Browse Source

Plan 9 from Bell Labs 2007-06-06

David du Colombier 17 years ago
parent
commit
4996d34de5

+ 7 - 6
dist/replica/_plan9.db

@@ -5821,7 +5821,7 @@ sys/games - 20000000775 sys sys 1117225532 0
 sys/games/lib - 20000000775 sys sys 1165337608 0
 sys/games/lib/4scores - 10000000666 sys sys 1118680448 0
 sys/games/lib/5scores - 10000000666 sys sys 1118680453 0
-sys/games/lib/fortunes - 664 sys sys 1179957238 265482
+sys/games/lib/fortunes - 664 sys sys 1181057665 265556
 sys/games/lib/mahjongg - 20000000775 sys sys 1095792278 0
 sys/games/lib/mahjongg/backgrounds - 20000000775 sys sys 1095792293 0
 sys/games/lib/mahjongg/backgrounds/default.bit - 664 sys sys 1095792293 346803
@@ -7435,7 +7435,7 @@ sys/man/1/rio - 664 sys sys 1155362586 14707
 sys/man/1/rm - 664 sys sys 944959673 515
 sys/man/1/rwd - 664 sys sys 1042469992 2958
 sys/man/1/sam - 664 sys sys 1113743327 18295
-sys/man/1/secstore - 664 sys sys 1113743328 3772
+sys/man/1/secstore - 664 sys sys 1181069036 3770
 sys/man/1/sed - 664 sys sys 944959674 6884
 sys/man/1/seq - 664 sys sys 1063855680 1131
 sys/man/1/size - 664 sys sys 944959674 393
@@ -7769,7 +7769,7 @@ sys/man/7/playlistfs - 664 sys sys 1103794042 3831
 sys/man/7/scat - 664 sys sys 970069855 8904
 sys/man/8 - 20000000775 sys sys 1162240005 0
 sys/man/8/0intro - 664 sys sys 944959679 247
-sys/man/8/6in4 - 664 sys sys 1180719862 1850
+sys/man/8/6in4 - 664 sys sys 1181070628 1934
 sys/man/8/9load - 664 sys sys 1094676489 9170
 sys/man/8/9pcon - 664 sys sys 1145881850 2234
 sys/man/8/INDEX - 664 sys sys 1178249215 2888
@@ -8039,7 +8039,7 @@ sys/src/9/pc/devpccard.c - 664 sys sys 1173225108 39296
 sys/src/9/pc/devrtc.c - 664 sys sys 1015014515 7167
 sys/src/9/pc/devtv.c - 664 sys sys 1131290299 45676
 sys/src/9/pc/devusb.c - 664 sys sys 1168305372 18752
-sys/src/9/pc/devvga.c - 664 sys sys 1131290315 9332
+sys/src/9/pc/devvga.c - 664 sys sys 1181083003 9334
 sys/src/9/pc/dma.c - 664 sys sys 1142966373 5332
 sys/src/9/pc/ether2000.c - 664 sys sys 1173287379 4901
 sys/src/9/pc/ether2114x.c - 664 sys sys 1145359795 41693
@@ -9622,7 +9622,7 @@ sys/src/cmd/auth/secstore/mkfile - 664 sys sys 1106577499 836
 sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1140272943 9314
 sys/src/cmd/auth/secstore/password.c - 664 sys sys 1180417351 3038
 sys/src/cmd/auth/secstore/secchk.c - 664 sys sys 1172776633 565
-sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1143465894 12678
+sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1181068567 12637
 sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1106575526 859
 sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1140272944 8087
 sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1143465899 5136
@@ -12465,7 +12465,7 @@ sys/src/cmd/iostats/mkfile - 664 sys sys 1014925727 122
 sys/src/cmd/iostats/statfs.h - 664 sys sys 1140099908 2626
 sys/src/cmd/iostats/statsrv.c - 664 sys sys 1166824341 10773
 sys/src/cmd/ip - 20000000775 sys sys 1128605981 0
-sys/src/cmd/ip/6in4.c - 664 sys sys 1180652319 7570
+sys/src/cmd/ip/6in4.c - 664 sys sys 1181070455 7744
 sys/src/cmd/ip/arp.h - 664 sys sys 944961005 751
 sys/src/cmd/ip/dhcp.h - 664 sys sys 1178483074 3419
 sys/src/cmd/ip/dhcpclient.c - 664 sys sys 1178482836 11969
@@ -15840,3 +15840,4 @@ usr/glenda/lib/profile - 664 glenda glenda 1105128663 890
 usr/glenda/readme.acme - 664 glenda glenda 1019860628 4753
 usr/glenda/readme.rio - 664 glenda glenda 1019860628 6370
 usr/glenda/tmp - 20000000775 glenda glenda 1018802620 0
+386/bin/auth/secstore - 775 sys sys 1181100215 195887

