Annotation of embedaddon/sudo/src/tgetpass.c, revision 1.1
1.1 ! misho 1: /*
! 2: * Copyright (c) 1996, 1998-2005, 2007-2011
! 3: * Todd C. Miller <Todd.Miller@courtesan.com>
! 4: *
! 5: * Permission to use, copy, modify, and distribute this software for any
! 6: * purpose with or without fee is hereby granted, provided that the above
! 7: * copyright notice and this permission notice appear in all copies.
! 8: *
! 9: * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
! 10: * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
! 11: * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
! 12: * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
! 13: * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
! 14: * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
! 15: * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
! 16: *
! 17: * Sponsored in part by the Defense Advanced Research Projects
! 18: * Agency (DARPA) and Air Force Research Laboratory, Air Force
! 19: * Materiel Command, USAF, under agreement number F39502-99-1-0512.
! 20: */
! 21:
! 22: #ifdef __TANDEM
! 23: # include <floss.h>
! 24: #endif
! 25:
! 26: #include <config.h>
! 27:
! 28: #include <sys/types.h>
! 29: #include <sys/param.h>
! 30: #include <stdio.h>
! 31: #ifdef STDC_HEADERS
! 32: # include <stdlib.h>
! 33: # include <stddef.h>
! 34: #else
! 35: # ifdef HAVE_STDLIB_H
! 36: # include <stdlib.h>
! 37: # endif
! 38: #endif /* STDC_HEADERS */
! 39: #ifdef HAVE_STRING_H
! 40: # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
! 41: # include <memory.h>
! 42: # endif
! 43: # include <string.h>
! 44: #endif /* HAVE_STRING_H */
! 45: #ifdef HAVE_STRINGS_H
! 46: # include <strings.h>
! 47: #endif /* HAVE_STRINGS_H */
! 48: #ifdef HAVE_UNISTD_H
! 49: # include <unistd.h>
! 50: #endif /* HAVE_UNISTD_H */
! 51: #include <pwd.h>
! 52: #include <errno.h>
! 53: #include <signal.h>
! 54: #include <fcntl.h>
! 55:
! 56: #include "sudo.h"
! 57:
! 58: static volatile sig_atomic_t signo[NSIG];
! 59:
! 60: static void handler(int);
! 61: static char *getln(int, char *, size_t, int);
! 62: static char *sudo_askpass(const char *, const char *);
! 63:
! 64: #ifdef _PATH_SUDO_ASKPASS
! 65: const char *askpass_path = _PATH_SUDO_ASKPASS;
! 66: #else
! 67: const char *askpass_path;
! 68: #endif
! 69:
! 70: /*
! 71: * Like getpass(3) but with timeout and echo flags.
! 72: */
! 73: char *
! 74: tgetpass(const char *prompt, int timeout, int flags)
! 75: {
! 76: sigaction_t sa, savealrm, saveint, savehup, savequit, saveterm;
! 77: sigaction_t savetstp, savettin, savettou, savepipe;
! 78: char *pass;
! 79: static const char *askpass;
! 80: static char buf[SUDO_PASS_MAX + 1];
! 81: int i, input, output, save_errno, neednl = 0, need_restart;
! 82:
! 83: (void) fflush(stdout);
! 84:
! 85: if (askpass == NULL) {
! 86: askpass = getenv("SUDO_ASKPASS");
! 87: if (askpass == NULL || *askpass == '\0')
! 88: askpass = askpass_path;
! 89: }
! 90:
! 91: /* If no tty present and we need to disable echo, try askpass. */
! 92: if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
! 93: !tty_present()) {
! 94: if (askpass == NULL || getenv("DISPLAY") == NULL) {
! 95: warningx(_("no tty present and no askpass program specified"));
! 96: return NULL;
! 97: }
! 98: SET(flags, TGP_ASKPASS);
! 99: }
! 100:
! 101: /* If using a helper program to get the password, run it instead. */
! 102: if (ISSET(flags, TGP_ASKPASS)) {
! 103: if (askpass == NULL || *askpass == '\0')
! 104: errorx(1, _("no askpass program specified, try setting SUDO_ASKPASS"));
! 105: return sudo_askpass(askpass, prompt);
! 106: }
! 107:
! 108: restart:
! 109: for (i = 0; i < NSIG; i++)
! 110: signo[i] = 0;
! 111: pass = NULL;
! 112: save_errno = 0;
! 113: need_restart = 0;
! 114: /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
! 115: if (ISSET(flags, TGP_STDIN) ||
! 116: (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
! 117: input = STDIN_FILENO;
! 118: output = STDERR_FILENO;
! 119: }
! 120:
! 121: /*
! 122: * If we are using a tty but are not the foreground pgrp this will
! 123: * generate SIGTTOU, so do it *before* installing the signal handlers.
