slac-ood-opencode/ttyd-credential-file.patch at main · slaclab/slac-ood-opencode · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
--- a/src/server.c	2026-04-14 20:55:44.646883772 -0700
+++ b/src/server.c	2026-04-14 20:56:29.747197180 -0700
@@ -82,6 +82,7 @@
                                         {"debug", required_argument, NULL, 'd'},
                                         {"version", no_argument, NULL, 'v'},
                                         {"help", no_argument, NULL, 'h'},
+                                        {"credential-file", required_argument, NULL, 0},
                                         {NULL, 0, 0, 0}};
 static const char *opt_string = "p:i:U:c:H:u:g:s:w:I:b:P:6aSC:K:A:Wt:T:Om:oqBd:vh";

@@ -343,9 +344,50 @@
 #endif

   // parse command line options
-  int c;
-  while ((c = getopt_long(start, argv, opt_string, options, NULL)) != -1) {
+  int c, option_index = 0;
+  while ((c = getopt_long(start, argv, opt_string, options, &option_index)) != -1) {
     switch (c) {
+      case 0:
+        if (strcmp(options[option_index].name, "credential-file") == 0) {
+          FILE *f = fopen(optarg, "r");
+          if (!f) {
+            fprintf(stderr, "ttyd: cannot open credential file: %s\n", optarg);
+            return -1;
+          }
+          char buf[512];
+          size_t n = fread(buf, 1, sizeof(buf) - 1, f);
+          int read_err = ferror(f);
+          fclose(f);
+          if (read_err) {
+            fprintf(stderr, "ttyd: error reading credential file\n");
+            return -1;
+          }
+          if (n == 0) {
+            fprintf(stderr, "ttyd: credential file is empty\n");
+            return -1;
+          }
+          buf[n] = '\0';
+          if (strlen(buf) != n) {
+            fprintf(stderr, "ttyd: credential file contains null bytes\n");
+            explicit_bzero(buf, sizeof(buf));
+            return -1;
+          }
+          while (n > 0 && (buf[n - 1] == '\n' || buf[n - 1] == '\r')) buf[--n] = '\0';
+          if (n == 0) {
+            fprintf(stderr, "ttyd: credential file is empty after stripping\n");
+            return -1;
+          }
+          char b64[768];
+          int b64_len = lws_b64_encode_string(buf, (int)n, b64, sizeof(b64));
+          explicit_bzero(buf, sizeof(buf));
+          if (b64_len < 0) {
+            fprintf(stderr, "ttyd: base64 encoding of credential failed\n");
+            return -1;
+          }
+          server->credential = strdup(b64);
+          explicit_bzero(b64, sizeof(b64));
+        }
+        break;
       case 'h':
         print_help();
         return 0;