readpass.c revision 1.46
1/* $OpenBSD: readpass.c,v 1.46 2006/08/01 23:22:47 stevesk Exp $ */ 2/* 3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 14 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 15 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES 16 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 17 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, 18 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 19 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 20 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 21 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 22 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF 23 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 */ 25 26#include "includes.h" 27 28#include <sys/types.h> 29#include <sys/wait.h> 30 31#include <errno.h> 32#include <fcntl.h> 33#include <paths.h> 34#include <readpassphrase.h> 35#include <stdarg.h> 36#include <stdio.h> 37#include <stdlib.h> 38#include <string.h> 39#include <unistd.h> 40 41#include "xmalloc.h" 42#include "misc.h" 43#include "pathnames.h" 44#include "log.h" 45#include "ssh.h" 46#include "uidswap.h" 47 48static char * 49ssh_askpass(char *askpass, const char *msg) 50{ 51 pid_t pid; 52 size_t len; 53 char *pass; 54 int p[2], status, ret; 55 char buf[1024]; 56 57 if (fflush(stdout) != 0) 58 error("ssh_askpass: fflush: %s", strerror(errno)); 59 if (askpass == NULL) 60 fatal("internal error: askpass undefined"); 61 if (pipe(p) < 0) { 62 error("ssh_askpass: pipe: %s", strerror(errno)); 63 return NULL; 64 } 65 if ((pid = fork()) < 0) { 66 error("ssh_askpass: fork: %s", strerror(errno)); 67 return NULL; 68 } 69 if (pid == 0) { 70 permanently_drop_suid(getuid()); 71 close(p[0]); 72 if (dup2(p[1], STDOUT_FILENO) < 0) 73 fatal("ssh_askpass: dup2: %s", strerror(errno)); 74 execlp(askpass, askpass, msg, (char *) 0); 75 fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); 76 } 77 close(p[1]); 78 79 len = ret = 0; 80 do { 81 ret = read(p[0], buf + len, sizeof(buf) - 1 - len); 82 if (ret == -1 && errno == EINTR) 83 continue; 84 if (ret <= 0) 85 break; 86 len += ret; 87 } while (sizeof(buf) - 1 - len > 0); 88 buf[len] = '\0'; 89 90 close(p[0]); 91 while (waitpid(pid, &status, 0) < 0) 92 if (errno != EINTR) 93 break; 94 95 if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { 96 memset(buf, 0, sizeof(buf)); 97 return NULL; 98 } 99 100 buf[strcspn(buf, "\r\n")] = '\0'; 101 pass = xstrdup(buf); 102 memset(buf, 0, sizeof(buf)); 103 return pass; 104} 105 106/* 107 * Reads a passphrase from /dev/tty with echo turned off/on. Returns the 108 * passphrase (allocated with xmalloc). Exits if EOF is encountered. If 109 * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no 110 * tty is available 111 */ 112char * 113read_passphrase(const char *prompt, int flags) 114{ 115 char *askpass = NULL, *ret, buf[1024]; 116 int rppflags, use_askpass = 0, ttyfd; 117 118 rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; 119 if (flags & RP_USE_ASKPASS) 120 use_askpass = 1; 121 else if (flags & RP_ALLOW_STDIN) { 122 if (!isatty(STDIN_FILENO)) { 123 debug("read_passphrase: stdin is not a tty"); 124 use_askpass = 1; 125 } 126 } else { 127 rppflags |= RPP_REQUIRE_TTY; 128 ttyfd = open(_PATH_TTY, O_RDWR); 129 if (ttyfd >= 0) 130 close(ttyfd); 131 else { 132 debug("read_passphrase: can't open %s: %s", _PATH_TTY, 133 strerror(errno)); 134 use_askpass = 1; 135 } 136 } 137 138 if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) 139 return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); 140 141 if (use_askpass && getenv("DISPLAY")) { 142 if (getenv(SSH_ASKPASS_ENV)) 143 askpass = getenv(SSH_ASKPASS_ENV); 144 else 145 askpass = _PATH_SSH_ASKPASS_DEFAULT; 146 if ((ret = ssh_askpass(askpass, prompt)) == NULL) 147 if (!(flags & RP_ALLOW_EOF)) 148 return xstrdup(""); 149 return ret; 150 } 151 152 if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { 153 if (flags & RP_ALLOW_EOF) 154 return NULL; 155 return xstrdup(""); 156 } 157 158 ret = xstrdup(buf); 159 memset(buf, 'x', sizeof buf); 160 return ret; 161} 162 163int 164ask_permission(const char *fmt, ...) 165{ 166 va_list args; 167 char *p, prompt[1024]; 168 int allowed = 0; 169 170 va_start(args, fmt); 171 vsnprintf(prompt, sizeof(prompt), fmt, args); 172 va_end(args); 173 174 p = read_passphrase(prompt, RP_USE_ASKPASS|RP_ALLOW_EOF); 175 if (p != NULL) { 176 /* 177 * Accept empty responses and responses consisting 178 * of the word "yes" as affirmative. 179 */ 180 if (*p == '\0' || *p == '\n' || 181 strcasecmp(p, "yes") == 0) 182 allowed = 1; 183 xfree(p); 184 } 185 186 return (allowed); 187} 188