1/* $NetBSD: getpass.c,v 1.30 2016/01/31 23:41:38 christos Exp $ */ 2 3/*- 4 * Copyright (c) 2012 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Christos Zoulas. 9 * 10 * Redistribution and use in source and binary forms, with or without 11 * modification, are permitted provided that the following conditions 12 * are met: 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in the 17 * documentation and/or other materials provided with the distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 20 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 21 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 22 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 23 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 */ 31#include <sys/cdefs.h> 32#if defined(LIBC_SCCS) && !defined(lint) 33__RCSID("$NetBSD: getpass.c,v 1.30 2016/01/31 23:41:38 christos Exp $"); 34#endif /* LIBC_SCCS and not lint */ 35 36#include "namespace.h" 37 38#include <assert.h> 39#ifdef TEST 40#include <stdio.h> 41#endif 42#include <errno.h> 43#include <ctype.h> 44#include <signal.h> 45#include <string.h> 46#include <paths.h> 47#include <stdbool.h> 48#include <stdlib.h> 49#include <termios.h> 50#include <unistd.h> 51#include <fcntl.h> 52#include <poll.h> 53 54#ifdef __weak_alias 55__weak_alias(getpassfd,_getpassfd) 56__weak_alias(getpass_r,_getpass_r) 57__weak_alias(getpass,_getpass) 58#endif 59 60/* 61 * Notes: 62 * - There is no getpass_r in POSIX 63 * - Historically EOF is documented to be treated as EOL, we provide a 64 * tunable for that GETPASS_FAIL_EOF to disable this. 65 * - Historically getpass ate extra characters silently, we provide 66 * a tunable for that GETPASS_BUF_LIMIT to disable this. 67 * - Historically getpass "worked" by echoing characters when turning 68 * off echo failed, we provide a tunable GETPASS_NEED_TTY to 69 * disable this. 70 * - Some implementations say that on interrupt the program shall 71 * receive an interrupt signal before the function returns. We 72 * send all the tty signals before we return, but we don't expect 73 * suspend to do something useful unless the caller calls us again. 74 * We also provide a tunable to disable signal delivery 75 * GETPASS_NO_SIGNAL. 76 * - GETPASS_NO_BEEP disables beeping. 77 * - GETPASS_ECHO_STAR will echo '*' for each character of the password 78 * - GETPASS_ECHO will echo the password (as pam likes it) 79 * - GETPASS_7BIT strips the 8th bit 80 * - GETPASS_FORCE_UPPER forces to uppercase 81 * - GETPASS_FORCE_LOWER forces to uppercase 82 * - GETPASS_ECHO_NL echo's a new line on success if echo was off. 83 */ 84char * 85/*ARGSUSED*/ 86getpassfd(const char *prompt, char *buf, size_t len, int *fd, int flags, 87 int tout) 88{ 89 struct termios gt; 90 char c; 91 int sig; 92 bool lnext, havetty, allocated, opentty, good; 93 int fdc[3]; 94 95 _DIAGASSERT(prompt != NULL); 96 97 if (buf != NULL && len == 0) { 98 errno = EINVAL; 99 return NULL; 100 } 101 102 good = false; 103 opentty = false; 104 if (fd == NULL) { 105 /* 106 * Try to use /dev/tty if possible; otherwise read from stdin 107 * and write to stderr. 108 */ 109 fd = fdc; 110 if ((fd[0] = fd[1] = fd[2] = open(_PATH_TTY, 111 O_RDWR | O_CLOEXEC)) == -1) { 112 fd[0] = STDIN_FILENO; 113 fd[1] = fd[2] = STDERR_FILENO; 114 } else 115 opentty = true; 116 } 117 118 sig = 0; 119 allocated = buf == NULL; 120 if (tcgetattr(fd[0], >) == -1) { 121 havetty = false; 122 if (flags & GETPASS_NEED_TTY) 123 goto out; 124 memset(>, -1, sizeof(gt)); 125 } else 126 havetty = true; 127 128 if (havetty) { 129 struct termios st = gt; 130 131 st.c_lflag &= ~(ECHO|ECHOK|ECHOE|ECHOKE|ECHOCTL|ISIG|ICANON); 132 st.c_cc[VMIN] = 1; 133 st.c_cc[VTIME] = 0; 134 if (tcsetattr(fd[0], TCSAFLUSH|TCSASOFT, &st) == -1) 135 goto out; 136 } 137 138 if (prompt != NULL) { 139 size_t plen = strlen(prompt); 140 (void)write(fd[1], prompt, plen); 141 } 142 143 if (allocated) { 144 len = 1024; 145 if ((buf = malloc(len)) == NULL) 146 goto restore; 147 } 148 149 c = '\1'; 150 lnext = false; 151 for (size_t l = 0; c != '\0'; ) { 152 if (tout) { 153 struct pollfd pfd; 154 pfd.fd = fd[0]; 155 pfd.events = POLLIN|POLLRDNORM; 156 pfd.revents = 0; 157 switch (poll(&pfd, 1, tout * 1000)) { 158 case 0: 159 errno = ETIMEDOUT; 160 /*FALLTHROUGH*/ 161 case -1: 162 goto restore; 163 default: 164 break; 165 } 166 } 167 if (read(fd[0], &c, 1) != 1) 168 goto restore; 169 170#define beep() \ 171 do \ 172 if (flags & GETPASS_NO_BEEP) \ 173 (void)write(fd[2], "\a", 1); \ 174 while (/*CONSTCOND*/ 0) 175#define erase() (void)write(fd[1], "\b \b", 3) 176/* 177 * We test for both _POSIX_VDISABLE and NUL here because _POSIX_VDISABLE 178 * propagation does not seem to be very consistent on multiple daemon hops 179 * between different OS's. Perhaps we should not even bother with 180 * _POSIX_VDISABLE and use ~0 and 0 directly. 