ref: 0218ed493dde5836d5d78d973f6fa1e24ed4b9c1
parent: f384883d5a02d80c4cd26087e9194a18243ce668
author: Jacob Moody <[email protected]>
date: Tue Jul 5 19:53:06 EDT 2022
tidy tlsclient -R defaults to rc -i delete 9cpu, user can make their own script add manpage
--- a/9cpu
+++ /dev/null
@@ -1,33 +1,0 @@
-#!/bin/sh
-
-auth=$AUTH
-user=$USER
-cpu=$CPU
-
-while :; do
- case $1 in
- -a)
- auth=$2
- shift
- ;;
- -u)
- user=$2
- shift
- ;;
- -h)
- cpu=$2
- shift
- ;;
- *)
- break;
- esac
- shift
-done
-
-cmd="rc -i"
-
-if [ "$#" -ne 0 ]; then
- cmd=$*
-fi
-
-USER=$user AUTH=$auth CPU=$cpu tlsclient -R $cmd
--- a/Makefile
+++ b/Makefile
@@ -52,10 +52,10 @@
libsec/libsec.a:
(cd libsec; $(MAKE))
-linuxdist: tlsclient pam_p9.so 9cpu
- tar cf tlsclient.tar tlsclient pam_p9.so 9cpu
+linuxdist: tlsclient pam_p9.so
+ tar cf tlsclient.tar tlsclient pam_p9.so
gzip tlsclient.tar
-obsddist: tlsclient login_-dp9ik 9cpu
- tar cf tlsclient-obsd.tar tlsclient 9cpu login_-dp9ik
+obsddist: tlsclient login_-dp9ik
+ tar cf tlsclient-obsd.tar tlsclient login_-dp9ik
gzip tlsclient-obsd.tar
--- a/cpu.c
+++ b/cpu.c
@@ -1,6 +1,3 @@
-/*
- * cpu.c - Make a connection to a cpu server
- */
#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
@@ -23,6 +20,8 @@
char *authserver;
static char *user, *pass;
+char *shell[] = {"rc", "-i"};
+
SSL_CTX *ssl_ctx;
SSL *ssl_conn;
@@ -42,9 +41,6 @@
return nsecret;
}
-/*
- * p9any authentication followed by tls-psk encryption
- */
static int
p9authtls(int fd)
{
@@ -51,6 +47,7 @@
ai = p9any(user, pass, fd);
if(ai == nil)
sysfatal("can't authenticate");
+ memset(pass, 0, strlen(pass));
SSL_set_fd(ssl_conn, fd);
if(SSL_connect(ssl_conn) < 0)
@@ -59,6 +56,9 @@
return fd;
}
+//clean exit signal handler
+void suicide(int num) { exit(0); }
+
typedef size_t (*iofunc)(int, void*, size_t);
size_t tls_send(int f, void *b, size_t n) { return SSL_write(ssl_conn, b, n); }
size_t tls_recv(int f, void *b, size_t n) { return SSL_read(ssl_conn, b, n); }
@@ -71,20 +71,11 @@
char buf[12*1024];
size_t n;
- while((n = recvf(from, buf, sizeof buf)) > 0){
- if(sendf(to, buf, n) < 0)
- break;
- }
-
+ while((n = recvf(from, buf, sizeof buf)) > 0 && sendf(to, buf, n) == n)
+ ;
}
void
-suicide(int num)
-{
- exit(0);
-}
-
-void
usage(void)
{
fprint(2, "Usage: %s [ -R ] [ -u user ] [ -h host ] [ -a authserver ] -p port cmd...\n", argv0);
@@ -105,9 +96,9 @@
int pout[2];
int infd, outfd;
int i;
- pid_t execc, xferc;
+ pid_t xferc;
- execc = xferc = 0;
+ xferc = 0;
Rflag = 0;
infd = 0;
outfd = 1;
@@ -146,7 +137,7 @@
if(*argv && !Rflag){
pipe(pin);
pipe(pout);
- switch((execc = fork())){
+ switch(fork()){
case -1:
sysfatal("fork");
case 0:
@@ -164,13 +155,15 @@
}
fd = unix_dial(host, port);
- if(fd < 0){
- sysfatal("Failed to connect to the client");
- }
-
+ if(fd < 0)
+ sysfatal("failed to connect to the client");
p9authtls(fd);
- if(*argv && Rflag) {
+ if(Rflag){
+ if(*argv == nil){
+ argv = shell;
+ argc = nelem(shell);
+ }
for(i=0,n=0; i<argc; i++)
n += snprint(buf+n, sizeof buf - n - 1, "%s ", argv[i]);
if(n <= 0)
@@ -183,9 +176,7 @@
tls_send(-1, buf, i);
}
- //clean exit
signal(SIGUSR1, suicide);
-
switch((xferc = fork())){
case -1:
sysfatal("fork");
@@ -198,8 +189,5 @@
break;
}
kill(xferc, SIGUSR1);
-
- if(execc)
- kill(execc, SIGTERM);
}
--- /dev/null
+++ b/tlsclient.1
@@ -1,0 +1,55 @@
+.TH TLSCLIENT 1
+.SH NAME
+tlsclient \- 9front tls client
+.SH SYNOPSIS
+.B tlsclient
+[
+.B -R
+]
+[
+.B -u
+.I user
+]
+[
+.B -h
+.I host
+]
+[
+.B -a
+.I auth
+]
+.B -p
+.I port
+command...
+.SH DESCRIPTION
+.B Tlsclient
+may be used to establish encrypted tls tunnels with 9front
+.B tlssrv
+servers using p9any to derive pre-shared keys. The
+.BR -u ,
+.BR -h ,
+and
+.B -a
+flags configure the paramaters for authentication.
+These paramaters may also be configured through the
+.IR USER ,
+.IR CPU ,
+and
+.IR AUTH ,
+environment variables respectively.
+.PP
+The
+.I command
+given is executed on the client, with its
+standard input and output pointing to the output and input
+of the remote connection. The
+.B -R
+flag changes this behavior, causing the
+.I command
+to be executed on the remote system in a
+similar fashion to 9front's rcpu. In this
+mode, if
+.I command
+is not specified a rc login shell is used.
+.SH BUGS
+Well, if you want 'em.