ref: 2bbc75bddc6f2a07056ff017108e35f14061041b
parent: 2cdc6577ef8a251bf1740439cf5bfc47050dab41
parent: cfad51df72ba8e13e685e9246cb42cbf67191635
author: grobe0ba <[email protected]>
date: Sat Jul 22 03:41:31 EDT 2023
Merge branch 'upstream'
--- a/Make.config
+++ b/Make.config
@@ -8,4 +8,5 @@
all: default
PREFIX ?= /usr
+SBIN ?= /sbin
OPENSSL ?= openssl
--- a/Makefile
+++ b/Makefile
@@ -84,9 +84,14 @@
.PHONY: mount.9ptls.install
mount.9ptls.install: mount.9ptls mount.9ptls.8
- mkdir -p $(PREFIX)/share/man/man8/
- install -m755 mount.9ptls /sbin/
+ mkdir -p $(PREFIX)/share/man/man8/ $(SBIN)
+ install -m755 mount.9ptls $(SBIN)
install -m644 mount.9ptls.8 $(PREFIX)/share/man/man8/
+
+.PHONY: pam.install
+pam.install: pam_p9.so
+ mkdir -p $(PREFIX)/lib/security
+ install -m755 pam_p9.so $(PREFIX)/lib/security
.PHONY: tlsclient.obsd.install
tlsclient.obsd.install: tlsclient.obsd login_-dp9ik tlsclient.1 login_-dp9ik.8
--- a/mount.9ptls.8
+++ b/mount.9ptls.8
@@ -22,7 +22,7 @@
tls tunnel provided by
.Xr tlsclient 1 .
This is accomplished by interpreting the arguments provided,
-setting up the connection and then passing the file descriptiors
+setting up the connection and then passing the file descriptors
to the kernel 9p mount.
.Ar Fileserver
is connected to over TCP, doing DNS resolution as required.
@@ -31,31 +31,30 @@
option is required.
.
.Sh OPTIONS
-The
-.Fl s ,
-.Fl f ,
-.Fl n ,
-.Fl v ,
-and
-.Fl N
-flags are passed to
-.Xr mount 8
-without any interpretation by
-.Nm .
-Most
+The following
.Ar options
-are passed through untouched, with
+are ingested by
+.Nm :
+.Bl -tag -width "-o xa"
+.It Ar port
+The TCP port to connect to the
+.Ar filserver
+on.
+.It Ar auth
+The shared 9front authentication server to use between
.Nm
-ingesting the
-.Ar port
-and
-.Ar auth
+and the
+.Ar fileserver .
+.It Ar askpass
+The program that is executed to prompt the user for their password.
+If this is not specified it defaults to
+.Xr systemd-ask-password 1 .
+.El
+.Pp
+All remaining flags and
.Ar options
-for itself. The former specifying the
-port to connect to
-.Ar fileserver
-on and the later specifying the hostname of the mutal authentication
-server that is to be used in the dp9ik handshake.
+are preserved as-is and passed along to the resulting 9p fs
+mount call.
.
.Sh SEE ALSO
.Xr tlsclient 1 ,
--- a/mount.c
+++ b/mount.c
@@ -26,6 +26,7 @@
static char *port = NULL;
static char *user = NULL;
static char *authbox = NULL;
+static char *askpass = "/usr/bin/env systemd-ask-password";
static void
appendarg(char *s)
@@ -60,6 +61,9 @@
} else if(strcmp(key, "auth") == 0){authbox = strdup(val);
return;
+ } else if(strcmp(key, "askpass") == 0){+ askpass = strdup(val);
+ return;
} else if(strcmp(key, "user") == 0){user = strdup(val);
/* passthrough as well */
@@ -76,12 +80,22 @@
{char *s;
char *key, *val;
+ int inquote;
key = val = NULL;
+ inquote = 0;
for(s = opt; *s != '\0'; s++){+ if(key == NULL)
+ key = s;
+ if(*s == '"'){+ inquote = !inquote;
+ continue;
+ }
+ if(inquote)
+ continue;
switch(*s){case '=':
- if(key == NULL)
+ if(key == s)
errx(EINVAL, "option argument has no key, only a value");
*s = '\0';
if(s[1] == '\0')
@@ -89,7 +103,7 @@
val = s+1;
continue;
case ',':
- if(key == NULL)
+ if(key == s)
errx(EINVAL, "extra comma");
*s = '\0';
appendopt(key, val);
@@ -96,10 +110,10 @@
key = val = NULL;
continue;
}
- if(key == NULL)
- key = s;
}
- if(key != NULL && val != NULL)
+ if(inquote)
+ errx(EINVAL, "unterminated double quote");
+ if(key != NULL)
appendopt(key, val);
_appendopt("trans", "fd");@@ -182,6 +196,7 @@
errx(EINVAL, "a port option must be given");
if(user == NULL && (user = getenv("USER")) == NULL)errx(EINVAL, "user option not given and count not infer");
+ setenv("TLSCLIENT_ASKPASS", askpass, 1);flattenoptions(options, sizeof options);
appendarg("tlsclient");