! 124: */
! 125: if (!ISSET(flags, TGP_ECHO)) {
! 126: if (ISSET(flags, TGP_MASK))
! 127: neednl = term_cbreak(input);
! 128: else
! 129: neednl = term_noecho(input);
! 130: }
! 131:
! 132: /*
! 133: * Catch signals that would otherwise cause the user to end
! 134: * up with echo turned off in the shell.
! 135: */
! 136: zero_bytes(&sa, sizeof(sa));
! 137: sigemptyset(&sa.sa_mask);
! 138: sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */
! 139: sa.sa_handler = handler;
! 140: (void) sigaction(SIGALRM, &sa, &savealrm);
! 141: (void) sigaction(SIGINT, &sa, &saveint);
! 142: (void) sigaction(SIGHUP, &sa, &savehup);
! 143: (void) sigaction(SIGQUIT, &sa, &savequit);
! 144: (void) sigaction(SIGTERM, &sa, &saveterm);
! 145: (void) sigaction(SIGTSTP, &sa, &savetstp);
! 146: (void) sigaction(SIGTTIN, &sa, &savettin);
! 147: (void) sigaction(SIGTTOU, &sa, &savettou);
! 148:
! 149: /* Ignore SIGPIPE in case stdin is a pipe and TGP_STDIN is set */
! 150: sa.sa_handler = SIG_IGN;
! 151: (void) sigaction(SIGPIPE, &sa, &savepipe);
! 152:
! 153: if (prompt) {
! 154: if (write(output, prompt, strlen(prompt)) == -1)
! 155: goto restore;
! 156: }
! 157:
! 158: if (timeout > 0)
! 159: alarm(timeout);
! 160: pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK));
! 161: alarm(0);
! 162: save_errno = errno;
! 163:
! 164: if (neednl || pass == NULL) {
! 165: if (write(output, "\n", 1) == -1)
! 166: goto restore;
! 167: }
! 168:
! 169: restore:
! 170: /* Restore old tty settings and signals. */
! 171: if (!ISSET(flags, TGP_ECHO))
! 172: term_restore(input, 1);
! 173: (void) sigaction(SIGALRM, &savealrm, NULL);
! 174: (void) sigaction(SIGINT, &saveint, NULL);
! 175: (void) sigaction(SIGHUP, &savehup, NULL);
! 176: (void) sigaction(SIGQUIT, &savequit, NULL);
! 177: (void) sigaction(SIGTERM, &saveterm, NULL);
! 178: (void) sigaction(SIGTSTP, &savetstp, NULL);
! 179: (void) sigaction(SIGTTIN, &savettin, NULL);
! 180: (void) sigaction(SIGTTOU, &savettou, NULL);
! 181: (void) sigaction(SIGTTOU, &savepipe, NULL);
! 182: if (input != STDIN_FILENO)
! 183: (void) close(input);
! 184:
! 185: /*
! 186: * If we were interrupted by a signal, resend it to ourselves
! 187: * now that we have restored the signal handlers.
! 188: */
! 189: for (i = 0; i < NSIG; i++) {
! 190: if (signo[i]) {
! 191: kill(getpid(), i);
! 192: switch (i) {
! 193: case SIGTSTP:
! 194: case SIGTTIN:
! 195: case SIGTTOU:
! 196: need_restart = 1;
! 197: break;
! 198: }
! 199: }
! 200: }
! 201: if (need_restart)
! 202: goto restart;
! 203:
! 204: if (save_errno)
! 205: errno = save_errno;
! 206: return pass;
! 207: }
! 208:
! 209: /*
! 210: * Fork a child and exec sudo-askpass to get the password from the user.