+ 7 - 7
dist/replica/plan9.db

@@ -71,7 +71,7 @@
 386/bin/auth/rsafill - 775 sys sys 1168402273 143968
 386/bin/auth/rsagen - 775 sys sys 1178568249 151953
 386/bin/auth/secretpem - 775 sys sys 1045537944 118526
-386/bin/auth/secstore - 775 sys sys 1180468712 195983
+386/bin/auth/secstore - 775 sys sys 1181100215 195887
 386/bin/auth/secstored - 775 sys sys 1180468713 197571
 386/bin/auth/secuser - 775 sys sys 1180468714 152765
 386/bin/auth/status - 775 sys sys 1020319060 738
@@ -5821,7 +5821,7 @@ sys/games - 20000000775 sys sys 1117225532 0
 sys/games/lib - 20000000775 sys sys 1165337608 0
 sys/games/lib/4scores - 10000000666 sys sys 1118680448 0
 sys/games/lib/5scores - 10000000666 sys sys 1118680453 0
-sys/games/lib/fortunes - 664 sys sys 1179957238 265482
+sys/games/lib/fortunes - 664 sys sys 1181057665 265556
 sys/games/lib/mahjongg - 20000000775 sys sys 1095792278 0
 sys/games/lib/mahjongg/backgrounds - 20000000775 sys sys 1095792293 0
 sys/games/lib/mahjongg/backgrounds/default.bit - 664 sys sys 1095792293 346803
@@ -7435,7 +7435,7 @@ sys/man/1/rio - 664 sys sys 1155362586 14707
 sys/man/1/rm - 664 sys sys 944959673 515
 sys/man/1/rwd - 664 sys sys 1042469992 2958
 sys/man/1/sam - 664 sys sys 1113743327 18295
-sys/man/1/secstore - 664 sys sys 1113743328 3772
+sys/man/1/secstore - 664 sys sys 1181069036 3770
 sys/man/1/sed - 664 sys sys 944959674 6884
 sys/man/1/seq - 664 sys sys 1063855680 1131
 sys/man/1/size - 664 sys sys 944959674 393
@@ -7769,7 +7769,7 @@ sys/man/7/playlistfs - 664 sys sys 1103794042 3831
 sys/man/7/scat - 664 sys sys 970069855 8904
 sys/man/8 - 20000000775 sys sys 1162240005 0
 sys/man/8/0intro - 664 sys sys 944959679 247
-sys/man/8/6in4 - 664 sys sys 1180719862 1850
+sys/man/8/6in4 - 664 sys sys 1181070628 1934
 sys/man/8/9load - 664 sys sys 1094676489 9170
 sys/man/8/9pcon - 664 sys sys 1145881850 2234
 sys/man/8/INDEX - 664 sys sys 1178249215 2888
@@ -8039,7 +8039,7 @@ sys/src/9/pc/devpccard.c - 664 sys sys 1173225108 39296
 sys/src/9/pc/devrtc.c - 664 sys sys 1015014515 7167
 sys/src/9/pc/devtv.c - 664 sys sys 1131290299 45676
 sys/src/9/pc/devusb.c - 664 sys sys 1168305372 18752
-sys/src/9/pc/devvga.c - 664 sys sys 1131290315 9332
+sys/src/9/pc/devvga.c - 664 sys sys 1181083003 9334
 sys/src/9/pc/dma.c - 664 sys sys 1142966373 5332
 sys/src/9/pc/ether2000.c - 664 sys sys 1173287379 4901
 sys/src/9/pc/ether2114x.c - 664 sys sys 1145359795 41693
@@ -9622,7 +9622,7 @@ sys/src/cmd/auth/secstore/mkfile - 664 sys sys 1106577499 836
 sys/src/cmd/auth/secstore/pak.c - 664 sys sys 1140272943 9314
 sys/src/cmd/auth/secstore/password.c - 664 sys sys 1180417351 3038
 sys/src/cmd/auth/secstore/secchk.c - 664 sys sys 1172776633 565
-sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1143465894 12678
+sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1181068567 12637
 sys/src/cmd/auth/secstore/secstore.h - 664 sys sys 1106575526 859
 sys/src/cmd/auth/secstore/secstored.c - 664 sys sys 1140272944 8087
 sys/src/cmd/auth/secstore/secuser.c - 664 sys sys 1143465899 5136
@@ -12465,7 +12465,7 @@ sys/src/cmd/iostats/mkfile - 664 sys sys 1014925727 122
 sys/src/cmd/iostats/statfs.h - 664 sys sys 1140099908 2626
 sys/src/cmd/iostats/statsrv.c - 664 sys sys 1166824341 10773
 sys/src/cmd/ip - 20000000775 sys sys 1128605981 0
-sys/src/cmd/ip/6in4.c - 664 sys sys 1180652319 7570
+sys/src/cmd/ip/6in4.c - 664 sys sys 1181070455 7744
 sys/src/cmd/ip/arp.h - 664 sys sys 944961005 751
 sys/src/cmd/ip/dhcp.h - 664 sys sys 1178483074 3419
 sys/src/cmd/ip/dhcpclient.c - 664 sys sys 1178482836 11969

