shithub: tlsclient

Download patch

ref: 48a4cc7cb98050a324ed2d2d4acae901cf072b35
parent: 496817c742f8bc9a625c3fb77dd7332e75f89be6
author: Jacob Moody <[email protected]>
date: Sat Jul 8 13:38:54 EDT 2023

add TLSCLIENT_ASKPASS for a maybe less bad password solution for
scripts.

--- a/cpu.c
+++ b/cpu.c
@@ -18,7 +18,7 @@
 char *argv0;
 
 char *authserver;
-static char *user, *pass;
+static char *user, *pass, *askpass;
 
 char *shell[] = {"rc", "-i"};
 
@@ -57,6 +57,32 @@
 	return fd;
 }
 
+static void
+doaskpass(void)
+{
+	int p[2];
+
+	pipe(p);
+	switch(fork()){
+	case -1:
+		sysfatal("fork");
+	case 0:
+		close(p[0]);
+		dup2(p[1], 1);
+		execlp(askpass, askpass, nil);
+		sysfatal("failed to exec askpass");
+		break;
+	default:
+		close(p[1]);
+		pass = mallocz(1024, 1);
+		int n = read(p[0], pass, 1024);
+		if(n <= 1)
+			sysfatal("askpass gave empty password");
+		pass[n-1] = 0;
+		break;
+	}
+}
+
 //clean exit signal handler
 void suicide(int num) { exit(0); }
 
@@ -123,8 +149,12 @@
 	if(user == nil || host == nil || authserver == nil || port == nil)
 		usage();
 
-	if(pass == nil)
-		pass = getpass("password:");
+	if(pass == nil){
+		if((askpass = getenv("TLSCLIENT_ASKPASS")) != nil)
+			doaskpass();
+		else
+			pass = getpass("password:");
+	}
 
 	SSL_library_init();
 	OpenSSL_add_all_algorithms();
--- a/tlsclient.1
+++ b/tlsclient.1
@@ -51,5 +51,18 @@
 mode, if
 .I command
 is not specified a rc login shell is used.
+.SH PASSWORDS
+By default
+.B tlsclient
+will ask for the users' password through
+.BR getpass (3).
+For non interactive use the
+.I PASS
+environment variable may be used to specify
+the password literal and
+.I TLSCLIENT_ASKPASS
+may be set to a program that will be executed
+to provide the password on stdout.
 .SH BUGS
-Well, if you want 'em.
+The lack of factotum and portable namespaces make
+this password business not fun.