X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=sys%2Fsrc%2Fcmd%2Ftlssrv.c;h=274b5c6c592206f2e4ff364e85130e3c85ddf95d;hb=d904a57e1763ac884a749b04f19f3e490a4cec88;hp=d9d24489c1c1acd227e7397fa1c4f9b2e19a2138;hpb=fdeea811b7f309e1bd542a0a23fd382e332b2c2e;p=plan9front.git

diff --git a/sys/src/cmd/tlssrv.c b/sys/src/cmd/tlssrv.c
index d9d24489c..274b5c6c5 100644
--- a/sys/src/cmd/tlssrv.c
+++ b/sys/src/cmd/tlssrv.c
@@ -3,10 +3,12 @@
 #include <bio.h>
 #include <mp.h>
 #include <libsec.h>
+#include <auth.h>
 
+int debug, auth;
+char *keyspec = "";
 char *remotesys = "";
 char *logfile = nil;
-int debug = 0;
 
 static int
 reporter(char *fmt, ...)
@@ -30,8 +32,7 @@ reporter(char *fmt, ...)
 void
 usage(void)
 {
-	fprint(2, "usage: tlssrv -c cert [-D] [-l logfile] [-r remotesys] cmd [args...]\n");
-	fprint(2, "  after  auth/secretpem key.pem > /mnt/factotum/ctl\n");
+	fprint(2, "usage: tlssrv [-D] -[aA] [-k keyspec]] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
 	exits("usage");
 }
 
@@ -47,6 +48,15 @@ main(int argc, char *argv[])
 	case 'D':
 		debug++;
 		break;
+	case 'a':
+		auth = 1;
+		break;
+	case 'A':
+		auth = -1;	/* authenticate, but dont change user */
+		break;
+	case 'k':
+		keyspec = EARGF(usage());
+		break;
 	case 'c':
 		cert = EARGF(usage());
 		break;
@@ -63,21 +73,42 @@ main(int argc, char *argv[])
 	if(*argv == nil)
 		usage();
 
-	if(cert == nil)
-		sysfatal("no certificate specified");
 	conn = (TLSconn*)mallocz(sizeof *conn, 1);
 	if(conn == nil)
 		sysfatal("out of memory");
-	conn->chain = readcertchain(cert);
-	if(conn->chain == nil)
-		sysfatal("%r");
-	conn->cert = conn->chain->pem;
-	conn->certlen = conn->chain->pemlen;
-	conn->chain = conn->chain->next;
+
+	if(auth){
+		AuthInfo *ai;
+
+		ai = auth_proxy(0, nil, "proto=p9any role=server %s", keyspec);
+		if(ai == nil)
+			sysfatal("auth_proxy: %r");
+
+		if(auth == 1)
+		if(auth_chuid(ai, nil) < 0)
+			sysfatal("auth_chuid: %r");
+
+		conn->pskID = "p9secret";
+		conn->psk = ai->secret;
+		conn->psklen = ai->nsecret;
+	}
+
+	if(cert){
+		conn->chain = readcertchain(cert);
+		if(conn->chain == nil)
+			sysfatal("%r");
+		conn->cert = conn->chain->pem;
+		conn->certlen = conn->chain->pemlen;
+		conn->chain = conn->chain->next;
+	}
+
+	if(conn->cert == nil && conn->psklen == 0)
+		sysfatal("no certificate or shared secret");
+
 	if(debug)
 		conn->trace = reporter;
 
-	fd = tlsServer(1, conn);
+	fd = tlsServer(0, conn);
 	if(fd < 0){
 		reporter("failed: %r");
 		exits(0);
@@ -87,6 +118,8 @@ main(int argc, char *argv[])
 
 	dup(fd, 0);
 	dup(fd, 1);
+	if(fd > 1)
+		close(fd);
 
 	exec(*argv, argv);
 	reporter("can't exec %s: %r", *argv);