+ 7 - 0
dist/replica/plan9.log

@@ -49130,3 +49130,10 @@
 1180857641 0 c sys/src/cmd/upas/vf/vf.c - 664 sys sys 1180857236 20273
 1180859423 0 c mail/lib/validateattachment - 775 upas upas 1180857656 1209
 1180900822 0 c 386/bin/upas/vf - 775 sys sys 1180900507 97407
+1181059209 0 c sys/games/lib/fortunes - 664 sys sys 1181057665 265556
+1181070023 0 c sys/man/1/secstore - 664 sys sys 1181069036 3770
+1181070023 1 c sys/src/cmd/auth/secstore/secstore.c - 664 sys sys 1181068567 12637
+1181071824 0 c sys/man/8/6in4 - 664 sys sys 1181070628 1934
+1181071824 1 c sys/src/cmd/ip/6in4.c - 664 sys sys 1181070455 7744
+1181084422 0 c sys/src/9/pc/devvga.c - 664 sys sys 1181083003 9334
+1181100623 0 c 386/bin/auth/secstore - 775 sys sys 1181100215 195887

+ 1 - 0
sys/games/lib/fortunes

@@ -4182,3 +4182,4 @@ The program 'apt-get' is currently not installed.  You can install it by typing:
 Subject: Re: [9fans] speaking of kenc... can you imagine a c compiler that does not translate to asm first? or can you imagine porting a c compiler when you dont have an assembler? -- Rogelio Serrano
 I expect to be quite wealthy once the dust from the Linux IPOs has settled.  - Eric Raymond, "Doing It For the Cause", December 1999
 A handful of characteristics of Unix are responsible for its resilience. First, Unix is simple: whereas some operating systems implement thousands of system calls and have unclear design goals, Unix systems typically implement only hundreds of system calls and have a very clear design. -- Linux Kernel Development, 2nd Ed. by Robert Love
+IF YOU CAN HEAR THUNDER...YOU ARE CLOSE ENOUGH TO BE STRUCK BY LIGHTNING.

