diff --git a/include/readpassphrase.h b/include/readpassphrase.h index 75cb8cb4a1d9..d9641faaa10d 100644 --- a/include/readpassphrase.h +++ b/include/readpassphrase.h @@ -1,53 +1,47 @@ -/* $OpenBSD: /usr/local/www/cvsroot/OpenBSD/src/include/readpassphrase.h,v 1.2 2002/02/16 21:27:17 millert Exp $ */ +/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ /* $FreeBSD$ */ /* - * Copyright (c) 2000 Todd C. Miller - * All rights reserved. + * Copyright (c) 2000, 2002 Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ #ifndef _READPASSPHRASE_H_ #define _READPASSPHRASE_H_ #define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ #define RPP_ECHO_ON 0x01 /* Leave echo on. */ #define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ #define RPP_FORCELOWER 0x04 /* Force input to lower case. */ #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ +#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ #include #include #ifndef _SIZE_T_DECLARED typedef __size_t size_t; #define _SIZE_T_DECLARED #endif __BEGIN_DECLS char * readpassphrase(const char *, char *, size_t, int); __END_DECLS #endif /* !_READPASSPHRASE_H_ */ diff --git a/lib/libc/gen/readpassphrase.3 b/lib/libc/gen/readpassphrase.3 index 0d6a7ff38f16..3bcee6f5638d 100644 --- a/lib/libc/gen/readpassphrase.3 +++ b/lib/libc/gen/readpassphrase.3 @@ -1,191 +1,181 @@ -.\" $OpenBSD: readpassphrase.3,v 1.7 2001/12/15 15:37:51 millert Exp $ +.\" $OpenBSD: readpassphrase.3,v 1.17 2007/05/31 19:19:28 jmc Exp $ .\" -.\" Copyright (c) 2000 Todd C. Miller -.\" All rights reserved. +.\" Copyright (c) 2000, 2002 Todd C. Miller .\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions -.\" are met: -.\" 1. Redistributions of source code must retain the above copyright -.\" notice, this list of conditions and the following disclaimer. -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" 3. The name of the author may not be used to endorse or promote products -.\" derived from this software without specific prior written permission. +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. .\" -.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL -.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, -.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, -.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; -.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, -.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR -.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF -.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES +.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF +.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR +.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES +.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN +.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF +.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" +.\" Sponsored in part by the Defense Advanced Research Projects +.\" Agency (DARPA) and Air Force Research Laboratory, Air Force +.\" Materiel Command, USAF, under agreement number F39502-99-1-0512. .\" .\" $FreeBSD$ .\" -.Dd December 7, 2001 +.Dd May 31, 2007 .Dt READPASSPHRASE 3 .Os .Sh NAME .Nm readpassphrase .Nd get a passphrase from the user .Sh SYNOPSIS .In readpassphrase.h .Ft "char *" .Fn readpassphrase "const char *prompt" "char *buf" "size_t bufsiz" "int flags" .Sh DESCRIPTION The .Fn readpassphrase function displays a prompt to, and reads in a passphrase from, .Pa /dev/tty . If this file is inaccessible and the .Dv RPP_REQUIRE_TTY flag is not set, .Fn readpassphrase displays the prompt on the standard error output and reads from the standard input. In this case it is generally not possible to turn off echo. .Pp Up to .Fa bufsiz \- 1 characters (one is for the .Dv NUL ) are read into the provided buffer .Fa buf . Any additional characters and the terminating newline (or return) character are discarded. .Pp The .Fn readpassphrase function takes the following optional .Fa flags : .Pp .Bl -tag -width ".Dv RPP_REQUIRE_TTY" -compact .It Dv RPP_ECHO_OFF turn off echo (default behavior) .It Dv RPP_ECHO_ON leave echo on .It Dv RPP_REQUIRE_TTY fail if there is no tty .It Dv RPP_FORCELOWER force input to lower case .It Dv RPP_FORCEUPPER force input to upper case .It Dv RPP_SEVENBIT strip the high bit from input +.It Dv RPP_STDIN +force read of passphrase from stdin .El .Pp The calling process should zero the passphrase as soon as possible to avoid leaving the cleartext passphrase visible in the process's address space. .Sh RETURN VALUES Upon successful completion, .Fn readpassphrase -returns a pointer to the null-terminated passphrase. +returns a pointer to the NUL-terminated passphrase. If an error is encountered, the terminal state is restored and a .Dv NULL pointer is returned. .Sh FILES .Bl -tag -width ".Pa /dev/tty" -compact .It Pa /dev/tty .El .Sh EXAMPLES The following code fragment will