[master] 909a1ef Change -S semantics a bit.

Thu Nov 7 17:10:27 CET 2013

commit 909a1efbea8be8276e89dd8a1ceba28d87125c90
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Thu Nov 7 16:08:43 2013 +0000

    Change -S semantics a bit.
    
    If you specify no -S file, one will be made for you.
    
    If you truly want no authentication of CLI connections, give an
    empty -S argument  (-S "") and live with the warning that causes.
    
    Use arc4random() for challenges and secrets, we want crypto strength.

diff --git a/bin/varnishd/mgt/mgt_cli.c b/bin/varnishd/mgt/mgt_cli.c
index 3e43709..6233c79 100644
--- a/bin/varnishd/mgt/mgt_cli.c
+++ b/bin/varnishd/mgt/mgt_cli.c
@@ -260,7 +260,7 @@ mgt_cli_challenge(struct cli *cli)
 	int i;
 
 	for (i = 0; i + 2L < sizeof cli->challenge; i++)
-		cli->challenge[i] = (random() % 26) + 'a';
+		cli->challenge[i] = (arc4random() % 26) + 'a';
 	cli->challenge[i++] = '\n';
 	cli->challenge[i] = '\0';
 	VCLI_Out(cli, "%s", cli->challenge);
@@ -499,7 +499,6 @@ mgt_cli_secret(const char *S_arg)
 	/* Save in shmem */
 	mgt_SHM_static_alloc(S_arg, strlen(S_arg) + 1L, "Arg", "-S", "");
 
-	srandomdev();			/* XXX: why here ??? */
 	fd = open(S_arg, O_RDONLY);
 	if (fd < 0) {
 		fprintf(stderr, "Can not open secret-file \"%s\"\n", S_arg);
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index fd64b2f..bcffbda 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -311,6 +311,29 @@ cli_stdin_close(void *priv)
 
 /*--------------------------------------------------------------------*/
 
+static const char *
+make_secret(const char *dirname)
+{
+	char *fn;
+	int fd;
+	char buf[256];
+
+	assert(asprintf(&fn, "%s/_.secret", dirname) > 0);
+
+	fd = open(fn, O_RDWR|O_CREAT|O_TRUNC, 0600);
+	if (fd < 0) {
+		fprintf(stderr, "Cannot create secret-file in %s (%s)\n",
+		    dirname, strerror(errno));
+		exit(1);
+	}
+	arc4random_buf(buf, sizeof buf);
+	assert(sizeof buf == write(fd, buf, sizeof buf));
+	AZ(close(fd));
+	return (fn);
+}
+
+/*--------------------------------------------------------------------*/
+
 int
 main(int argc, char * const *argv)
 {
@@ -538,14 +561,18 @@ main(int argc, char * const *argv)
 		fprintf(stderr, "Only one of -b or -f can be specified\n");
 		usage();
 	}
-	if (S_arg == NULL && T_arg == NULL && d_flag == 0 && b_arg == NULL &&
+	if (T_arg == NULL && d_flag == 0 && b_arg == NULL &&
 	    f_arg == NULL && M_arg == NULL) {
 		fprintf(stderr,
-		    "At least one of -d, -b, -f, -M, -S or -T "
+		    "At least one of -d, -b, -f, -M or -T "
 		    "must be specified\n");
 		usage();
 	}
 
+	if (S_arg != NULL && *S_arg == '\0')
+		fprintf(stderr,
+		    "Warning: Empty -S argument, no CLI authentication.\n");
+
 	if (f_arg != NULL) {
 		vcl = VFIL_readfile(NULL, f_arg, NULL);
 		if (vcl == NULL) {
@@ -651,8 +678,14 @@ main(int argc, char * const *argv)
 
 	if (d_flag)
 		mgt_cli_setup(0, 1, 1, "debug", cli_stdin_close, NULL);
-	if (S_arg != NULL)
+
+	if (S_arg == NULL)
+		S_arg = make_secret(dirname);
+	AN(S_arg);
+
+	if (*S_arg != '\0')
 		mgt_cli_secret(S_arg);
+
 	if (M_arg != NULL)
 		mgt_cli_master(M_arg);
 	if (T_arg != NULL)