+ 32 - 40
sys/man/1/secstore

@@ -4,34 +4,23 @@ aescbc, ipso, secstore \- secstore commands
 .SH SYNOPSIS
 .B auth/secstore
 [
-.B -s
-.I server
-]
-[
+.B -cinv
+] [
 .B -(g|G)
 .I getfile
-]
-[
+] [
 .B -p
 .I putfile
-]
-[
+] [
 .B -r
 .I rmfile
-]
-[
-.B -c
-]
-[
+] [
+.B -s
+.I server
+] [
 .B -u
 .I user
 ]
-[
-.B -v
-]
-[
-.B -i
-]
 .PP
 .B auth/aescbc
 -e
@@ -51,17 +40,16 @@ aescbc, ipso, secstore \- secstore commands
 \&...
 ]
 .SH DESCRIPTION
-.PP
 .I Secstore
-authenticates to the server
+authenticates to a secure-store server
 using a password and optionally a hardware token,
 then saves or retrieves a file.
 This is intended to be a credentials store (public/private keypairs,
 passwords, and other secrets) for a factotum.
 .PP
 Option
-.B -p
-stores a file on the secstore.
+.B -c
+prompts for a password change.
 .PP
 Option
 .B -g
@@ -71,23 +59,12 @@ option
 writes it to standard output instead.
 Specifying
 .I getfile
-of . will send to standard output
+of
+.L \&.
+will send to standard output
 a list of remote files with dates, lengths and SHA1 hashes.
 .PP
 Option
-.B -r
-removes a file from the secstore.
-.PP
-Option
-.B -c
-prompts for a password change.
-.PP
-Option
-.B -v
-produces more verbose output, in particular providing a few
-bits of feedback to help the user detect mistyping.
-.PP
-Option
 .B -i
 says that the password should be read from standard input
 instead of from
@@ -101,15 +78,28 @@ says that the password should be read from NVRAM
 instead of from
 .BR /dev/cons .
 .PP
+Option
+.B -p
+stores a file on the secstore.
+.PP
+Option
+.B -r
+removes a file from the secstore.
+.PP
 The server is
 .BR tcp!$auth!secstore  ,
 or the server specified by option
 .BR -s .
 .PP
+Option
+.B -v
+produces more verbose output, in particular providing a few
+bits of feedback to help the user detect mistyping.
+.PP
 For example, to add a secret to the file read by
 .IR factotum (4)
 at startup, open a new window, type
-.sp
+.LP
 .EX
   % ramfs -p; cd /tmp
   % auth/secstore -g factotum
@@ -119,7 +109,7 @@ at startup, open a new window, type
   secstore password:
   % read -m factotum > /mnt/factotum/ctl
 .EE
-.PP
+.LP
 and delete the window.
 The first line creates an ephemeral memory-resident workspace,
 invisible to others and automatically removed when the window is deleted.
@@ -151,7 +141,9 @@ grabs all the user's files from
 .I secstore
 for editing.
 .PP
-By default, ipso will edit the
+By default,
+.I ipso
+will edit the
 .I secstore
 files and, if
 one of them is named

+ 4 - 1
sys/man/8/6in4

@@ -15,7 +15,6 @@
 [
 .I remote6
 ] ] ]
-.B &
 .SH DESCRIPTION
 .I 6in4
 sets up and maintains a tunnel of IPv6 traffic through an IPv4 connection.
@@ -55,6 +54,10 @@ are the hexadecimal equivalents of the bytes
 .I d
 in this host's primary IPv4 address.
 .PP
+.I 6in4
+forks a pair of background processes to copy packets to and from
+the tunnel.
+.PP
 Supply
 .B -g
 to use the tunnel as the default route for global IPv6 addresses.

