/* -*-c-*-
*
- * $Id: pixie.c,v 1.13 2004/03/21 22:43:05 mdw Exp $
+ * $Id$
*
* Passphrase pixie for Catacomb
*
* MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: pixie.c,v $
- * Revision 1.13 2004/03/21 22:43:05 mdw
- * Keep quiet about expected errors on incoming connections.
- *
- * Revision 1.12 2002/01/13 13:50:42 mdw
- * Various fixes tracking mLib changes.
- *
- * Revision 1.11 2002/01/13 13:43:05 mdw
- * Fix bug in daemon mode.
- *
- * Revision 1.10 2001/02/21 20:03:54 mdw
- * Handle select errors (by bombing out). Cosmetic tweak.
- *
- * Revision 1.9 2001/02/03 16:06:44 mdw
- * Don't set a handler for @SIGINT@ if it's ignored at startup. Add some
- * error handling for the @select@ loop.
- *
- * Revision 1.8 2001/01/25 22:19:31 mdw
- * Make flags be unsigned.
- *
- * Revision 1.7 2000/12/06 20:33:27 mdw
- * Make flags be macros rather than enumerations, to ensure that they're
- * unsigned.
- *
- * Revision 1.6 2000/10/08 12:06:46 mdw
- * Change size passed to socket function to be a @size_t@. Insert missing
- * type name for flag declaration.
- *
- * Revision 1.5 2000/07/29 22:05:22 mdw
- * Miscellaneous tidyings:
- *
- * * Change the timeout to something more appropriate for real use.
- *
- * * Check assumptions about object types when binding the socket. In
- * particular, don't zap the socket if it's really something else.
- *
- * * In @p_request@, return a failure if the shell command returned
- * nonzero. Fix a bug in @p_get@ which incorrectly passes on a success
- * code when this happens.
- *
- * * Dispose of the locked memory in client mode to avoid being
- * antisocial.
- *
- * * Also in client mode, don't report closure from the server if we're
- * running noninteractively.
- *
- * * Insert a missing option letter into the usage string.
- *
- * * Change to the root directory after forking in daemon mode.
- *
- * Revision 1.4 2000/06/17 11:50:53 mdw
- * New pixie protocol allowing application to request passphrases and send
- * them to the pixie. Use the secure arena interface for the input
- * buffer. Extend the input buffer. Other minor fixes.
- *
- * Revision 1.3 1999/12/22 22:14:40 mdw
- * Only produce initialization message if verbose.
- *
- * Revision 1.2 1999/12/22 22:13:42 mdw
- * Fix bug in passphrase flushing loop.
- *
- * Revision 1.1 1999/12/22 15:58:41 mdw
- * Passphrase pixie support.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
#include "config.h"
{
if (p->t)
sel_rmtimer(&p->timer);
- free(p->tag);
+ xfree(p->tag);
l_free(&lm, p->p);
p->next->prev = p->prev;
p->prev->next = p->next;
if (dup2(fd[1], STDOUT_FILENO) < 0)
_exit(127);
close(fd[0]);
- execl("/bin/sh", "sh", "-c", d.buf, (void *)0);
+ execl("/bin/sh", "sh", "-c", d.buf, (char *)0);
_exit(127);
}
#define cf_uclose 1u
#define cf_sclose 2u
+#define cf_cooked 4u
/* --- Line handler functions --- */
}
exit(0);
}
- puts(s);
+ if (!(c_flags & cf_cooked))
+ puts(s);
+ else {
+ char *q = str_getword(&s);
+ if (strcmp(q, "FAIL") == 0)
+ die(1, "%s", s);
+ else if (strcmp(q, "INFO") == 0 ||
+ strcmp(q, "ITEM") == 0)
+ puts(s);
+ else if (strcmp(q, "OK") == 0) {
+ if (s && *s) puts(s);
+ } else if (strcmp(q, "MISSING") == 0)
+ ;
+ else
+ moan("unexpected output: %s %s", q, s);
+ }
}
/* --- @pix_client@ --- *
DPUTC(&d, '\n');
write(fd, d.buf, d.len);
shutdown(fd, 1);
- c_flags |= cf_uclose;
+ c_flags |= cf_uclose | cf_cooked;
dstr_destroy(&d);
}
{
pquis(fp, "\
Usage:\n\
- $ [-qvfidl] [-c command] [-t timeout] [-s socket]\n\
- $ [-s socket] -C [command args...]\n\
+ $ [-qvfidl] [-c COMMAND] [-t TIMEOUT] [-s SOCKET]\n\
+ $ [-s SOCKET] -C [COMMAND ARGS...]\n\
+ $ [-s SOCKET] -P[P] TAG\n\
");
}
-u, --usage Show a (very) terse usage summary.\n\
\n\
-C, --client Connect to a running pixie as a client.\n\
+-P, --passphrase Request passphrase TAG and print to stdout.\n\
+-PP, --verify-passphrase\n\
+ Verify passphrase TAG and print to stdout.\n\
\n\
-q, --quiet Emit fewer log messages.\n\
-v, --version Emit more log messages.\n\
#define f_stdin 4u
#define f_daemon 8u
#define f_syslog 16u
+#define f_fetch 32u
+#define f_verify 64u
/* --- Initialize libraries --- */
{ "quiet", 0, 0, 'q' },
{ "verbose", 0, 0, 'v' },
{ "client", 0, 0, 'C' },
+ { "passphrase", 0, 0, 'P' },
+ { "verify-passphrase", 0, 0, '+' },
{ "socket", OPTF_ARGREQ, 0, 's' },
{ "command", OPTF_ARGREQ, 0, 'c' },
{ "fetch", 0, 0, 'f' },
{ 0, 0, 0, 0 }
};
- int i = mdwopt(argc, argv, "hVuqvCs:c:ft:idl", opts, 0, 0, 0);
+ int i = mdwopt(argc, argv, "hVuqvCPs:c:ft:idl", opts, 0, 0, 0);
if (i < 0)
break;
break;
case 'C':
f |= f_client;
+ f &= ~f_fetch;
+ break;
+ case 'P':
+ if (!(f & f_fetch))
+ f |= f_fetch;
+ else
+ f |= f_verify;
+ break;
+ case '+':
+ f |= f_fetch | f_verify;
+ f &= ~f_client;
break;
case 's':
path = optarg;
}
}
- if (f & f_bogus || (optind < argc && !(f & f_client))) {
+ if (f & f_bogus ||
+ (optind < argc && !(f & (f_client|f_fetch))) ||
+ ((f & f_fetch) && optind != argc - 1)) {
usage(stderr);
exit(1);
}
+ /* --- Handle request for a passphrase --- */
+
+ if (f & f_fetch) {
+ char *buf = l_alloc(&lm, 1024);
+ passphrase_connect(path);
+ if (passphrase_read(argv[optind],
+ (f & f_verify) ? PMODE_VERIFY : PMODE_READ,
+ buf, 1024))
+ die(1, "failed to read passphrase: %s", strerror(errno));
+ puts(buf);
+ return (0);
+ }
+
/* --- Set up the socket address --- */
sun = pixie_address(path, &sz);