2011-03-30 12:46:40 +00:00
|
|
|
#include <u.h>
|
|
|
|
#include <libc.h>
|
|
|
|
#include <mp.h>
|
|
|
|
#include <libsec.h>
|
2016-02-01 21:49:20 +00:00
|
|
|
#include <auth.h>
|
|
|
|
|
2016-02-14 01:06:08 +00:00
|
|
|
int debug, auth, dialfile;
|
2016-02-01 21:49:20 +00:00
|
|
|
char *keyspec = "";
|
|
|
|
char *servername, *file, *filex, *ccert;
|
2011-03-30 12:46:40 +00:00
|
|
|
|
|
|
|
void
|
|
|
|
usage(void)
|
|
|
|
{
|
2016-02-14 01:06:08 +00:00
|
|
|
fprint(2, "usage: tlsclient [-D] [-a [-k keyspec] ] [-c lib/tls/clientcert] [-t /sys/lib/tls/xxx] [-x /sys/lib/tls/xxx.exclude] [-n servername] [-o] dialstring [cmd [args...]]\n");
|
2011-03-30 12:46:40 +00:00
|
|
|
exits("usage");
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
xfer(int from, int to)
|
|
|
|
{
|
|
|
|
char buf[12*1024];
|
|
|
|
int n;
|
|
|
|
|
|
|
|
while((n = read(from, buf, sizeof buf)) > 0)
|
|
|
|
if(write(to, buf, n) < 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2012-11-15 18:32:53 +00:00
|
|
|
static int
|
|
|
|
reporter(char *fmt, ...)
|
|
|
|
{
|
|
|
|
va_list ap;
|
|
|
|
|
|
|
|
va_start(ap, fmt);
|
|
|
|
fprint(2, "%s: tls reports ", argv0);
|
|
|
|
vfprint(2, fmt, ap);
|
|
|
|
fprint(2, "\n");
|
|
|
|
|
|
|
|
va_end(ap);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2011-03-30 12:46:40 +00:00
|
|
|
void
|
|
|
|
main(int argc, char **argv)
|
|
|
|
{
|
2016-02-01 21:49:20 +00:00
|
|
|
int fd;
|
|
|
|
char *addr;
|
2012-11-15 18:32:53 +00:00
|
|
|
TLSconn *conn;
|
2011-03-30 12:46:40 +00:00
|
|
|
Thumbprint *thumb;
|
2016-02-14 01:06:08 +00:00
|
|
|
AuthInfo *ai = nil;
|
2011-03-30 12:46:40 +00:00
|
|
|
|
2016-02-01 21:49:20 +00:00
|
|
|
fmtinstall('H', encodefmt);
|
|
|
|
|
2011-03-30 12:46:40 +00:00
|
|
|
ARGBEGIN{
|
2016-02-01 21:49:20 +00:00
|
|
|
case 'D':
|
|
|
|
debug++;
|
|
|
|
break;
|
|
|
|
case 'a':
|
|
|
|
auth++;
|
|
|
|
break;
|
|
|
|
case 'k':
|
|
|
|
keyspec = EARGF(usage());
|
|
|
|
break;
|
2011-03-30 12:46:40 +00:00
|
|
|
case 't':
|
|
|
|
file = EARGF(usage());
|
|
|
|
break;
|
|
|
|
case 'x':
|
|
|
|
filex = EARGF(usage());
|
|
|
|
break;
|
2012-11-15 18:32:53 +00:00
|
|
|
case 'c':
|
|
|
|
ccert = EARGF(usage());
|
|
|
|
break;
|
2016-02-01 21:49:20 +00:00
|
|
|
case 'n':
|
|
|
|
servername = EARGF(usage());
|
|
|
|
break;
|
2016-02-14 01:06:08 +00:00
|
|
|
case 'o':
|
|
|
|
dialfile = 1;
|
|
|
|
break;
|
2011-03-30 12:46:40 +00:00
|
|
|
default:
|
|
|
|
usage();
|
|
|
|
}ARGEND
|
|
|
|
|
2016-02-01 21:49:20 +00:00
|
|
|
if(argc < 1)
|
2011-03-30 12:46:40 +00:00
|
|
|
usage();
|
|
|
|
|
|
|
|
if(filex && !file)
|
|
|
|
sysfatal("specifying -x without -t is useless");