+ 2 - 2
sys/src/9/pc/devvga.c

@@ -293,13 +293,13 @@ vgactl(Cmdbuf *cb)
 	case CMsize:
 
 		x = strtoul(cb->f[1], &p, 0);
-		if(x == 0 || x > 2048)
+		if(x == 0 || x > 10240)
 			error(Ebadarg);
 		if(*p)
 			p++;
 
 		y = strtoul(p, &p, 0);
-		if(y == 0 || y > 2048)
+		if(y == 0 || y > 10240)
 			error(Ebadarg);
 		if(*p)
 			p++;

+ 55 - 55
sys/src/cmd/auth/secstore/secstore.c

@@ -1,4 +1,4 @@
-/* network login client */
+/* secstore - network login client */
 #include <u.h>
 #include <libc.h>
 #include <mp.h>
@@ -6,12 +6,13 @@
 #include <authsrv.h>
 #include "SConn.h"
 #include "secstore.h"
+
 enum{ CHK = 16, MAXFILES = 100 };
 
 typedef struct AuthConn{
-	SConn *conn;
-	char pass[64];
-	int passlen;
+	SConn	*conn;
+	char	pass[64];
+	int	passlen;
 } AuthConn;
 
 int verbose;
@@ -20,21 +21,21 @@ Nvrsafe nvr;
 void
 usage(void)
 {
-	fprint(2, "usage: secstore [-cin] [-g getfile] [-p putfile] [-r rmfile] [-s tcp!server!5356] [-u user] [-v]\n");
+	fprint(2, "usage: secstore [-cinv] [-[gG] getfile] [-p putfile] "
+		"[-r rmfile] [-s tcp!server!5356] [-u user]\n");
 	exits("usage");
 }
 
 static int
 getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 {
-	int fd = -1;
-	int i, n, nr, nw, len;
+	int fd = -1, i, n, nr, nw, len;
 	char s[Maxmsg+1];
 	uchar skey[SHA1dlen], ib[Maxmsg+CHK], *ibr, *ibw, *bufw, *bufe;
 	AESstate aes;
 	DigestState *sha;
 
-	if(strchr(gf, '/')){
+	if(strchr(gf, '/') != nil){
 		fprint(2, "secstore: simple filenames, not paths like %s\n", gf);
 		return -1;
 	}
@@ -79,14 +80,16 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 			if(buf == nil)
 				write(1, s, n);
 			else
-				memmove((*buf)+i, s, n);
+				memmove(*buf + i, s, n);
 		}
 		return 0;
 	}
 
-	/* conn is already encrypted against wiretappers, 
-		but gf is also encrypted against server breakin. */
-	if(buf == nil && (fd =create(gf, OWRITE, 0600)) < 0){
+	/*
+	 * conn is already encrypted against wiretappers, but gf is also
+	 * encrypted against server breakin.
+	 */
+	if(buf == nil && (fd = create(gf, OWRITE, 0600)) < 0){
 		fprint(2, "secstore: can't open %s: %r\n", gf);
 		return -1;
 	}
@@ -100,7 +103,7 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 		}
 		nr += n;
 		ibw += n;
-		if(!aes.setup){ /* first time, read 16 byte IV */
+		if(!aes.setup){		/* first time, read 16 byte IV */
 			if(n < AESbsize){
 				fprint(2, "secstore: no IV in file\n");
 				return -1;
@@ -110,10 +113,10 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 			setupAESstate(&aes, skey, AESbsize, ibr);
 			memset(skey, 0, sizeof skey);
 			ibr += AESbsize;
-			n -= AESbsize;
+			n   -= AESbsize;
 		}
 		aesCBCdecrypt(ibw-n, n, &aes);
-		n = ibw-ibr-CHK;
+		n = ibw - ibr - CHK;
 		if(n > 0){
 			if(buf == nil){
 				nw = write(fd, ibr, n);
@@ -122,7 +125,7 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 					return -1;
 				}
 			}else{
-				assert(bufw+n <= bufe);
+				assert(bufw + n <= bufe);
 				memmove(bufw, ibr, n);
 				bufw += n;
 			}
@@ -135,26 +138,28 @@ getfile(SConn *conn, char *gf, uchar **buf, ulong *buflen, uchar *key, int nkey)
 	if(buf == nil)
 		close(fd);
 	n = ibw-ibr;
-	if((n != CHK) || (memcmp(ib, "XXXXXXXXXXXXXXXX", CHK) != 0)){
+	if(n != CHK || memcmp(ib, "XXXXXXXXXXXXXXXX", CHK) != 0){
 		fprint(2, "secstore: decrypted file failed to authenticate!\n");
 		return -1;
 	}
 	return 0;
 }
 
