shithub: tlsclient

Info  •  Files  •  Log  •  Branches

add login_-dp9ik

--- a/Make.config

+++ b/Make.config

@@ -1,9 +1,12 @@

 AR=ar

 RANLIB=ranlib

-CC=gcc

 CFLAGS=-Wall -Wno-missing-braces -Wno-parentheses -ggdb -I$(ROOT) -I$(ROOT)/include -c -D_THREAD_SAFE -O2 -fPIC

 O=o

 LDADD=

 TARG=tlsclient

+

+# For OpenBSD switch these two following lines

+OPENSSL=openssl

+#OPENSSL=eopnssl11

 all: default

--- a/Makefile

+++ b/Makefile

@@ -12,13 +12,16 @@

 default: $(TARG)

 $(TARG): $(LIBS) $(OFILES)

-	$(CC) `pkg-config openssl --libs` $(LDFLAGS) -o $(TARG) $(OFILES) $(LIBS) $(LDADD)

+	$(CC) `pkg-config $(OPENSSL) --libs` $(LDFLAGS) -o $(TARG) $(OFILES) $(LIBS) $(LDADD)

+login_-dp9ik: $(LIBS) p9any.$O bsd.$O

+	$(CC) -o login_-dp9ik p9any.$O bsd.$O $(LIBS)

+

 pam_p9.so: $(LIBS) p9any.$O pam.$O

 	$(CC) -shared -o pam_p9.so p9any.$O pam.$O $(LIBS)

 cpu.$O: cpu.c

-	$(CC) `pkg-config openssl --cflags` $(CFLAGS) cpu.c -o cpu.o

+	$(CC) `pkg-config $(OPENSSL) --cflags` $(CFLAGS) cpu.c -o cpu.o

 p9any.$O: p9any.c

 	$(CC) $(CFLAGS) p9any.c -o p9any.o

@@ -26,9 +29,12 @@

 pam.$O: pam.c

 	$(CC) $(CFLAGS) pam.c -o pam.o

+bsd.$O: bsd.c

+	$(CC) $(CFLAGS) bsd.c -o bsd.o

+

 .PHONY: clean

 clean:

-	rm -f *.o */*.o */*.a *.a $(TARG) pam_p9.so

+	rm -f *.o */*.o */*.a *.a $(TARG) pam_p9.so login_-dp9ik

 .PHONY: libauthsrv/libauthsrv.a

 libauthsrv/libauthsrv.a:

--- a/README

+++ b/README

@@ -5,6 +5,7 @@

 	tlsclient: tlsclient(1) on unix

 	git-remote-hjgit: git remote helper for using hjgit repos.

 	pam_p9.so: A pam module that authenticates against a 9front auth server.

+	login_-dp9ik: An OpenBSD bsd auth executable that auths against a 9front auth server.

 Most of the tlsclient code is pillaged from jsdrawterm: https://github.com/aiju/jsdrawterm

 The main difference between tlsclient and drawterm is that tlsclient has stripped out the

@@ -20,3 +21,7 @@

 	# with git-remote-hjgit in your $PATH

 	git clone hjgit://shithub.us/user/repo

+

+OpenBSD:

+	OpenBSD uses LibreSSL in place of OpenSSL. Unfortunately LibreSSL does

+	have all we need. Tweak Make.config as needed.

--- /dev/null

+++ b/bsd.c

@@ -1,0 +1,143 @@

+#include <sys/types.h>

+#include <sys/resource.h>

+

+#include <errno.h>

+#include <pwd.h>

+#include <readpassphrase.h>

+#include <signal.h>

+#include <stdio.h>

+#include <stdlib.h>

+#include <string.h>

+#include <syslog.h>

+#include <unistd.h>

+#include <util.h>

+#include <login_cap.h>

+

+#undef login

+

+#include <u.h>

+#include <args.h>

+#include <libc.h>

+#include <auth.h>

+#include <authsrv.h>

+#include <libsec.h>

+

+#include "fncs.h"

+

+char *authserver;

+

+int

+main(int argc, char *argv[])