|
2016-02-01 21:49:20 +00:00
|
|
|
|
2011-03-30 12:46:40 +00:00
|
|
|
if(file){
|
2017-04-23 17:00:08 +00:00
|
|
|
thumb = initThumbprints(file, filex, "x509");
|
2011-03-30 12:46:40 +00:00
|
|
|
if(thumb == nil)
|
|
|
|
sysfatal("initThumbprints: %r");
|
2016-02-01 21:49:20 +00:00
|
|
|
} else
|
|
|
|
thumb = nil;
|
2011-03-30 12:46:40 +00:00
|
|
|
|
2016-02-01 21:49:20 +00:00
|
|
|
addr = *argv++;
|
2016-02-14 01:06:08 +00:00
|
|
|
if((fd = dialfile? open(addr, ORDWR): dial(addr, 0, 0, 0)) < 0)
|
2011-03-30 12:46:40 +00:00
|
|
|
sysfatal("dial %s: %r", addr);
|
|
|
|
|
2012-11-15 18:32:53 +00:00
|
|
|
conn = (TLSconn*)mallocz(sizeof *conn, 1);
|
2016-02-01 21:49:20 +00:00
|
|
|
conn->serverName = servername;
|
|
|
|
if(ccert){
|
2012-11-15 18:32:53 +00:00
|
|
|
conn->cert = readcert(ccert, &conn->certlen);
|
2016-02-01 21:49:20 +00:00
|
|
|
if(conn->cert == nil)
|
|
|
|
sysfatal("readcert: %r");
|
|
|
|
}
|
|
|
|
|
|
|
|
if(auth){
|
|
|
|
ai = auth_proxy(fd, auth_getkey, "proto=p9any role=client %s", keyspec);
|
|
|
|
if(ai == nil)
|
|
|
|
sysfatal("auth_proxy: %r");
|
|
|
|
|
|
|
|
conn->pskID = "p9secret";
|
|
|
|
conn->psk = ai->secret;
|
|
|
|
conn->psklen = ai->nsecret;
|
|
|
|
}
|
|
|
|
|
2012-11-15 18:32:53 +00:00
|
|
|
if(debug)
|
|
|
|
conn->trace = reporter;
|
2016-02-01 21:49:20 +00:00
|
|
|
|
2013-09-14 17:19:08 +00:00
|
|
|
fd = tlsClient(fd, conn);
|
2011-03-30 12:46:40 +00:00
|
|
|
if(fd < 0)
|
|
|
|
sysfatal("tlsclient: %r");
|
2016-02-01 21:49:20 +00:00
|
|
|
|
2011-03-30 12:46:40 +00:00
|
|
|
if(thumb){
|
2017-04-23 17:00:08 +00:00
|
|
|
if(!okCertificate(conn->cert, conn->certlen, thumb))
|
|
|
|
sysfatal("cert for %s not recognized: %r", servername ? servername : addr);
|
2016-02-14 01:06:08 +00:00
|
|
|
freeThumbprints(thumb);
|
2016-02-01 21:49:20 +00:00
|
|
|
}
|
|
|
|
|
2016-02-14 01:06:08 +00:00
|
|
|
free(conn->cert);
|
|
|
|
free(conn->sessionID);
|
|
|
|
free(conn);
|
|
|
|
if(ai != nil)
|
|
|
|
auth_freeAI(ai);
|
|
|
|
|
2016-02-01 21:49:20 +00:00
|
|
|
if(*argv){
|
|
|
|
dup(fd, 0);
|
|
|
|
dup(fd, 1);
|
|
|
|
if(fd > 1)
|
|
|
|
close(fd);
|
|
|
|
exec(*argv, argv);
|
|
|
|
sysfatal("exec: %r");
|
2011-03-30 12:46:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
rfork(RFNOTEG);
|
|
|
|
switch(fork()){
|
|
|
|
case -1:
|
2016-02-01 21:49:20 +00:00
|
|
|
sysfatal("fork: %r");
|
2011-03-30 12:46:40 +00:00
|
|
|
case 0:
|
|
|
|
xfer(0, fd);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
xfer(fd, 1);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
postnote(PNGROUP, getpid(), "die yankee pig dog");
|
|
|
|
exits(0);
|
|
|
|
}
|