-// This sends a file to the secstore disk that can, in an emergency, be
-// decrypted by the program aescbc.c.
+/*
+ * This sends a file to the secstore disk that can, in an emergency, be
+ * decrypted by the program aescbc.c.
+ */
 static int
 putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
 {
 	int i, n, fd, ivo, bufi, done;
 	char s[Maxmsg];
-	uchar  skey[SHA1dlen], b[CHK+Maxmsg], IV[AESbsize];
+	uchar skey[SHA1dlen], b[CHK+Maxmsg], IV[AESbsize];
 	AESstate aes;
 	DigestState *sha;
 
 	/* create initialization vector */
-	srand(time(0));  /* doesn't need to be unpredictable */
+	srand(time(0));			/* doesn't need to be unpredictable */
 	for(i=0; i<AESbsize; i++)
 		IV[i] = 0xff & rand();
 	sha = sha1((uchar*)"aescbc file", 11, nil, nil);
@@ -173,9 +178,8 @@ putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
 		}
 		len = seek(fd, 0, 2);
 		seek(fd, 0, 0);
-	} else {
+	} else
 		fd = -1;
-	}
 	if(len > MAXFILESIZE){
 		fprint(2, "secstore: implausible filesize %ld for %s\n",
 			len, pf);
@@ -183,7 +187,7 @@ putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
 	}
 
 	/* send file size */
-	snprint(s, Maxmsg, "%ld", len+AESbsize+CHK);
+	snprint(s, Maxmsg, "%ld", len + AESbsize + CHK);
 	conn->write(conn, (uchar*)s, strlen(s));
 
 	/* send IV and file+XXXXX in Maxmsg chunks */
@@ -199,16 +203,16 @@ putfile(SConn *conn, char *pf, uchar *buf, ulong len, uchar *key, int nkey)
 				return -1;
 			}
 		}else{
-			if((n = len - bufi) > Maxmsg-ivo)	
+			if((n = len - bufi) > Maxmsg-ivo)
 				n = Maxmsg-ivo;
 			memcpy(b+ivo, buf+bufi, n);
 			bufi += n;
 		}
 		n += ivo;
 		ivo = 0;
-		if(n < Maxmsg){ /* EOF on input; append XX... */
+		if(n < Maxmsg){		/* EOF on input; append XX... */
 			memset(b+n, 'X', CHK);
-			n += CHK; // might push n>Maxmsg
+			n += CHK;	/* might push n>Maxmsg */
 			done = 1;
 		}
 		aesCBCencrypt(b, n, &aes);
@@ -233,7 +237,7 @@ removefile(SConn *conn, char *rf)
 {
 	char buf[Maxmsg];
 
