changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: tlssrv: add -A flag to skip changing user after authentication (usefull for aan)

changeset 5090: 38542f18992f
parent 5089: c5648b05fadb
child 5091: f0545a5cf223
author: cinap_lenrek@felloff.net
date: Sat, 13 Feb 2016 17:24:59 +0100
files: sys/man/8/tlssrv sys/src/cmd/tlssrv.c
description: tlssrv: add -A flag to skip changing user after authentication (usefull for aan)
     1.1--- a/sys/man/8/tlssrv
     1.2+++ b/sys/man/8/tlssrv
     1.3@@ -8,7 +8,7 @@ tlssrv, tlsclient, tlssrvtunnel, tlsclie
     1.4 .B -D
     1.5 ]
     1.6 [
     1.7-.B -a
     1.8+.BR - [ aA ]
     1.9 [
    1.10 .B -k
    1.11 .I keyspec
    1.12@@ -89,12 +89,16 @@ is by convention the same as for the tar
    1.13 is mainly used for logging.
    1.14 If the
    1.15 .B -a
    1.16+or
    1.17+.B -A
    1.18 flag is specified,
    1.19 .B p9any
    1.20 authentication is run before the TLS handshake and the resulting
    1.21 plan9 session secret is used as a pre-shared key for TLS encryption.
    1.22 This enables the use of TLS without certificates and also runs
    1.23-the server command as the authorized user.
    1.24+the server command as the authorized user when the
    1.25+.B -a
    1.26+flag was specified.
    1.27 .PP
    1.28 .I Tlsclient
    1.29 is the reverse of
     2.1--- a/sys/src/cmd/tlssrv.c
     2.2+++ b/sys/src/cmd/tlssrv.c
     2.3@@ -32,7 +32,7 @@ reporter(char *fmt, ...)
     2.4 void
     2.5 usage(void)
     2.6 {
     2.7-	fprint(2, "usage: tlssrv [-a [-k keyspec]] [-c cert] [-D] [-l logfile] [-r remotesys] cmd [args...]\n");
     2.8+	fprint(2, "usage: tlssrv [-D] -[aA] [-k keyspec]] [-c cert] [-l logfile] [-r remotesys] cmd [args...]\n");
     2.9 	fprint(2, "  after  auth/secretpem key.pem > /mnt/factotum/ctl\n");
    2.10 	exits("usage");
    2.11 }
    2.12@@ -50,7 +50,10 @@ main(int argc, char *argv[])
    2.13 		debug++;
    2.14 		break;
    2.15 	case 'a':
    2.16-		auth++;
    2.17+		auth = 1;
    2.18+		break;
    2.19+	case 'A':
    2.20+		auth = -1;	/* authenticate, but dont change user */
    2.21 		break;
    2.22 	case 'k':
    2.23 		keyspec = EARGF(usage());
    2.24@@ -82,6 +85,7 @@ main(int argc, char *argv[])
    2.25 		if(ai == nil)
    2.26 			sysfatal("auth_proxy: %r");
    2.27 
    2.28+		if(auth == 1)
    2.29 		if(auth_chuid(ai, nil) < 0)
    2.30 			sysfatal("auth_chuid: %r");
    2.31