shithub: tlsclient

Download patch

ref: 0218ed493dde5836d5d78d973f6fa1e24ed4b9c1
parent: f384883d5a02d80c4cd26087e9194a18243ce668
author: Jacob Moody <[email protected]>
date: Tue Jul 5 19:53:06 EDT 2022

tidy

tlsclient -R defaults to rc -i
delete 9cpu, user can make their own script
add manpage

--- a/9cpu
+++ /dev/null
@@ -1,33 +1,0 @@
-#!/bin/sh
-
-auth=$AUTH
-user=$USER
-cpu=$CPU
-
-while :; do
-	case $1 in
-		-a)
-			auth=$2
-			shift
-			;;
-		-u)
-			user=$2
-			shift
-			;;
-		-h)
-			cpu=$2
-			shift
-			;;
-		*)
-			break;
-	esac
-	shift
-done
-
-cmd="rc -i"
-
-if [ "$#" -ne 0 ]; then
-	cmd=$*
-fi
-
-USER=$user AUTH=$auth CPU=$cpu tlsclient -R $cmd
--- a/Makefile
+++ b/Makefile
@@ -52,10 +52,10 @@
 libsec/libsec.a:
 	(cd libsec; $(MAKE))
 
-linuxdist: tlsclient pam_p9.so 9cpu
-	tar cf tlsclient.tar tlsclient pam_p9.so 9cpu
+linuxdist: tlsclient pam_p9.so
+	tar cf tlsclient.tar tlsclient pam_p9.so
 	gzip tlsclient.tar
 
-obsddist: tlsclient login_-dp9ik 9cpu
-	tar cf tlsclient-obsd.tar tlsclient 9cpu login_-dp9ik
+obsddist: tlsclient login_-dp9ik
+	tar cf tlsclient-obsd.tar tlsclient login_-dp9ik
 	gzip tlsclient-obsd.tar
--- a/cpu.c
+++ b/cpu.c
@@ -1,6 +1,3 @@
-/*
- * cpu.c - Make a connection to a cpu server
- */
 #include <stdio.h>
 #include <unistd.h>
 #include <stdlib.h>
@@ -23,6 +20,8 @@
 char *authserver;
 static char *user, *pass;
 
+char *shell[] = {"rc", "-i"};
+
 SSL_CTX *ssl_ctx;
 SSL *ssl_conn;
 
@@ -42,9 +41,6 @@
 	return nsecret;
 }
 
-/*
- * p9any authentication followed by tls-psk encryption
- */
 static int
 p9authtls(int fd)
 {
@@ -51,6 +47,7 @@
 	ai = p9any(user, pass, fd);
 	if(ai == nil)
 		sysfatal("can't authenticate");
+	memset(pass, 0, strlen(pass));
 
 	SSL_set_fd(ssl_conn, fd);
 	if(SSL_connect(ssl_conn) < 0)
@@ -59,6 +56,9 @@
 	return fd;
 }
 
+//clean exit signal handler
+void suicide(int num) { exit(0); }
+
 typedef size_t (*iofunc)(int, void*, size_t);
 size_t tls_send(int f, void *b, size_t n) { return SSL_write(ssl_conn, b, n); }
 size_t tls_recv(int f, void *b, size_t n) { return SSL_read(ssl_conn, b, n); }
@@ -71,20 +71,11 @@
 	char buf[12*1024];
 	size_t n;
 	
-	while((n = recvf(from, buf, sizeof buf)) > 0){
-		if(sendf(to, buf, n) < 0)
-			break;
-	}
-
+	while((n = recvf(from, buf, sizeof buf)) > 0 && sendf(to, buf, n) == n)
+		;
 }
 
 void
-suicide(int num)
-{
-	exit(0);
-}
-
-void
 usage(void)
 {
 	fprint(2, "Usage: %s [ -R ] [ -u user ] [ -h host ] [ -a authserver ] -p port cmd...\n", argv0);
@@ -105,9 +96,9 @@
 	int pout[2];
 	int infd, outfd;
 	int i;
-	pid_t execc, xferc;
+	pid_t xferc;
 
-	execc = xferc = 0;
+	xferc = 0;
 	Rflag = 0;
 	infd = 0;
 	outfd = 1;
@@ -146,7 +137,7 @@
 	if(*argv && !Rflag){
 		pipe(pin);
 		pipe(pout);
-		switch((execc = fork())){
+		switch(fork()){
 		case -1:
 			sysfatal("fork");
 		case 0:
@@ -164,13 +155,15 @@
 	}
 
 	fd = unix_dial(host, port);
-	if(fd < 0){
-		sysfatal("Failed to connect to the client");
-	}
-
+	if(fd < 0)
+		sysfatal("failed to connect to the client");
 	p9authtls(fd);
 
-	if(*argv && Rflag) {
+	if(Rflag){
+		if(*argv == nil){
+			argv = shell;
+			argc = nelem(shell);
+		}
 		for(i=0,n=0; i<argc; i++)
 			n += snprint(buf+n, sizeof buf - n - 1, "%s ", argv[i]);
 		if(n <= 0)
@@ -183,9 +176,7 @@
 		tls_send(-1, buf, i);
 	}
 
-	//clean exit
 	signal(SIGUSR1, suicide);
-
 	switch((xferc = fork())){
 	case -1:
 		sysfatal("fork");
@@ -198,8 +189,5 @@
 		break;
 	}
 	kill(xferc, SIGUSR1);
-
-	if(execc)
-		kill(execc, SIGTERM);
 }
 
--- /dev/null
+++ b/tlsclient.1
@@ -1,0 +1,55 @@
+.TH TLSCLIENT 1
+.SH NAME
+tlsclient \- 9front tls client
+.SH SYNOPSIS
+.B tlsclient
+[
+.B -R
+]
+[
+.B -u
+.I user
+]
+[
+.B -h
+.I host
+]
+[
+.B -a
+.I auth
+]
+.B -p
+.I port
+command...
+.SH DESCRIPTION
+.B Tlsclient
+may be used to establish encrypted tls tunnels with 9front
+.B tlssrv
+servers using p9any to derive pre-shared keys. The
+.BR -u ,
+.BR -h ,
+and
+.B -a
+flags configure the paramaters for authentication.
+These paramaters may also be configured through the
+.IR USER ,
+.IR CPU ,
+and
+.IR AUTH ,
+environment variables respectively.
+.PP
+The
+.I command
+given is executed on the client, with its
+standard input and output pointing to the output and input
+of the remote connection. The
+.B -R
+flag changes this behavior, causing the
+.I command
+to be executed on the remote system in a
+similar fashion to 9front's rcpu. In this
+mode, if
+.I command
+is not specified a rc login shell is used.
+.SH BUGS
+Well, if you want 'em.