getpass.c revision 1.19
1 /* $NetBSD: getpass.c,v 1.19 2012/04/12 22:07:44 christos Exp $ */ 2 3 /*- 4 * Copyright (c) 2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31 #include <sys/cdefs.h> 32 #if defined(LIBC_SCCS) && !defined(lint) 33 __RCSID("$NetBSD: getpass.c,v 1.19 2012/04/12 22:07:44 christos Exp $"); 34 #endif /* LIBC_SCCS and not lint */ 35 36 #include "namespace.h" 37 38 #include <assert.h> 39 #ifdef TEST 40 #include <stdio.h> 41 #endif 42 #include <errno.h> 43 #include <signal.h> 44 #include <string.h> 45 #include <paths.h> 46 #include <stdbool.h> 47 #include <stdlib.h> 48 #include <termios.h> 49 #include <unistd.h> 50 #include <fcntl.h> 51 52 #ifdef __weak_alias 53 __weak_alias(getpassfd,_getpassfd) 54 __weak_alias(getpass_r,_getpass_r) 55 __weak_alias(getpass,_getpass) 56 #endif 57 58 /* 59 * Notes: 60 * - There is no getpass_r in POSIX 61 * - Historically EOF is documented to be treated as EOL, we provide a 62 * tunable for that GETPASS_FAIL_EOF to disable this. 63 * - Historically getpass ate extra characters silently, we provide 64 * a tunable for that GETPASS_BUF_LIMIT to disable this. 65 * - Historically getpass "worked" by echoing characters when turning 66 * off echo failed, we provide a tunable GETPASS_NEED_TTY to 67 * disable this. 68 * - Some implementations say that on interrupt the program shall 69 * receive an interrupt signal before the function returns. We 70 * send all the tty signals before we return, but we don't expect 71 * suspend to do something useful unless the caller calls us again. 72 * We also provide a tunable to disable signal delivery 73 * GETPASS_NO_SIGNAL. 74 * - GETPASS_NO_BEEP disables beeping. 75 * - GETPASS_ECHO will echo the password (as pam likes it) 76 */ 77 char * 78 /*ARGSUSED*/ 79 getpassfd(const char *prompt, char *buf, size_t len, int fd[], int flags) 80 { 81 struct termios gt; 82 char c; 83 int sig; 84 bool lnext, havetty, allocated; 85 86 _DIAGASSERT(prompt != NULL); 87 88 sig = 0; 89 90 allocated = buf == NULL; 91 if (tcgetattr(fd[0], >) == -1) { 92 havetty = false; 93 if (flags & GETPASS_NEED_TTY) 94 goto out; 95 memset(>, -1, sizeof(gt)); 96 } else 97 havetty = true; 98 99 100 if (havetty) { 101 struct termios st = gt; 102 103 st.c_lflag &= ~(ECHO|ECHOK|ECHOE|ECHOKE|ECHOCTL|ISIG|ICANON); 104 st.c_cc[VMIN] = 1; 105 st.c_cc[VTIME] = 0; 106 if (tcsetattr(fd[0], TCSAFLUSH|TCSASOFT, &st) == -1) 107 goto out; 108 } 109 110 if (prompt != NULL) { 111 size_t plen = strlen(prompt); 112 (void)write(fd[1], prompt, plen); 113 } 114 115 if (allocated) { 116 len = 1024; 117 if ((buf = malloc(len)) == NULL) 118 goto restore; 119 } 120 121 c = '\1'; 122 lnext = false; 123 for (size_t l = 0; c != '\0'; ) { 124 if (read(fd[0], &c, 1) != 1) 125 goto restore; 126 127 #define beep() do \ 128 if (flags & GETPASS_NO_BEEP) \ 129 (void)write(fd[2], "\a", 1); \ 130 while (/*CONSTCOND*/ 0) 131 #define erase() (void)write(fd[1], "\b \b", 3) 132 133 #define C(a, b) (gt.c_cc[(a)] == _POSIX_VDISABLE ? (b) : gt.c_cc[(a)]) 134 135 if (lnext) { 136 lnext = false; 137 goto add; 138 } 139 140 /* Ignored */ 141 if (c == C(VREPRINT, CTRL('r')) || c == C(VSTART, CTRL('q')) || 142 c == C(VSTOP, CTRL('s')) || c == C(VSTATUS, CTRL('t')) || 143 c == C(VDISCARD, CTRL('o'))) 144 continue; 145 146 /* Literal next */ 147 