read a passphrase from .Pa /dev/tty into the buffer .Fa passbuf . .Bd -literal -offset indent char passbuf[1024]; \&... if (readpassphrase("Response: ", passbuf, sizeof(passbuf), RPP_REQUIRE_TTY) == NULL) errx(1, "unable to read passphrase"); if (compare(transform(passbuf), epass) != 0) errx(1, "bad passphrase"); \&... memset(passbuf, 0, sizeof(passbuf)); .Ed -.Sh SIGNALS -The -.Fn readpassphrase -function -will catch the following signals: -.Pp -.Bl -tag -compact -.It Dv SIGINT -.It Dv SIGHUP -.It Dv SIGQUIT -.It Dv SIGTERM -.It Dv SIGTSTP -.It Dv SIGTTIN -.It Dv SIGTTOU -.El -.Pp -When one of the above signals is intercepted, terminal echo will -be restored if it had previously been turned off. -If a signal handler was installed for the signal when -.Fn readpassphrase -was called that handler is then executed. -If no handler was previously installed for the signal then the -default action is taken as per -.Xr sigaction 2 . -.Pp -The -.Dv SIGTSTP , SIGTTIN , -and -.Dv SIGTTOU -signals (stop signal generated from keyboard or due to terminal I/O -from a background process) are treated specially. -When the process is resumed after it has been stopped, -.Fn readpassphrase -will reprint the prompt and the user may then enter a passphrase. .Sh ERRORS .Bl -tag -width Er .It Bq Er EINTR The .Fn readpassphrase function was interrupted by a signal. .It Bq Er EINVAL The -.Fa bufsiz +.Ar bufsiz argument was zero. .It Bq Er EIO The process is a member of a background process attempting to read from its controlling terminal, the process is ignoring or blocking the .Dv SIGTTIN -signal or the process group is orphaned. +signal, or the process group is orphaned. .It Bq Er EMFILE The process has already reached its limit for open file descriptors. .It Bq Er ENFILE The system file table is full. .It Bq Er ENOTTY There is no controlling terminal and the .Dv RPP_REQUIRE_TTY flag was specified. .El +.Sh SIGNALS +The +.Fn readpassphrase +function +will catch the following signals: +.Bd -literal -offset indent +SIGALRM SIGHUP SIGINT +SIGPIPE SIGQUIT SIGTERM +SIGTSTP SIGTTIN SIGTTOU +.Ed +.Pp +When one of the above signals is intercepted, terminal echo will +be restored if it had previously been turned off. +If a signal handler was installed for the signal when +.Fn readpassphrase +was called, that handler is then executed. +If no handler was previously installed for the signal then the +default action is taken as per +.Xr sigaction 2 . +.Pp +The +.Dv SIGTSTP , SIGTTIN +and +.Dv SIGTTOU +signals (stop signals generated from keyboard or due to terminal I/O +from a background process) are treated specially. +When the process is resumed after it has been stopped, +.Fn readpassphrase +will reprint the prompt and the user may then enter a passphrase. .Sh SEE ALSO .Xr sigaction 2 , .Xr getpass 3 .Sh STANDARDS The .Fn readpassphrase function is an extension and should not be used if portability is desired. .Sh HISTORY The .Fn readpassphrase function first appeared in .Ox 2.9 . diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c index 983e01d89306..d57e703e5fb4 100644 --- a/lib/libc/gen/readpassphrase.c +++ b/lib/libc/gen/readpassphrase.c @@ -1,178 +1,194 @@ -/* $OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $ */ +/* $OpenBSD: readpassphrase.c,v 1.23 2010/05/14 13:30:34 millert Exp $ */ /* - * Copyright (c) 2000 Todd C. Miller - * All rights reserved. + * Copyright (c) 2000-2002, 2007, 2010 + * Todd C. Miller * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. The name of the author may not be used to endorse or promote products - * derived from this software without specific prior written permission. + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL - * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, - * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, - * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; - * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, - * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR - * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF - * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sponsored in part by the Defense Advanced Research Projects + * Agency (DARPA) and Air Force Research Laboratory, Air Force + * Materiel Command, USAF, under agreement number F39502-99-1-0512. */ -#if defined(LIBC_SCCS) && !defined(lint) -static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $"; -#endif /* LIBC_SCCS and not lint */ #include __FBSDID("$FreeBSD$"); #include "namespace.h" #include #include #include #include #include #include #include #include #include #include #include "un-namespace.h" -static volatile sig_atomic_t signo; +static volatile sig_atomic_t signo[NSIG]; static void handler(int); char * readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags) { ssize_t nr; - int input, output, save_errno; + int input, output, save_errno, i, need_restart; char