2 * Copyright (c) 2014 Michihiro NAKAJIMA
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer
10 * in this position and unchanged.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
17 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
18 * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT,
19 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
20 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
21 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
22 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
23 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
24 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 /* $OpenBSD: readpassphrase.c,v 1.27 2019/01/25 00:19:25 millert Exp $ */
29 * Copyright (c) 2000-2002, 2007, 2010
30 * Todd C. Miller <millert@openbsd.org>
32 * Permission to use, copy, modify, and distribute this software for any
33 * purpose with or without fee is hereby granted, provided that the above
34 * copyright notice and this permission notice appear in all copies.
36 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
37 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
38 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
39 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
40 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
41 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
42 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
44 * Sponsored in part by the Defense Advanced Research Projects
45 * Agency (DARPA) and Air Force Research Laboratory, Air Force
46 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
49 /* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
52 #include "lafe_platform.h"
53 __FBSDID("$FreeBSD$");
62 #ifdef HAVE_READPASSPHRASE_H
63 #include <readpassphrase.h>
67 #include "passphrase.h"
69 #ifndef HAVE_READPASSPHRASE
71 #define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
72 #define RPP_ECHO_ON 0x01 /* Leave echo on. */
73 #define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
74 #define RPP_FORCELOWER 0x04 /* Force input to lower case. */
75 #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
76 #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
77 #define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
80 #if defined(_WIN32) && !defined(__CYGWIN__)
84 readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
86 HANDLE hStdin, hStdout;
92 hStdin = GetStdHandle(STD_INPUT_HANDLE);
93 if (hStdin == INVALID_HANDLE_VALUE)
95 hStdout = GetStdHandle(STD_OUTPUT_HANDLE);
96 if (hStdout == INVALID_HANDLE_VALUE)
99 success = GetConsoleMode(hStdin, &mode);
102 mode &= ~ENABLE_ECHO_INPUT;
103 mode |= ENABLE_LINE_INPUT | ENABLE_PROCESSED_INPUT;
104 success = SetConsoleMode(hStdin, mode);
108 success = WriteFile(hStdout, prompt, (DWORD)strlen(prompt),
112 success = ReadFile(hStdin, buf, (DWORD)bufsiz - 1, &rbytes, NULL);
115 WriteFile(hStdout, "\r\n", 2, NULL, NULL);
117 /* Remove trailing carriage return(s). */
118 if (rbytes > 2 && buf[rbytes - 2] == '\r' && buf[rbytes - 1] == '\n')
119 buf[rbytes - 2] = '\0';
124 #else /* _WIN32 && !__CYGWIN__ */
138 #define _PATH_TTY "/dev/tty"
142 # define _T_FLUSH (TCSAFLUSH|TCSASOFT)
144 # define _T_FLUSH (TCSAFLUSH)
147 /* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
148 #if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
149 # define _POSIX_VDISABLE VDISABLE
152 #define M(a,b) (a > b ? a : b)
153 #define MAX_SIGNO M(M(M(SIGALRM, SIGHUP), \
154 M(SIGINT, SIGPIPE)), \
155 M(M(SIGQUIT, SIGTERM), \
156 M(M(SIGTSTP, SIGTTIN), SIGTTOU)))
158 static volatile sig_atomic_t signo[MAX_SIGNO + 1];
163 assert(s <= MAX_SIGNO);
168 readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
171 int input, output, save_errno, i, need_restart;
173 struct termios term, oterm;
174 struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
175 struct sigaction savetstp, savettin, savettou, savepipe;
177 /* I suppose we could alloc on demand in this case (XXX). */
184 for (i = 0; i <= MAX_SIGNO; i++)
190 * Read and write to /dev/tty if available. If not, read from
191 * stdin and write to stderr unless a tty is required.
193 if ((flags & RPP_STDIN) ||
194 (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
195 if (flags & RPP_REQUIRE_TTY) {
199 input = STDIN_FILENO;
200 output = STDERR_FILENO;
204 * Turn off echo if possible.