-	if(strchr(rf, '/')){
+	if(strchr(rf, '/') != nil){
 		fprint(2, "secstore: simple filenames, not paths like %s\n", rf);
 		return -1;
 	}
@@ -254,10 +258,11 @@ cmd(AuthConn *c, char **gf, int *Gflag, char **pf, char **rf)
 	while(*gf != nil){
 		if(verbose)
 			fprint(2, "get %s\n", *gf);
-		if(getfile(c->conn, *gf, *Gflag ? &memfile : nil, &len, (uchar*)c->pass, c->passlen) < 0)
+		if(getfile(c->conn, *gf, *Gflag? &memfile: nil, &len,
+		    (uchar*)c->pass, c->passlen) < 0)
 			goto Out;
 		if(*Gflag){
-			// write one line at a time, as required by /mnt/factotum/ctl
+			/* write 1 line at a time, as required by /mnt/factotum/ctl */
 			memcur = memfile;
 			while(len>0){
 				memnext = (uchar*)strchr((char*)memcur, '\n');
@@ -301,17 +306,16 @@ Out:
 static int
 chpasswd(AuthConn *c, char *id)
 {
-	ulong len;
 	int rv = -1, newpasslen = 0;
-	mpint *H, *Hi;
+	ulong len;
 	uchar *memfile;
-	char *newpass, *passck;
-	char *list, *cur, *next, *hexHi;
+	char *newpass, *passck, *list, *cur, *next, *hexHi;
 	char *f[8], prompt[128];
+	mpint *H, *Hi;
 
 	H = mpnew(0);
 	Hi = mpnew(0);
-	// changing our password is vulnerable to connection failure
+	/* changing our password is vulnerable to connection failure */
 	for(;;){
 		snprint(prompt, sizeof(prompt), "new password for %s: ", id);
 		newpass = getpassm(prompt);
@@ -355,11 +359,13 @@ chpasswd(AuthConn *c, char *id)
 		if(tokenize(cur, f, nelem(f))< 1)
 			break;
 		fprint(2, "secstore: reencrypting '%s'\n", f[0]);
-		if(getfile(c->conn, f[0], &memfile, &len, (uchar*)c->pass, c->passlen) < 0){
+		if(getfile(c->conn, f[0], &memfile, &len, (uchar*)c->pass,
+		    c->passlen) < 0){
 			fprint(2, "secstore: getfile of '%s' failed\n", f[0]);
 			continue;
 		}
-		if(putfile(c->conn, f[0], memfile, len, (uchar*)newpass, newpasslen) < 0)
+		if(putfile(c->conn, f[0], memfile, len, (uchar*)newpass,
+		    newpasslen) < 0)
 			fprint(2, "secstore: putfile of '%s' failed\n", f[0]);
 		free(memfile);
 	}
@@ -379,9 +385,9 @@ Out:
 static AuthConn*
 login(char *id, char *dest, int pass_stdin, int pass_nvram)
 {
-	AuthConn *c;
 	int fd, n, ntry = 0;
 	char *S, *PINSTA = nil, *nl, s[Maxmsg+1], *pass;
+	AuthConn *c;
 
 	if(dest == nil)
 		sysfatal("tried to login with nil dest");
@@ -392,7 +398,7 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
 		strecpy(c->pass, c->pass+sizeof c->pass, nvr.config);
 	}
 	if(pass_stdin){
-		n = readn(0, s, Maxmsg-2);  // so len(PINSTA)<Maxmsg-3
+		n = readn(0, s, Maxmsg-2);	/* so len(PINSTA)<Maxmsg-3 */
 		if(n < 1)
 			exits("no password on standard input");
 		s[n] = 0;
@@ -440,7 +446,7 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
 			exits("invalid password on standard input");
 		if(pass_nvram)
 			exits("invalid password in nvram");
-		// and let user try retyping the password
+		/* and let user try retyping the password */
 		if(ntry==3)
 			fprint(2, "Enter an empty password to quit.\n");
 	}
@@ -454,15 +460,16 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
 	}
 	if(strcmp(s, "STA") == 0){
 		long sn;
+
 		if(pass_stdin){
 			if(PINSTA)
-				strncpy(s+3, PINSTA, (sizeof s)-3);
+				strncpy(s+3, PINSTA, sizeof s - 3);
 			else
 				exits("missing PIN+SecureID on standard input");
 			free(PINSTA);
 		}else{
 			pass = getpassm("STA PIN+SecureID: ");
-			strncpy(s+3, pass, (sizeof s)-4);
+			strncpy(s+3, pass, sizeof s - 4);
 			memset(pass, 0, strlen(pass));
 			free(pass);
 		}
@@ -481,13 +488,13 @@ login(char *id, char *dest, int pass_stdin, int pass_nvram)
 	return c;
 }
 