if (c == C(VLNEXT, CTRL('v'))) { 148 lnext = true; 149 continue; 150 } 151 152 /* Line or word kill, treat as reset */ 153 if (c == C(VKILL, CTRL('u')) || c == C(VWERASE, CTRL('w'))) { 154 if (flags & GETPASS_ECHO) { 155 while (l--) 156 erase(); 157 } 158 l = 0; 159 continue; 160 } 161 162 /* Character erase */ 163 if (c == C(VERASE, CTRL('h'))) { 164 if (l == 0) 165 beep(); 166 else { 167 l--; 168 if (flags & GETPASS_ECHO) 169 erase(); 170 } 171 continue; 172 } 173 174 /* tty signal characters */ 175 if (c == C(VINTR, CTRL('c'))) { 176 sig = SIGINT; 177 goto out; 178 } 179 if (c == C(VQUIT, CTRL('\\'))) { 180 sig = SIGQUIT; 181 goto out; 182 } 183 if (c == C(VSUSP, CTRL('z')) || c == C(VDSUSP, CTRL('y'))) { 184 sig = SIGTSTP; 185 goto out; 186 } 187 188 /* EOF */ 189 if (c == C(VEOF, CTRL('d'))) { 190 if (flags & GETPASS_FAIL_EOF) { 191 errno = ENODATA; 192 goto out; 193 } else { 194 c = '\0'; 195 goto add; 196 } 197 } 198 199 /* End of line */ 200 if (c == C(VEOL, CTRL('j')) || c == C(VEOL2, CTRL('l'))) 201 c = '\0'; 202 add: 203 if (l >= len) { 204 if (allocated) { 205 len += 1024; 206 char *b = realloc(buf, len); 207 if (b == NULL) 208 goto restore; 209 buf = b; 210 } else { 211 if (flags & GETPASS_BUF_LIMIT) { 212 beep(); 213 continue; 214 } 215 if (c == '\0' && l > 0) 216 l--; 217 else 218 continue; 219 } 220 } 221 buf[l++] = c; 222 if (c && (flags & GETPASS_ECHO)) 223 (void)write(fd[1], &c, 1); 224 } 225 226 if (havetty) 227 (void)tcsetattr(fd[0], TCSAFLUSH|TCSASOFT, >); 228 return buf; 229 restore: 230 if (havetty) { 231 c = errno; 232 (void)tcsetattr(fd[0], TCSAFLUSH|TCSASOFT, >); 233 errno = c; 234 } 235 out: 236 if (sig) { 237 if ((flags & GETPASS_NO_SIGNAL) == 0) 238 (void)raise(sig); 239 errno = EINTR; 240 } 241 memset(buf, 0, len); 242 if (allocated) 243 free(buf); 244 return NULL; 245 } 246 247 char * 248 getpass_r(const char *prompt, char *buf, size_t len) 249 { 250 bool opentty; 251 int fd[3]; 252 char *rv; 253 254 /* 255 * Try to use /dev/tty if possible; otherwise read from stdin and 256 * write to stderr. 257 */ 258 if ((fd[0] = fd[1] = fd[2] = open(_PATH_TTY, O_RDWR)) == -1) { 259 opentty = false; 260 fd[0] = STDIN_FILENO; 261 fd[1] = fd[2] = STDERR_FILENO; 262 } else 263 opentty = true; 264 265 rv = getpassfd(prompt, buf, len, fd, 0); 266 267 if (opentty) { 268 int serrno = errno; 269 (void)close(fd[0]); 270 errno = serrno; 271 } 272 return rv; 273 } 274 275 char * 276 getpass(const char *prompt) 277 { 278 static char e[] = ""; 279 static char *buf; 280 static long bufsiz; 281 char *rv; 282 283 /* 284 * Strictly speaking we could double allocate here, if we get 285 * called at the same time, but this function is not re-entrant 286 * anyway and it is not supposed to work if called concurrently. 287 */ 288 if (buf == NULL) { 289 if ((bufsiz = sysconf(_SC_PASS_MAX)) == -1) 290 return e; 291 if ((buf = malloc((size_t)bufsiz)) == NULL) 292 return e; 293 } 294 295 if ((rv = getpass_r(prompt, buf, (size_t)bufsiz)) == NULL) 296 return e; 297 298 return rv; 299 } 300 301 #ifdef TEST 302 int 303 main(int argc, char *argv[]) 304 { 305 char buf[28]; 306 int fd[3] = { 0, 1, 2 }; 307 printf("[%s]\n", getpassfd("foo>", buf, sizeof(buf), fd, GETPASS_ECHO)); 308 return 0; 309 } 310 #endif 311
Indexes created Tue Sep 23 23:09:58 GMT 2025