+{

+	FILE *back = NULL;

+	char *class = NULL, *username = NULL, *wheel = NULL;

+	char response[1024], pbuf[1024], *pass = "";

+	int ch, mode = 0, lastchance = 0, fd = -1;

+	AuthInfo *ai;

+

+	(void)signal(SIGQUIT, SIG_IGN);

+	(void)signal(SIGINT, SIG_IGN);

+	(void)setpriority(PRIO_PROCESS, 0, 0);

+

+	openlog(NULL, LOG_ODELAY, LOG_AUTH);

+

+	while ((ch = getopt(argc, argv, "ds:v:")) != -1) {

+		switch (ch) {

+		case 'd':

+			back = stdout;

+			break;

+		case 's':	/* service */

+			if (strcmp(optarg, "login") == 0)

+				mode = 0;

+			else if (strcmp(optarg, "challenge") == 0)

+				mode = 1;

+			else if (strcmp(optarg, "response") == 0)

+				mode = 2;

+			else {

+				syslog(LOG_ERR, "%s: invalid service", optarg);

+				exit(1);

+			}

+			break;

+		case 'v':

+			if (strncmp(optarg, "wheel=", 6) == 0)

+				wheel = optarg + 6;

+			else if (strncmp(optarg, "lastchance=", 11) == 0)

+				lastchance = (strcmp(optarg + 11, "yes") == 0);

+			else if (strncmp(optarg, "authserver=", 11) == 0)

+				authserver = optarg + 11;

+			break;

+		default:

+			syslog(LOG_ERR, "usage error");

+			exit(1);

+		}

+	}

+

+	switch (argc - optind) {

+	case 2:

+		class = argv[optind + 1];

+		/* FALLTHROUGH */

+	case 1:

+		username = argv[optind];

+		break;

+	default:

+		syslog(LOG_ERR, "usage error");

+		exit(1);

+	}

+

+	if (back == NULL && (back = fdopen(3, "r+")) == NULL) {

+		syslog(LOG_ERR, "reopening back channel: %m");

+		exit(1);

+	}

+	if (wheel != NULL && strcmp(wheel, "yes") != 0) {

+		fprintf(back, BI_VALUE " errormsg %s\n",

+		    "you are not in group wheel");

+		fprintf(back, BI_REJECT "\n");

+		exit(1);

+	}

+

+	if (mode == 1) {

+		fprintf(back, BI_SILENT "\n");

+		exit(0);

+	}

+

+	(void)setpriority(PRIO_PROCESS, 0, -4);

+

+	if (mode == 2) {

+		mode = 0;

+		ch = -1;

+		while (++ch < sizeof(response) &&

+		    read(3, &response[ch], 1) == 1) {

+			if (response[ch] == '\0' && ++mode == 2)

+				break;

+			if (response[ch] == '\0' && mode == 1)

+				pass = response + ch + 1;

+		}

+		if (mode < 2) {

+			syslog(LOG_ERR, "protocol error on back channel");

+			exit(1);

+		}

+	} else {

+		pass = readpassphrase("Password:", pbuf, sizeof(pbuf),

+		    RPP_ECHO_OFF);

+	}

+

+	if (pass == NULL){

+		fprintf(back, BI_REJECT "\n");

+		exit(1);

+	}

+

+	fd = unix_dial(authserver, "17019");

+	if(fd < 0){

+		fprintf(back, BI_REJECT "\n");

+		exit(1);

+	}

+

+	ai = p9any(username, pass, fd);

+	if(ai == nil){

+		fprintf(back, BI_REJECT "\n");

+		exit(1);

+	}

+

+	fprintf(back, BI_AUTH "\n");

+	exit(0);

+}

--- a/include/auth.h

+++ b/include/auth.h

@@ -91,8 +91,6 @@

 extern	int	noworld(char*);

 extern	int	amount(int, char*, int, char*);

-extern	int	login(char*, char*, char*);

-

 typedef struct Attr Attr;

 enum {

 	AttrNameval,		/* name=val -- when matching, must have name=val */