ch, *p, *end; struct termios term, oterm; - struct sigaction sa, saveint, savehup, savequit, saveterm; - struct sigaction savetstp, savettin, savettou; + struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm; + struct sigaction savetstp, savettin, savettou, savepipe; /* I suppose we could alloc on demand in this case (XXX). */ if (bufsiz == 0) { errno = EINVAL; return(NULL); } restart: + for (i = 0; i < NSIG; i++) + signo[i] = 0; + nr = -1; + save_errno = 0; + need_restart = 0; /* * Read and write to /dev/tty if available. If not, read from * stdin and write to stderr unless a tty is required. */ - if ((input = output = _open(_PATH_TTY, O_RDWR)) == -1) { + if ((flags & RPP_STDIN) || + (input = output = _open(_PATH_TTY, O_RDWR)) == -1) { if (flags & RPP_REQUIRE_TTY) { errno = ENOTTY; return(NULL); } input = STDIN_FILENO; output = STDERR_FILENO; } + /* + * Turn off echo if possible. + * If we are using a tty but are not the foreground pgrp this will + * generate SIGTTOU, so do it *before* installing the signal handlers. + */ + if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) { + memcpy(&term, &oterm, sizeof(term)); + if (!(flags & RPP_ECHO_ON)) + term.c_lflag &= ~(ECHO | ECHONL); + if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) + term.c_cc[VSTATUS] = _POSIX_VDISABLE; + (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); + } else { + memset(&term, 0, sizeof(term)); + term.c_lflag |= ECHO; + memset(&oterm, 0, sizeof(oterm)); + oterm.c_lflag |= ECHO; + } + /* * Catch signals that would otherwise cause the user to end * up with echo turned off in the shell. Don't worry about - * things like SIGALRM and SIGPIPE for now. + * things like SIGXCPU and SIGVTALRM for now. */ sigemptyset(&sa.sa_mask); sa.sa_flags = 0; /* don't restart system calls */ sa.sa_handler = handler; - (void)_sigaction(SIGINT, &sa, &saveint); + (void)_sigaction(SIGALRM, &sa, &savealrm); (void)_sigaction(SIGHUP, &sa, &savehup); + (void)_sigaction(SIGINT, &sa, &saveint); + (void)_sigaction(SIGPIPE, &sa, &savepipe); (void)_sigaction(SIGQUIT, &sa, &savequit); (void)_sigaction(SIGTERM, &sa, &saveterm); (void)_sigaction(SIGTSTP, &sa, &savetstp); (void)_sigaction(SIGTTIN, &sa, &savettin); (void)_sigaction(SIGTTOU, &sa, &savettou); - /* Turn off echo if possible. */ - if (tcgetattr(input, &oterm) == 0) { - memcpy(&term, &oterm, sizeof(term)); - if (!(flags & RPP_ECHO_ON)) - term.c_lflag &= ~(ECHO | ECHONL); - if (term.c_cc[VSTATUS] != _POSIX_VDISABLE) - term.c_cc[VSTATUS] = _POSIX_VDISABLE; - (void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term); - } else { - memset(&term, 0, sizeof(term)); - memset(&oterm, 0, sizeof(oterm)); - } - - (void)_write(output, prompt, strlen(prompt)); + if (!(flags & RPP_STDIN)) + (void)_write(output, prompt, strlen(prompt)); end = buf + bufsiz - 1; - for (p = buf; (nr = _read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) { + p = buf; + while ((nr = _read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') { if (p < end) { if ((flags & RPP_SEVENBIT)) ch &= 0x7f; if (isalpha(ch)) { if ((flags & RPP_FORCELOWER)) - ch = tolower(ch); + ch = (char)tolower(ch); if ((flags & RPP_FORCEUPPER)) - ch = toupper(ch); + ch = (char)toupper(ch); } *p++ = ch; } } *p = '\0'; save_errno = errno; if (!(term.c_lflag & ECHO)) (void)_write(output, "\n", 1); /* Restore old terminal settings and signals. */ - if (memcmp(&term, &oterm, sizeof(term)) != 0) - (void)tcsetattr(input, TCSANOW|TCSASOFT, &oterm); - (void)_sigaction(SIGINT, &saveint, NULL); + if (memcmp(&term, &oterm, sizeof(term)) != 0) { + while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 && + errno == EINTR && !signo[SIGTTOU]) + continue; + } + (void)_sigaction(SIGALRM, &savealrm, NULL); (void)_sigaction(SIGHUP, &savehup, NULL); + (void)_sigaction(SIGINT, &saveint, NULL); (void)_sigaction(SIGQUIT, &savequit, NULL); + (void)_sigaction(SIGPIPE, &savepipe, NULL); (void)_sigaction(SIGTERM, &saveterm, NULL); (void)_sigaction(SIGTSTP, &savetstp, NULL); (void)_sigaction(SIGTTIN, &savettin, NULL); (void)_sigaction(SIGTTOU, &savettou, NULL); if (input != STDIN_FILENO) (void)_close(input); /* * If we were interrupted by a signal, resend it to ourselves * now that we have restored the signal handlers. */ - if (signo) { - kill(getpid(), signo); - switch (signo) { - case SIGTSTP: - case SIGTTIN: - case SIGTTOU: - signo = 0; - goto restart; + for (i = 0; i < NSIG; i++) { + if (signo[i]) { + kill(getpid(), i); + switch (i) { + case SIGTSTP: + case SIGTTIN: + case SIGTTOU: + need_restart = 1; + } } } + if (need_restart) + goto restart; - errno = save_errno; + if (save_errno) + errno = save_errno; return(nr == -1 ? NULL : buf); } char * getpass(const char *prompt) { static char buf[_PASSWORD_LEN + 1]; if (readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF) == NULL) buf[0] = '\0'; return(buf); } static void handler(int s) { - signo = s; + signo[s] = 1; }