181 */ 182#define C(a, b) ((gt.c_cc[(a)] == _POSIX_VDISABLE || gt.c_cc[(a)] == '\0') ? \ 183 (b) : gt.c_cc[(a)]) 184 if (lnext) { 185 lnext = false; 186 goto add; 187 } 188 189 /* Ignored */ 190 if (c == C(VREPRINT, CTRL('r')) || c == C(VSTART, CTRL('q')) || 191 c == C(VSTOP, CTRL('s')) || c == C(VSTATUS, CTRL('t')) || 192 c == C(VDISCARD, CTRL('o'))) 193 continue; 194 195 /* Literal next */ 196 if (c == C(VLNEXT, CTRL('v'))) { 197 lnext = true; 198 continue; 199 } 200 201 /* Line or word kill, treat as reset */ 202 if (c == C(VKILL, CTRL('u')) || c == C(VWERASE, CTRL('w'))) { 203 if (flags & (GETPASS_ECHO | GETPASS_ECHO_STAR)) { 204 while (l--) 205 erase(); 206 } 207 l = 0; 208 continue; 209 } 210 211 /* Character erase */ 212 if (c == C(VERASE, CTRL('h'))) { 213 if (l == 0) 214 beep(); 215 else { 216 l--; 217 if (flags & (GETPASS_ECHO | GETPASS_ECHO_STAR)) 218 erase(); 219 } 220 continue; 221 } 222 223 /* tty signal characters */ 224 if (c == C(VINTR, CTRL('c'))) { 225 sig = SIGINT; 226 goto out; 227 } 228 if (c == C(VQUIT, CTRL('\\'))) { 229 sig = SIGQUIT; 230 goto out; 231 } 232 if (c == C(VSUSP, CTRL('z')) || c == C(VDSUSP, CTRL('y'))) { 233 sig = SIGTSTP; 234 goto out; 235 } 236 237 /* EOF */ 238 if (c == C(VEOF, CTRL('d'))) { 239 if (flags & GETPASS_FAIL_EOF) { 240 errno = ENODATA; 241 goto out; 242 } else { 243 c = '\0'; 244 goto add; 245 } 246 } 247 248 /* End of line */ 249 if (c == C(VEOL, CTRL('j')) || c == C(VEOL2, CTRL('m'))) 250 c = '\0'; 251add: 252 if (l >= len) { 253 if (allocated) { 254 size_t nlen = len + 1024; 255 char *nbuf = realloc(buf, nlen); 256 if (nbuf == NULL) 257 goto restore; 258 buf = nbuf; 259 len = nlen; 260 } else { 261 if (flags & GETPASS_BUF_LIMIT) { 262 beep(); 263 continue; 264 } 265 if (c == '\0' && l > 0) 266 l--; 267 else 268 continue; 269 } 270 } 271 272 if (flags & GETPASS_7BIT) 273 c &= 0x7f; 274 if ((flags & GETPASS_FORCE_LOWER) && isupper((unsigned char)c)) 275 c = tolower((unsigned char)c); 276 if ((flags & GETPASS_FORCE_UPPER) && islower((unsigned char)c)) 277 c = toupper((unsigned char)c); 278 279 buf[l++] = c; 280 if (c) { 281 if (flags & GETPASS_ECHO_STAR) 282 (void)write(fd[1], "*", 1); 283 else if (flags & GETPASS_ECHO) 284 (void)write(fd[1], isprint((unsigned char)c) ? 285 &c : "?", 1); 286 } 287 } 288 good = true; 289 290restore: 291out: 292 if (havetty) { 293 c = errno; 294 (void)tcsetattr(fd[0], TCSAFLUSH|TCSASOFT, >); 295 errno = c; 296 } 297 if (good && (flags & GETPASS_ECHO_NL)) 298 (void)write(fd[1], "\n", 1); 299 300 if (opentty) { 301 c = errno; 302 (void)close(fd[0]); 303 errno = c; 304 } 305 306 if (good) 307 return buf; 308 309 if (sig) { 310 if ((flags & GETPASS_NO_SIGNAL) == 0) 311 (void)raise(sig); 312 errno = EINTR; 313 } 314 memset(buf, 0, len); 315 if (allocated) 316 free(buf); 317 return NULL; 318} 319 320char * 321getpass_r(const char *prompt, char *buf, size_t len) 322{ 323 return getpassfd(prompt, buf, len, NULL, GETPASS_ECHO_NL, 0); 324} 325 326char * 327getpass(const char *prompt) 328{ 329 static char e[] = ""; 330 static char *buf; 331 static long bufsiz; 332 char *rv; 333 334 /* 335 * Strictly speaking we could double allocate here, if we get 336 * called at the same time, but this function is not re-entrant 337 * anyway and it is not supposed to work if called concurrently. 338 */ 339 if (buf == NULL) { 340 if ((bufsiz = sysconf(_SC_PASS_MAX)) == -1) 341 return e; 342 if ((buf = malloc((size_t)bufsiz)) == NULL) 343 return e; 344 } 345 346 if ((rv = getpass_r(prompt, buf, (size_t)bufsiz)) == NULL) 347 return e; 348 349 return rv; 350} 351 352#ifdef TEST 353int 354main(int argc, char *argv[]) 355{ 356 char buf[28]; 357 printf("[%s]\n", getpassfd("foo>", buf, sizeof(buf), NULL, 358 GETPASS_ECHO_STAR|GETPASS_ECHO_NL, 2)); 359 return 0; 360} 361#endif 362