ref: 48a4cc7cb98050a324ed2d2d4acae901cf072b35
parent: 496817c742f8bc9a625c3fb77dd7332e75f89be6
author: Jacob Moody <moody@posixcafe.org>
date: Sat Jul 8 13:38:54 EDT 2023
add TLSCLIENT_ASKPASS for a maybe less bad password solution for scripts.
--- a/cpu.c
+++ b/cpu.c
@@ -18,7 +18,7 @@
char *argv0;
char *authserver;
-static char *user, *pass;
+static char *user, *pass, *askpass;
char *shell[] = {"rc", "-i"};@@ -57,6 +57,32 @@
return fd;
}
+static void
+doaskpass(void)
+{+ int p[2];
+
+ pipe(p);
+ switch(fork()){+ case -1:
+ sysfatal("fork");+ case 0:
+ close(p[0]);
+ dup2(p[1], 1);
+ execlp(askpass, askpass, nil);
+ sysfatal("failed to exec askpass");+ break;
+ default:
+ close(p[1]);
+ pass = mallocz(1024, 1);
+ int n = read(p[0], pass, 1024);
+ if(n <= 1)
+ sysfatal("askpass gave empty password");+ pass[n-1] = 0;
+ break;
+ }
+}
+
//clean exit signal handler
void suicide(int num) { exit(0); }@@ -123,8 +149,12 @@
if(user == nil || host == nil || authserver == nil || port == nil)
usage();
- if(pass == nil)
- pass = getpass("password:");+ if(pass == nil){+ if((askpass = getenv("TLSCLIENT_ASKPASS")) != nil)+ doaskpass();
+ else
+ pass = getpass("password:");+ }
SSL_library_init();
OpenSSL_add_all_algorithms();
--- a/tlsclient.1
+++ b/tlsclient.1
@@ -51,5 +51,18 @@
mode, if
.I command
is not specified a rc login shell is used.
+.SH PASSWORDS
+By default
+.B tlsclient
+will ask for the users' password through
+.BR getpass (3).
+For non interactive use the
+.I PASS
+environment variable may be used to specify
+the password literal and
+.I TLSCLIENT_ASKPASS
+may be set to a program that will be executed
+to provide the password on stdout.
.SH BUGS
-Well, if you want 'em.
+The lack of factotum and portable namespaces make
+this password business not fun.