passwd/apr_getpass.c - apr - Git at Google

 /* Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *     http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 /* apr_password_get.c: abstraction to provide for obtaining a password from the
  * command line in whatever way the OS supports.  In the best case, it's a
  * wrapper for the system library's getpass() routine; otherwise, we
  * use one we define ourselves.
  */
 #include "apr_private.h"
 #include "apr_strings.h"
 #include "apr_lib.h"
 #include "apr_errno.h"
 #if APR_HAVE_SYS_TYPES_H
 #include <sys/types.h>
 #endif
 #if APR_HAVE_ERRNO_H
 #include <errno.h>
 #endif

 #if APR_HAVE_UNISTD_H
 #include <unistd.h>
 #endif
 #if APR_HAVE_CONIO_H
 #ifdef _MSC_VER
 #pragma warning(disable: 4032)
 #include <conio.h>
 #pragma warning(default: 4032)
 #else
 #include <conio.h>
 #endif
 #endif
 #if APR_HAVE_STDLIB_H
 #include <stdlib.h>
 #endif
 #if APR_HAVE_STRING_H
 #include <string.h>
 #endif
 #if APR_HAVE_STRINGS_H
 #include <strings.h>
 #endif
 #if APR_HAVE_STDIO_H
 #include <stdio.h>
 #endif

 /* Disable getpass() support when PASS_MAX is defined and is "small",
  * for an arbitrary definition of "small".
  * HP-UX truncates passwords (PR49496) so we disable getpass() for
  * this platform too.
  */
 #if defined(HAVE_GETPASS) && \
     (defined(PASS_MAX) && PASS_MAX < 32) || defined(__hpux) || defined(__hpux__)
 #undef HAVE_GETPASS
 #endif

 #if defined(HAVE_TERMIOS_H) && !defined(HAVE_GETPASS)
 #include <termios.h>
 #endif

 #if !APR_CHARSET_EBCDIC
 #define LF 10
 #define CR 13
 #else /* APR_CHARSET_EBCDIC */
 #define LF '\n'
 #define CR '\r'
 #endif /* APR_CHARSET_EBCDIC */

 #define MAX_STRING_LEN 256

 #define ERR_OVERFLOW 5

 #if !defined(HAVE_GETPASS) && !defined(HAVE_GETPASSPHRASE) && !defined(HAVE_GETPASS_R)

 /* MPE, Win32, and BeOS all lack a native getpass() */

 #if !defined(HAVE_TERMIOS_H) && !defined(WIN32)
 /*
  * MPE lacks getpass() and a way to suppress stdin echo.  So for now, just
  * issue the prompt and read the results with echo.  (Ugh).
  */

 static char *get_password(const char *prompt)
 {
     static char password[MAX_STRING_LEN];

     fputs(prompt, stderr);
     fgets((char *) &password, sizeof(password), stdin);

     return (char *) &password;
 }

 #elif defined(WIN32)

 /*
  * Windows lacks getpass().  So we'll re-implement it here.
  */

 static char *get_password(const char *prompt)
 {
 /* WCE lacks console. So the getpass is unsuported
  * The only way is to use the GUI so the getpass should be implemented
  * on per-application basis.
  */
 #ifdef _WIN32_WCE
     return NULL;
 #else
     static char password[128];
     int n = 0;
     int ch;

     fputs(prompt, stderr);

     while ((ch = _getch()) != '\r') {
         if (ch == EOF) /* EOF */ {
             fputs("[EOF]\n", stderr);
             return NULL;
         }
         else if (ch == 0 || ch == 0xE0) {
             /* FN Keys (0 or E0) are a sentinal for a FN code */
             ch = (ch << 4) | _getch();
             /* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */
             if ((ch == 0xE53 || ch == 0xE4B || ch == 0x053 || ch == 0x04b) && n) {
                 password[--n] = '\0';
                 fputs("\b \b", stderr);
             }
             else {
                 fputc('\a', stderr);
             }
         }
         else if ((ch == '\b' || ch == 127) && n) /* BS/DEL */ {
             password[--n] = '\0';
             fputs("\b \b", stderr);
         }
         else if (ch == 3) /* CTRL+C */ {
             /* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */
             fputs("^C\n", stderr);
             exit(-1);
         }
         else if (ch == 26) /* CTRL+Z */ {
             fputs("^Z\n", stderr);
             return NULL;
         }
         else if (ch == 27) /* ESC */ {
             fputc('\n', stderr);
             fputs(prompt, stderr);
             n = 0;
         }
         else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) {
             password[n++] = ch;
             fputc('*', stderr);
         }
         else {
             fputc('\a', stderr);
         }
     }

     fputc('\n', stderr);
     password[n] = '\0';
     return password;
 #endif
 }

 #elif defined (HAVE_TERMIOS_H)