! 211: */
! 212: static char *
! 213: sudo_askpass(const char *askpass, const char *prompt)
! 214: {
! 215: static char buf[SUDO_PASS_MAX + 1], *pass;
! 216: sigaction_t sa, saved_sa_pipe;
! 217: int pfd[2];
! 218: pid_t pid;
! 219:
! 220: if (pipe(pfd) == -1)
! 221: error(1, _("unable to create pipe"));
! 222:
! 223: if ((pid = fork()) == -1)
! 224: error(1, _("unable to fork"));
! 225:
! 226: if (pid == 0) {
! 227: /* child, point stdout to output side of the pipe and exec askpass */
! 228: if (dup2(pfd[1], STDOUT_FILENO) == -1) {
! 229: warning("dup2");
! 230: _exit(255);
! 231: }
! 232: (void) setuid(ROOT_UID);
! 233: if (setgid(user_details.gid)) {
! 234: warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
! 235: _exit(255);
! 236: }
! 237: if (setuid(user_details.uid)) {
! 238: warning(_("unable to set uid to %u"), (unsigned int)user_details.uid);
! 239: _exit(255);
! 240: }
! 241: closefrom(STDERR_FILENO + 1);
! 242: execl(askpass, askpass, prompt, (char *)NULL);
! 243: warning(_("unable to run %s"), askpass);
! 244: _exit(255);
! 245: }
! 246:
! 247: /* Ignore SIGPIPE in case child exits prematurely */
! 248: zero_bytes(&sa, sizeof(sa));
! 249: sigemptyset(&sa.sa_mask);
! 250: sa.sa_flags = SA_INTERRUPT;
! 251: sa.sa_handler = SIG_IGN;
! 252: (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe);
! 253:
! 254: /* Get response from child (askpass) and restore SIGPIPE handler */
! 255: (void) close(pfd[1]);
! 256: pass = getln(pfd[0], buf, sizeof(buf), 0);
! 257: (void) close(pfd[0]);
! 258: (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL);
! 259:
! 260: return pass;
! 261: }
! 262:
! 263: extern int term_erase, term_kill;
! 264:
! 265: static char *
! 266: getln(int fd, char *buf, size_t bufsiz, int feedback)
! 267: {
! 268: size_t left = bufsiz;
! 269: ssize_t nr = -1;
! 270: char *cp = buf;
! 271: char c = '\0';
! 272:
! 273: if (left == 0) {
! 274: errno = EINVAL;
! 275: return NULL; /* sanity */
! 276: }
! 277:
! 278: while (--left) {
! 279: nr = read(fd, &c, 1);
! 280: if (nr != 1 || c == '\n' || c == '\r')
! 281: break;
! 282: if (feedback) {
! 283: if (c == term_kill) {
! 284: while (cp > buf) {
! 285: if (write(fd, "\b \b", 3) == -1)
! 286: break;
! 287: --cp;
! 288: }
! 289: left = bufsiz;
! 290: continue;
! 291: } else if (c == term_erase) {
! 292: if (cp > buf) {
! 293: if (write(fd, "\b \b", 3) == -1)
! 294: break;
! 295: --cp;
! 296: left++;
! 297: }
! 298: continue;
! 299: }
! 300: if (write(fd, "*", 1) == -1)
! 301: /* shut up glibc */;
! 302: }
! 303: *cp++ = c;
! 304: }
! 305: *cp = '\0';
! 306: if (feedback) {
! 307: /* erase stars */
! 308: while (cp > buf) {
! 309: if (write(fd, "\b \b", 3) == -1)
! 310: break;
! 311: --cp;
! 312: }
! 313: }
! 314:
! 315: return nr == 1 ? buf : NULL;
! 316: }
! 317:
! 318: static void
! 319: handler(int s)
! 320: {
! 321: if (s != SIGALRM)
! 322: signo[s] = 1;
! 323: }
! 324:
! 325: int
! 326: tty_present(void)
! 327: {
! 328: int fd;
! 329:
! 330: if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1)
! 331: close(fd);
! 332: return fd != -1;
! 333: }
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to tgetpass.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / src