Finish draft implementation

Spawn a shell (or any command specified on the command line) once the secret has been reconstituted and wait for the child process to terminate, then delete the secret.
5 years ago · 705618b705
1 changed files with 42 additions and 0 deletions
--- a/src/gfsec-use.c
+++ b/src/gfsec-use.c
@ -25,6 +25,9 @@
 #include <string.h>
 #include <errno.h>
 #include <sys/mman.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <unistd.h>

 #include <getopt.h>
 #include <err.h>
@ -166,6 +169,7 @@ main(int argc, char **argv)
    gfsec_secret_config_t *cfg;
    gfsec_share_t *share;
    unsigned have_shares, have_full;
+    pid_t pid;

    struct option options[] = {
        { "help",    0, NULL, 'h' },
@ -281,6 +285,44 @@ main(int argc, char **argv)
    else
        errx(EXIT_FAILURE, "Not enough data to reconstitute secret");

+    if ( (pid = fork()) == -1 ) {
+        unlink(cfg->output_file);
+        err(EXIT_FAILURE, "Cannot fork");
+    }
+    else if ( pid == 0 ) {
+        gfsec_destroy_config(cfg);
+
+        if ( optind < argc ) {
+            execvp(argv[optind], &(argv[optind]));
+        }
+        else {
+            char *shell, *args[3];
+
+            if ( ! (shell = getenv("SHELL")) )
+                shell = "/bin/sh";
+
+            args[0] = shell;
+            args[1] = "-i";
+            args[2] = NULL;
+
+            putenv("PS1=gfsec> ");
+
+            execvp(shell, args);
+        }
+
+        err(EXIT_FAILURE, "Cannot exec");
+    }
+    else {
+        int status;
+
+        if ( waitpid(pid, &status, 0) == -1 )
+            warn("Cannot wait for child process");
+
+        printf("Removing secret.\n");
+
+        unlink(cfg->output_file);
+    }
+
    gfsec_destroy_config(cfg);

    return EXIT_SUCCESS;