diff options
Diffstat (limited to 'passwd/apr_getpass.c')
-rw-r--r-- | passwd/apr_getpass.c | 254 |
1 files changed, 254 insertions, 0 deletions
diff --git a/passwd/apr_getpass.c b/passwd/apr_getpass.c new file mode 100644 index 0000000..f31cdaf --- /dev/null +++ b/passwd/apr_getpass.c @@ -0,0 +1,254 @@ +/* Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +/* apr_password_get.c: abstraction to provide for obtaining a password from the + * command line in whatever way the OS supports. In the best case, it's a + * wrapper for the system library's getpass() routine; otherwise, we + * use one we define ourselves. + */ +#include "apr_private.h" +#include "apr_strings.h" +#include "apr_lib.h" +#include "apr_errno.h" +#if APR_HAVE_SYS_TYPES_H +#include <sys/types.h> +#endif +#if APR_HAVE_ERRNO_H +#include <errno.h> +#endif + +#if APR_HAVE_UNISTD_H +#include <unistd.h> +#endif +#if APR_HAVE_CONIO_H +#ifdef _MSC_VER +#pragma warning(disable: 4032) +#include <conio.h> +#pragma warning(default: 4032) +#else +#include <conio.h> +#endif +#endif +#if APR_HAVE_STDLIB_H +#include <stdlib.h> +#endif +#if APR_HAVE_STRING_H +#include <string.h> +#endif +#if APR_HAVE_STRINGS_H +#include <strings.h> +#endif + +/* Disable getpass() support when PASS_MAX is defined and is "small", + * for an arbitrary definition of "small". + * HP-UX truncates passwords (PR49496) so we disable getpass() for + * this platform too. + */ +#if defined(HAVE_GETPASS) && \ + (defined(PASS_MAX) && PASS_MAX < 32) || defined(__hpux) || defined(__hpux__) +#undef HAVE_GETPASS +#endif + +#if defined(HAVE_TERMIOS_H) && !defined(HAVE_GETPASS) +#include <termios.h> +#endif + +#if !APR_CHARSET_EBCDIC +#define LF 10 +#define CR 13 +#else /* APR_CHARSET_EBCDIC */ +#define LF '\n' +#define CR '\r' +#endif /* APR_CHARSET_EBCDIC */ + +#define MAX_STRING_LEN 256 + +#define ERR_OVERFLOW 5 + +#if !defined(HAVE_GETPASS) && !defined(HAVE_GETPASSPHRASE) && !defined(HAVE_GETPASS_R) + +/* MPE, Win32, NetWare and BeOS all lack a native getpass() */ + +#if !defined(HAVE_TERMIOS_H) && !defined(WIN32) && !defined(NETWARE) +/* + * MPE lacks getpass() and a way to suppress stdin echo. So for now, just + * issue the prompt and read the results with echo. (Ugh). + */ + +static char *get_password(const char *prompt) +{ + static char password[MAX_STRING_LEN]; + + fputs(prompt, stderr); + fgets((char *) &password, sizeof(password), stdin); + + return (char *) &password; +} + +#elif defined (HAVE_TERMIOS_H) +#include <stdio.h> + +static char *get_password(const char *prompt) +{ + struct termios attr; + static char password[MAX_STRING_LEN]; + int n=0; + fputs(prompt, stderr); + fflush(stderr); + + if (tcgetattr(STDIN_FILENO, &attr) != 0) + return NULL; + attr.c_lflag &= ~(ECHO); + + if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0) + return NULL; + while ((password[n] = getchar()) != '\n') { + if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n] <= '~') { + n++; + } else { + fprintf(stderr,"\n"); + fputs(prompt, stderr); + fflush(stderr); + n = 0; + } + } + + password[n] = '\0'; + printf("\n"); + if (n > (MAX_STRING_LEN - 1)) { + password[MAX_STRING_LEN - 1] = '\0'; + } + + attr.c_lflag |= ECHO; + tcsetattr(STDIN_FILENO, TCSANOW, &attr); + return (char*) &password; +} + +#else + +/* + * Windows lacks getpass(). So we'll re-implement it here. + */ + +static char *get_password(const char *prompt) +{ +/* WCE lacks console. So the getpass is unsuported + * The only way is to use the GUI so the getpass should be implemented + * on per-application basis. + */ +#ifdef _WIN32_WCE + return NULL; +#else + static char password[128]; + int n = 0; + int ch; + + fputs(prompt, stderr); + + while ((ch = _getch()) != '\r') { + if (ch == EOF) /* EOF */ { + fputs("[EOF]\n", stderr); + return NULL; + } + else if (ch == 0 || ch == 0xE0) { + /* FN Keys (0 or E0) are a sentinal for a FN code */ + ch = (ch << 4) | _getch(); + /* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */ + if ((ch == 0xE53 || ch == 0xE4B || ch == 0x053 || ch == 0x04b) && n) { + password[--n] = '\0'; + fputs("\b \b", stderr); + } + else { + fputc('\a', stderr); + } + } + else if ((ch == '\b' || ch == 127) && n) /* BS/DEL */ { + password[--n] = '\0'; + fputs("\b \b", stderr); + } + else if (ch == 3) /* CTRL+C */ { + /* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */ + fputs("^C\n", stderr); + exit(-1); + } + else if (ch == 26) /* CTRL+Z */ { + fputs("^Z\n", stderr); + return NULL; + } + else if (ch == 27) /* ESC */ { + fputc('\n', stderr); + fputs(prompt, stderr); + n = 0; + } + else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) { + password[n++] = ch; + fputc('*', stderr); + } + else { + fputc('\a', stderr); + } + } + + fputc('\n', stderr); + password[n] = '\0'; + return password; +#endif +} + +#endif /* no getchar or _getch */ + +#endif /* no getpass or getpassphrase or getpass_r */ + +/* + * Use the OS getpass() routine (or our own) to obtain a password from + * the input stream. + * + * Exit values: + * 0: Success + * 5: Partial success; entered text truncated to the size of the + * destination buffer + * + * Restrictions: Truncation also occurs according to the host system's + * getpass() semantics, or at position 255 if our own version is used, + * but the caller is *not* made aware of it unless their own buffer is + * smaller than our own. + */ + +APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_size_t *bufsiz) +{ + apr_status_t rv = APR_SUCCESS; +#if defined(HAVE_GETPASS_R) + if (getpass_r(prompt, pwbuf, *bufsiz) == NULL) + return APR_EINVAL; +#else +#if defined(HAVE_GETPASSPHRASE) + char *pw_got = getpassphrase(prompt); +#elif defined(HAVE_GETPASS) + char *pw_got = getpass(prompt); +#else /* use the replacement implementation above */ + char *pw_got = get_password(prompt); +#endif + + if (!pw_got) + return APR_EINVAL; + if (strlen(pw_got) >= *bufsiz) { + rv = APR_ENAMETOOLONG; + } + apr_cpystrn(pwbuf, pw_got, *bufsiz); + memset(pw_got, 0, strlen(pw_got)); +#endif /* HAVE_GETPASS_R */ + return rv; +} |