-int
+void
 main(int argc, char **argv)
 {
 	int chpass = 0, pass_stdin = 0, pass_nvram = 0, rc;
 	int ngfile = 0, npfile = 0, nrfile = 0, Gflag[MAXFILES+1];
-	char *gfile[MAXFILES], *pfile[MAXFILES], *rfile[MAXFILES];
 	char *serve, *tcpserve, *user;
+	char *gfile[MAXFILES], *pfile[MAXFILES], *rfile[MAXFILES];
 	AuthConn *c;
 
 	serve = "$auth";
@@ -504,9 +511,7 @@ main(int argc, char **argv)
 	case 'g':
 		if(ngfile >= MAXFILES)
 			exits("too many gfiles");
-		gfile[ngfile++] = ARGF();
-		if(gfile[ngfile-1] == nil)
-			usage();
+		gfile[ngfile++] = EARGF(usage());
 		break;
 	case 'i':
 		pass_stdin = 1;
@@ -517,16 +522,12 @@ main(int argc, char **argv)
 	case 'p':
 		if(npfile >= MAXFILES)
 			exits("too many pfiles");
-		pfile[npfile++] = ARGF();
-		if(pfile[npfile-1] == nil)
-			usage();
+		pfile[npfile++] = EARGF(usage());
 		break;
 	case 'r':
 		if(nrfile >= MAXFILES)
 			exits("too many rfiles");
-		rfile[nrfile++] = ARGF();
-		if(rfile[nrfile-1] == nil)
-			usage();
+		rfile[nrfile++] = EARGF(usage());
 		break;
 	case 's':
 		serve = EARGF(usage());
@@ -553,7 +554,7 @@ main(int argc, char **argv)
 		exits("usage");
 	}
 
-	rc = strlen(serve)+sizeof("tcp!!99990");
+	rc = strlen(serve) + sizeof "tcp!!99990";
 	tcpserve = emalloc(rc);
 	if(strchr(serve,'!'))
 		strcpy(tcpserve, serve);
@@ -570,5 +571,4 @@ main(int argc, char **argv)
 	if(rc < 0)
 		sysfatal("secstore cmd failed");
 	exits("");
-	return 0;
 }

+ 14 - 4
sys/src/cmd/ip/6in4.c

@@ -164,15 +164,25 @@ main(int argc, char **argv)
 			sysfatal("can't set default global route: %r");
 	}
 
-	switch (rfork(RFPROC|RFNOWAIT|RFMEM)) {
-	case -1:
-		sysfatal("rfork");
+	/* run the tunnel copying in the background */
+	switch (rfork(RFPROC|RFNOWAIT|RFMEM|RFNOTEG)) {
+	default:
+		exits(nil);
 	case 0:
-		ip2tunnel(ifc, tunnel);
 		break;
+	case -1:
+		sysfatal("rfork");
+	}
+
+	switch (rfork(RFPROC|RFNOWAIT|RFMEM)) {
 	default:
 		tunnel2ip(tunnel, ifc);
 		break;
+	case 0:
+		ip2tunnel(ifc, tunnel);
+		break;
+	case -1:
+		sysfatal("rfork");
 	}
 	exits("tunnel gone");
 }