 static char *get_password(const char *prompt)
 {
     struct termios attr;
     static char password[MAX_STRING_LEN];
     int n=0;
     fputs(prompt, stderr);
     fflush(stderr);

     if (tcgetattr(STDIN_FILENO, &attr) != 0)
         return NULL;
     attr.c_lflag &= ~(ECHO);

     if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0)
         return NULL;
     while ((password[n] = getchar()) != '\n') {
         if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n] <= '~') {
             n++;
         } else {
             fprintf(stderr,"\n");
             fputs(prompt, stderr);
             fflush(stderr);
             n = 0;
         }
     }

     password[n] = '\0';
     printf("\n");
     if (n > (MAX_STRING_LEN - 1)) {
         password[MAX_STRING_LEN - 1] = '\0';
     }

     attr.c_lflag |= ECHO;
     tcsetattr(STDIN_FILENO, TCSANOW, &attr);
     return (char*) &password;
 }

 #endif /* no getchar or _getch */

 #endif /* no getpass or getpassphrase or getpass_r */

 /*
  * Use the OS getpass() routine (or our own) to obtain a password from
  * the input stream.
  *
  * Exit values:
  *  0: Success
  *  5: Partial success; entered text truncated to the size of the
  *     destination buffer
  *
  * Restrictions: Truncation also occurs according to the host system's
  * getpass() semantics, or at position 255 if our own version is used,
  * but the caller is *not* made aware of it unless their own buffer is
  * smaller than our own.
  */

 APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_size_t *bufsiz)
 {
     apr_status_t rv = APR_SUCCESS;
 #if defined(HAVE_GETPASS_R)
     if (getpass_r(prompt, pwbuf, *bufsiz) == NULL)
         return APR_EINVAL;
 #else
 #if defined(HAVE_GETPASSPHRASE)
     char *pw_got = getpassphrase(prompt);
 #elif defined(HAVE_GETPASS)
     char *pw_got = getpass(prompt);
 #else /* use the replacement implementation above */
     char *pw_got = get_password(prompt);
 #endif

     if (!pw_got)
         return APR_EINVAL;
     if (strlen(pw_got) >= *bufsiz) {
         rv = APR_ENAMETOOLONG;
     }
     apr_cpystrn(pwbuf, pw_got, *bufsiz);
     memset(pw_got, 0, strlen(pw_got));
 #endif /* HAVE_GETPASS_R */
     return rv;
 }
	/* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	/* apr_password_get.c: abstraction to provide for obtaining a password from the
	* command line in whatever way the OS supports. In the best case, it's a
	* wrapper for the system library's getpass() routine; otherwise, we
	* use one we define ourselves.
	*/
	#include "apr_private.h"
	#include "apr_strings.h"
	#include "apr_lib.h"
	#include "apr_errno.h"
	#if APR_HAVE_SYS_TYPES_H
	#include <sys/types.h>
	#endif
	#if APR_HAVE_ERRNO_H
	#include <errno.h>
	#endif

	#if APR_HAVE_UNISTD_H
	#include <unistd.h>
	#endif
	#if APR_HAVE_CONIO_H
	#ifdef _MSC_VER
	#pragma warning(disable: 4032)
	#include <conio.h>
	#pragma warning(default: 4032)
	#else
	#include <conio.h>
	#endif
	#endif
	#if APR_HAVE_STDLIB_H
	#include <stdlib.h>
	#endif
	#if APR_HAVE_STRING_H
	#include <string.h>
	#endif
	#if APR_HAVE_STRINGS_H
	#include <strings.h>
	#endif
	#if APR_HAVE_STDIO_H
	#include <stdio.h>
	#endif

	/* Disable getpass() support when PASS_MAX is defined and is "small",
	* for an arbitrary definition of "small".
	* HP-UX truncates passwords (PR49496) so we disable getpass() for
	* this platform too.
	*/
	#if defined(HAVE_GETPASS) && \
	(defined(PASS_MAX) && PASS_MAX < 32) \|\| defined(__hpux) \|\| defined(__hpux__)
	#undef HAVE_GETPASS
	#endif

	#if defined(HAVE_TERMIOS_H) && !defined(HAVE_GETPASS)
	#include <termios.h>
	#endif

	#if !APR_CHARSET_EBCDIC
	#define LF 10
	#define CR 13
	#else /* APR_CHARSET_EBCDIC */
	#define LF '\n'
	#define CR '\r'
	#endif /* APR_CHARSET_EBCDIC */

	#define MAX_STRING_LEN 256

	#define ERR_OVERFLOW 5

	#if !defined(HAVE_GETPASS) && !defined(HAVE_GETPASSPHRASE) && !defined(HAVE_GETPASS_R)

