysfatal("auth_chuid: %r");
+
+                       /* chown network connection */
+                       nulldir(&nd);
+                       nd.mode = 0660;
+                       nd.uid = ai->cuid;
+                       dirfwstat(0, &nd);
+               }
+
+               conn->pskID = "p9secret";
+               conn->psk = ai->secret;
+               conn->psklen = ai->nsecret;
+       }
+
+       if(cert){
+               conn->chain = readcertchain(cert);
+               if(conn->chain == nil)
+                       sysfatal("%r");
+               conn->cert = conn->chain->pem;
+               conn->certlen = conn->chain->pemlen;
+               conn->chain = conn->chain->next;
+       }
+
+       if(conn->cert == nil && conn->psklen == 0)
+               sysfatal("no certificate or shared secret");
+
        if(debug)
                conn->trace = reporter;
 
-       fd = tlsServer(1, conn);
+       fd = tlsServer(0, conn);
        if(fd < 0){
                reporter("failed: %r");
                exits(0);
@@ -84,9 +127,8 @@ main(int argc, char *argv[])
 
        dup(fd, 0);
        dup(fd, 1);
-
-       if(*argv == nil)
-               *--argv = "/bin/cat";
+       if(fd > 1)
+               close(fd);
 
        exec(*argv, argv);
        reporter("can't exec %s: %r", *argv);