summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1999-12-08 19:32:56 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1999-12-08 19:32:56 +0000
commit76272add88de703262e38b396349df43c2c3d0ce (patch)
tree7a569c05e57772893ddf4e81d1c2cd45c83d6cce /usr.bin
parent78b24ac73760b866187367fae1d2296d3d7bf584 (diff)
avoid stdio; based on work by markus, millert, and I
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/readpass.c167
1 files changed, 71 insertions, 96 deletions
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index b1e58a64d54..6d1134e4c32 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -1,119 +1,94 @@
/*
- *
- * readpass.c
- *
- * Author: Tatu Ylonen <ylo@cs.hut.fi>
- *
- * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
- * All rights reserved
- *
- * Created: Mon Jul 10 22:08:59 1995 ylo
- *
- * Functions for reading passphrases and passwords.
- *
+ * Copyright (c) 1988, 1993
+ * The Regents of the University of California. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the University of
+ * California, Berkeley and its contributors.
+ * 4. Neither the name of the University nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
*/
#include "includes.h"
-RCSID("$Id: readpass.c,v 1.7 1999/11/24 19:53:50 markus Exp $");
+RCSID("$Id: readpass.c,v 1.8 1999/12/08 19:32:55 deraadt Exp $");
#include "xmalloc.h"
#include "ssh.h"
-/* Saved old terminal mode for read_passphrase. */
-static struct termios saved_tio;
-
-/* Old interrupt signal handler for read_passphrase. */
-static void (*old_handler) (int sig) = NULL;
-
-/* Interrupt signal handler for read_passphrase. */
-
-void
-intr_handler(int sig)
-{
- /* Restore terminal modes. */
- tcsetattr(fileno(stdin), TCSANOW, &saved_tio);
- /* Restore the old signal handler. */
- signal(sig, old_handler);
- /* Resend the signal, with the old handler. */
- kill(getpid(), sig);
-}
-
/*
* Reads a passphrase from /dev/tty with echo turned off. Returns the
- * passphrase (allocated with xmalloc). Exits if EOF is encountered. The
- * passphrase if read from stdin if from_stdin is true (as is the case with
- * ssh-keygen).
+ * passphrase (allocated with xmalloc), being very careful to ensure that
+ * no other userland buffer is storing the password.
*/
-
char *
read_passphrase(const char *prompt, int from_stdin)
{
- char buf[1024], *cp;
- struct termios tio;
- FILE *f;
+ char buf[1024], *p, ch;
+ struct termios tio, saved_tio;
+ sigset_t oset, nset;
+ int input, output, echo = 0;
+
+ if (from_stdin) {
+ input = STDIN_FILENO;
+ output = STDERR_FILENO;
+ } else
+ input = output = open("/dev/tty", O_RDWR);
+
+ if (input == -1)
+ fatal("You have no controlling tty. Cannot read passphrase.\n");
- if (from_stdin)
- f = stdin;
- else {
- /*
- * Read the passphrase from /dev/tty to make it possible to
- * ask it even when stdin has been redirected.
- */
- f = fopen("/dev/tty", "r");
- if (!f) {
- /* No controlling terminal and no DISPLAY. Nowhere to read. */
- fprintf(stderr, "You have no controlling tty and no DISPLAY. Cannot read passphrase.\n");
- exit(1);
- }
+ /* block signals, get terminal modes and turn off echo */
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGINT);
+ sigaddset(&nset, SIGTSTP);
+ (void) sigprocmask(SIG_BLOCK, &nset, &oset);
+
+ if (tcgetattr(input, &tio) == 0 && (tio.c_lflag & ECHO)) {
+ echo = 1;
+ saved_tio = tio;
+ tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
+ (void) tcsetattr(input, TCSANOW, &tio);
}
- /* Display the prompt (on stderr because stdout might be redirected). */
fflush(stdout);
- fprintf(stderr, "%s", prompt);
- fflush(stderr);
- /* Get terminal modes. */
- tcgetattr(fileno(f), &tio);
- saved_tio = tio;
- /* Save signal handler and set the new handler. */
- old_handler = signal(SIGINT, intr_handler);
+ (void)write(output, prompt, strlen(prompt));
+ for (p = buf; read(input, &ch, 1) == 1 && ch != '\n';)
+ if (p < buf + sizeof(buf) - 1)
+ *p++ = ch;
+ *p = '\0';
+ (void)write(output, "\n", 1);
- /* Set new terminal modes disabling all echo. */
- tio.c_lflag &= ~(ECHO | ECHOE | ECHOK | ECHONL);
- tcsetattr(fileno(f), TCSANOW, &tio);
+ /* restore terminal modes and allow signals */
+ if (echo)
+ tcsetattr(input, TCSANOW, &saved_tio);
+ (void) sigprocmask(SIG_SETMASK, &oset, NULL);
- /* Read the passphrase from the terminal. */
- if (fgets(buf, sizeof(buf), f) == NULL) {
- /* Got EOF. Just exit. */
- /* Restore terminal modes. */
- tcsetattr(fileno(f), TCSANOW, &saved_tio);
- /* Restore the signal handler. */
- signal(SIGINT, old_handler);
- /* Print a newline (the prompt probably didn\'t have one). */
- fprintf(stderr, "\n");
- /* Close the file. */
- if (f != stdin)
- fclose(f);
- exit(1);
- }
- /* Restore terminal modes. */
- tcsetattr(fileno(f), TCSANOW, &saved_tio);
- /* Restore the signal handler. */
- (void) signal(SIGINT, old_handler);
- /* Remove newline from the passphrase. */
- if (strchr(buf, '\n'))
- *strchr(buf, '\n') = 0;
- /* Allocate a copy of the passphrase. */
- cp = xstrdup(buf);
- /*
- * Clear the buffer so we don\'t leave copies of the passphrase
- * laying around.
- */
+ if (!from_stdin)
+ (void)close(input);
+ p = xstrdup(buf);
memset(buf, 0, sizeof(buf));
- /* Print a newline since the prompt probably didn\'t have one. */
- fprintf(stderr, "\n");
- /* Close the file. */
- if (f != stdin)
- fclose(f);
- return cp;
+ return (p);
}