	/* MPE, Win32, and BeOS all lack a native getpass() */

	#if !defined(HAVE_TERMIOS_H) && !defined(WIN32)
	/*
	* MPE lacks getpass() and a way to suppress stdin echo. So for now, just
	* issue the prompt and read the results with echo. (Ugh).
	*/

	static char get_password(const char prompt)
	{
	static char password[MAX_STRING_LEN];

	fputs(prompt, stderr);
	fgets((char *) &password, sizeof(password), stdin);

	return (char *) &password;
	}

	#elif defined(WIN32)

	/*
	* Windows lacks getpass(). So we'll re-implement it here.
	*/

	static char get_password(const char prompt)
	{
	/* WCE lacks console. So the getpass is unsuported
	* The only way is to use the GUI so the getpass should be implemented
	* on per-application basis.
	*/
	#ifdef _WIN32_WCE
	return NULL;
	#else
	static char password[128];
	int n = 0;
	int ch;

	fputs(prompt, stderr);

	while ((ch = _getch()) != '\r') {
	if (ch == EOF) /* EOF */ {
	fputs("[EOF]\n", stderr);
	return NULL;
	}
	else if (ch == 0 \|\| ch == 0xE0) {
	/* FN Keys (0 or E0) are a sentinal for a FN code */
	ch = (ch << 4) \| _getch();
	/* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */
	if ((ch == 0xE53 \|\| ch == 0xE4B \|\| ch == 0x053 \|\| ch == 0x04b) && n) {
	password[--n] = '\0';
	fputs("\b \b", stderr);
	}
	else {
	fputc('\a', stderr);
	}
	}
	else if ((ch == '\b' \|\| ch == 127) && n) /* BS/DEL */ {
	password[--n] = '\0';
	fputs("\b \b", stderr);
	}
	else if (ch == 3) /* CTRL+C */ {
	/* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */
	fputs("^C\n", stderr);
	exit(-1);
	}
	else if (ch == 26) /* CTRL+Z */ {
	fputs("^Z\n", stderr);
	return NULL;
	}
	else if (ch == 27) /* ESC */ {
	fputc('\n', stderr);
	fputs(prompt, stderr);
	n = 0;
	}
	else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) {
	password[n++] = ch;
	fputc('*', stderr);
	}
	else {
	fputc('\a', stderr);
	}
	}

	fputc('\n', stderr);
	password[n] = '\0';
	return password;
	#endif
	}

	#elif defined (HAVE_TERMIOS_H)

	static char get_password(const char prompt)
	{
	struct termios attr;
	static char password[MAX_STRING_LEN];
	int n=0;
	fputs(prompt, stderr);
	fflush(stderr);

	if (tcgetattr(STDIN_FILENO, &attr) != 0)
	return NULL;
	attr.c_lflag &= ~(ECHO);

	if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0)
	return NULL;
	while ((password[n] = getchar()) != '\n') {
	if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n] <= '~') {
	n++;
	} else {
	fprintf(stderr,"\n");
	fputs(prompt, stderr);
	fflush(stderr);
	n = 0;
	}
	}

	password[n] = '\0';
	printf("\n");
	if (n > (MAX_STRING_LEN - 1)) {
	password[MAX_STRING_LEN - 1] = '\0';
	}

	attr.c_lflag \|= ECHO;
	tcsetattr(STDIN_FILENO, TCSANOW, &attr);
	return (char*) &password;
	}

	#endif /* no getchar or _getch */

	#endif /* no getpass or getpassphrase or getpass_r */

	/*
	* Use the OS getpass() routine (or our own) to obtain a password from
	* the input stream.
	*
	* Exit values:
	* 0: Success
	* 5: Partial success; entered text truncated to the size of the
	* destination buffer
	*
	* Restrictions: Truncation also occurs according to the host system's
	* getpass() semantics, or at position 255 if our own version is used,
	* but the caller is not made aware of it unless their own buffer is
	* smaller than our own.
	*/

	APR_DECLARE(apr_status_t) apr_password_get(const char prompt, char pwbuf, apr_size_t *bufsiz)
	{
	apr_status_t rv = APR_SUCCESS;
	#if defined(HAVE_GETPASS_R)
	if (getpass_r(prompt, pwbuf, *bufsiz) == NULL)
	return APR_EINVAL;
	#else
	#if defined(HAVE_GETPASSPHRASE)
	char *pw_got = getpassphrase(prompt);
	#elif defined(HAVE_GETPASS)
	char *pw_got = getpass(prompt);
	#else /* use the replacement implementation above */
	char *pw_got = get_password(prompt);
	#endif

	if (!pw_got)
	return APR_EINVAL;
	if (strlen(pw_got) >= *bufsiz) {
	rv = APR_ENAMETOOLONG;
	}
	apr_cpystrn(pwbuf, pw_got, *bufsiz);
	memset(pw_got, 0, strlen(pw_got));
	#endif /* HAVE_GETPASS_R */
	return rv;
	}