tMove default values into config.h - safe - password protected secret keeper
HTML git clone git://git.z3bra.org/safe.git
DIR Log
DIR Files
DIR Refs
DIR README
DIR LICENSE
---
DIR commit c2750950f47475b591b2e70c6079310f7b2f6e0c
DIR parent 438f1df0c768a5da0bd223c0aebd2805e7278f7e
HTML Author: Willy Goiffon <contact@z3bra.org>
Date: Tue, 26 Jul 2022 14:00:56 +0200
Move default values into config.h
Diffstat:
A config.def.h | 26 ++++++++++++++++++++++++++
M makefile | 5 +++++
M mkfile | 5 ++++-
M safe-agent.c | 6 ++++--
M safe.1 | 2 +-
M safe.c | 19 ++++++++-----------
6 files changed, 48 insertions(+), 15 deletions(-)
---
DIR diff --git a/config.def.h b/config.def.h
t@@ -0,0 +1,26 @@
+/*
+ * Base directory to use when storing secrets. This can be overriden
+ * with the $SAFE_DIR environment variable or -s flag.
+ */
+char safe_dir[] = ".secrets";
+
+/*
+ * Path to the executable to use when prompting user for the master
+ * password, and no TTY is available.
+ * This can be overriden with the $SAFE_ASKPASS environment variable.
+ */
+char askpass_path[] = "/usr/X11R6/bin/ssh-askpass";
+
+/*
+ * Name of the entry that will hold the master password
+ * This entry must exist as it is used to ensure all passwords are
+ * encrypted with the same key.
+ */
+char master_entry[] = "master";
+
+/*
+ * mkdtemp(3) template and snprintf(3) format to use to construct the
+ * full path where the agent socket will be created.
+ */
+char agent_socktmp[] = "/tmp/safe-XXXXXX"; /* path MUST end with "XXXXXX" */
+char agent_sockfmt[] = "agent.%d"; /* use %d to include agent pid */
DIR diff --git a/makefile b/makefile
t@@ -1,12 +1,17 @@
include config.mk
all: safe safe-agent
+safe.o safe-agent.o: config.h
+
safe: safe.o readpassphrase.o
$(LD) -o $@ safe.o readpassphrase.o $(LDFLAGS) $(LDLIBS)
safe-agent: safe-agent.o
$(LD) -o $@ safe-agent.o $(LDFLAGS) $(LDLIBS)
+config.h: config.def.h
+ cp $< $@
+
clean:
rm -f *.o safe safe-agent
DIR diff --git a/mkfile b/mkfile
t@@ -8,9 +8,12 @@ safe: safe.o readpassphrase.o
safe-agent: safe-agent.o
$LD -o $target $prereq $LDFLAGS $LDLIBS
-%.o: %.c
+%.o: %.c config.h
$CC $CPPFLAGS $CFLAGS -c $stem.c
+config.h: config.def.h
+ cp $prereq $target
+
clean:V:
rm -f *.o safe safe-agent
DIR diff --git a/safe-agent.c b/safe-agent.c
t@@ -18,6 +18,7 @@
#include <sodium.h>
#include "arg.h"
+#include "config.h"
#ifndef __OpenBSD__
#include "strlcpy.h"
t@@ -224,10 +225,11 @@ main(int argc, char *argv[])
pid_t pid;
int fd, timeout = 0, dflag = 0;
size_t dirlen;
- char path[PATH_MAX] = SOCKDIR;
+ char path[PATH_MAX];
struct rlimit rlim;
pid = getpid();
+ strlcpy(path, agent_socktmp, sizeof(path));
ARGBEGIN {
case 'd':
t@@ -253,7 +255,7 @@ main(int argc, char *argv[])
err(1, "mkdtemp: %s", path);
dirlen = strnlen(path, sizeof(path));
- snprintf(path + dirlen, PATH_MAX - dirlen, "/%s.%d", SOCKET, pid);
+ snprintf(path + dirlen, PATH_MAX - dirlen, agent_sockfmt, pid);
sockp = path;
}
DIR diff --git a/safe.1 b/safe.1
t@@ -98,7 +98,7 @@ Defines the location of your safe (default: .secrets)
Path to the UNIX-domain socket used to communicate with the agent.
.It Ev SAFE_ASKPASS
If no TTY is available, the program specified by this variable will be
-used to read the master password (default: thingaskpass)
+used to read the master password (default: ssh-askpass)
.Sh SEE ALSO
.Xr safe-agent 1 ,
.Xr safe-store 5
DIR diff --git a/safe.c b/safe.c
t@@ -20,10 +20,7 @@
#include "arg.h"
#include "readpassphrase.h"
-
-#define ASKPASS "thingaskpass"
-#define MASTER "master"
-#define SAFE ".secrets"
+#include "config.h"
struct safe {
uint8_t key[crypto_secretstream_xchacha20poly1305_KEYBYTES];
t@@ -172,7 +169,7 @@ readpass(const char *prompt, uint8_t **target, size_t *len, int askflag, int std
{
char pass[BUFSIZ], *askpass, *p;
if (askflag) {
- askpass = ASKPASS;
+ askpass = askpass_path;
if (getenv("SAFE_ASKPASS"))
askpass = getenv("SAFE_ASKPASS");
p = spawn_askpass(askpass, prompt, pass, sizeof(pass));
t@@ -379,7 +376,7 @@ main(int argc, char *argv[])
{
int aflag = 0, bflag = 0, rflag = 0, kflag = 0, fflag = 0;
int fd, haskey = 0, hasmaster = 1, ttyfd;
- char *prompt, *secret, *sockp, *safe = SAFE;
+ char *prompt, *secret, *sockp, *safe = safe_dir;
struct safe s;
struct rlimit rlim;
t@@ -427,17 +424,17 @@ main(int argc, char *argv[])
err(1, "setrlimit RLIMIT_CORE");
if (!safe)
- safe = SAFE;
+ safe = safe_dir;
mkdir(safe, 0700);
if (chdir(safe) < 0)
err(1, "chdir: %s", safe);
/* open master password as read only to retrieve salt */
- fd = open(MASTER, O_RDONLY);
+ fd = open(master_entry, O_RDONLY);
if (fd < 0) {
if (errno != ENOENT)
- err(1, "%s", MASTER);
+ err(1, "%s", master_entry);
hasmaster = 0;
}
t@@ -476,9 +473,9 @@ main(int argc, char *argv[])
}
sodium_munlock(passphrase2, pplen2);
- fd = open(MASTER, O_RDWR | O_CREAT | O_EXCL, 0600);
+ fd = open(master_entry, O_RDWR | O_CREAT | O_EXCL, 0600);
if (fd < 0)
- err(1, "%s", MASTER);
+ err(1, "%s", master_entry);
randombytes_buf(s.salt, sizeof(s.salt));
deriv((char *)passphrase, &s);