205 * If we are using a tty but are not the foreground pgrp this will
206 * generate SIGTTOU, so do it *before* installing the signal handlers.
208 if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
209 memcpy(&term, &oterm, sizeof(term));
210 if (!(flags & RPP_ECHO_ON))
211 term.c_lflag &= ~(ECHO | ECHONL);
213 if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
214 term.c_cc[VSTATUS] = _POSIX_VDISABLE;
216 (void)tcsetattr(input, _T_FLUSH, &term);
218 memset(&term, 0, sizeof(term));
219 term.c_lflag |= ECHO;
220 memset(&oterm, 0, sizeof(oterm));
221 oterm.c_lflag |= ECHO;
225 * Catch signals that would otherwise cause the user to end
226 * up with echo turned off in the shell. Don't worry about
227 * things like SIGXCPU and SIGVTALRM for now.
229 sigemptyset(&sa.sa_mask);
230 sa.sa_flags = 0; /* don't restart system calls */
231 sa.sa_handler = handler;
232 /* Keep this list in sync with MAX_SIGNO! */
233 (void)sigaction(SIGALRM, &sa, &savealrm);
234 (void)sigaction(SIGHUP, &sa, &savehup);
235 (void)sigaction(SIGINT, &sa, &saveint);
236 (void)sigaction(SIGPIPE, &sa, &savepipe);
237 (void)sigaction(SIGQUIT, &sa, &savequit);
238 (void)sigaction(SIGTERM, &sa, &saveterm);
239 (void)sigaction(SIGTSTP, &sa, &savetstp);
240 (void)sigaction(SIGTTIN, &sa, &savettin);
241 (void)sigaction(SIGTTOU, &sa, &savettou);
243 if (!(flags & RPP_STDIN)) {
244 int r = write(output, prompt, strlen(prompt));
247 end = buf + bufsiz - 1;
249 while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
251 if ((flags & RPP_SEVENBIT))
253 if (isalpha((unsigned char)ch)) {
254 if ((flags & RPP_FORCELOWER))
255 ch = (char)tolower((unsigned char)ch);
256 if ((flags & RPP_FORCEUPPER))
257 ch = (char)toupper((unsigned char)ch);
264 if (!(term.c_lflag & ECHO)) {
265 int r = write(output, "\n", 1);
269 /* Restore old terminal settings and signals. */
270 if (memcmp(&term, &oterm, sizeof(term)) != 0) {
271 const int sigttou = signo[SIGTTOU];
273 /* Ignore SIGTTOU generated when we are not the fg pgrp. */
274 while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
275 errno == EINTR && !signo[SIGTTOU])
277 signo[SIGTTOU] = sigttou;
279 (void)sigaction(SIGALRM, &savealrm, NULL);
280 (void)sigaction(SIGHUP, &savehup, NULL);
281 (void)sigaction(SIGINT, &saveint, NULL);
282 (void)sigaction(SIGQUIT, &savequit, NULL);
283 (void)sigaction(SIGPIPE, &savepipe, NULL);
284 (void)sigaction(SIGTERM, &saveterm, NULL);
285 (void)sigaction(SIGTSTP, &savetstp, NULL);
286 (void)sigaction(SIGTTIN, &savettin, NULL);
287 (void)sigaction(SIGTTOU, &savettou, NULL);
288 if (input != STDIN_FILENO)
292 * If we were interrupted by a signal, resend it to ourselves
293 * now that we have restored the signal handlers.
295 for (i = 0; i <= MAX_SIGNO; i++) {
311 return(nr == -1 ? NULL : buf);
313 #endif /* _WIN32 && !__CYGWIN__ */
314 #endif /* HAVE_READPASSPHRASE */
317 lafe_readpassphrase(const char *prompt, char *buf, size_t bufsiz)
321 p = readpassphrase(prompt, buf, bufsiz, RPP_ECHO_OFF);
327 lafe_errc(1, errno, "Couldn't read passphrase");