diff options
-rw-r--r-- | bounce.c | 10 | ||||
-rw-r--r-- | client.c | 11 | ||||
-rwxr-xr-x | configure | 4 | ||||
-rw-r--r-- | local.c | 2 |
4 files changed, 24 insertions, 3 deletions
diff --git a/bounce.c b/bounce.c index 95e3711..924a01b 100644 --- a/bounce.c +++ b/bounce.c @@ -64,6 +64,15 @@ bool verbose; +#ifdef __OpenBSD__ +static void hashPass(void) { + char hash[_PASSWORD_LEN]; + char *pass = getpass("Password: "); + int error = crypt_newhash(pass, "bcrypt,a", hash, sizeof(hash)); + if (error) err(EX_OSERR, "crypt_newhash"); + printf("%s\n", hash); +} +#else static void hashPass(void) { byte rand[12]; int error = getentropy(rand, sizeof(rand)); @@ -75,6 +84,7 @@ static void hashPass(void) { char *pass = getpass("Password: "); printf("%s\n", crypt(pass, salt)); } +#endif static void genReq(const char *path) { const char *name = strrchr(path, '/'); diff --git a/client.c b/client.c index 06efeb8..dcfc835 100644 --- a/client.c +++ b/client.c @@ -166,11 +166,16 @@ static void handlePass(struct Client *client, struct Message *msg) { client->error = true; return; } - if (!strcmp(crypt(msg->params[0], clientPass), clientPass)) { +#ifdef __OpenBSD__ + int error = crypt_checkpass(msg->params[0], clientPass); +#else + int error = strcmp(crypt(msg->params[0], clientPass), clientPass); +#endif + if (error) { + passRequired(client); + } else { client->need &= ~NeedPass; maybeSync(client); - } else { - passRequired(client); } explicit_bzero(msg->params[0], strlen(msg->params[0])); } diff --git a/configure b/configure index 12f411c..4384104 100755 --- a/configure +++ b/configure @@ -37,6 +37,10 @@ case "$(uname)" in defstr OPENSSL_BIN /usr/bin/openssl defstr CERTBOT_PATH /usr/local/etc/letsencrypt ;; + (OpenBSD) + ldlibs -ltls + defstr OPENSSL_BIN /usr/bin/openssl + ;; (Linux) cflags -D_GNU_SOURCE ldlibs -lcrypt diff --git a/local.c b/local.c index ad95a00..a697e15 100644 --- a/local.c +++ b/local.c @@ -236,9 +236,11 @@ struct tls *localAccept(int *fd, int bind) { int error = setsockopt(*fd, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)); if (error) err(EX_OSERR, "setsockopt"); +#ifdef TCP_KEEPIDLE int idle = 15 * 60; error = setsockopt(*fd, IPPROTO_TCP, TCP_KEEPIDLE, &idle, sizeof(idle)); if (error) err(EX_OSERR, "setsockopt"); +#endif struct tls *client; error = tls_accept_socket(server, &client, *fd); |