From 5e35e3953dbf13fba840e86dc790291f491c0a50 Mon Sep 17 00:00:00 2001 From: Antonio Borneo Date: Tue, 18 Feb 2014 05:09:39 +0000 Subject: [PATCH] Replace obsolete getpass() Function getpass(3) is reported as obsolete. Replace it with new vpnc_getpass(). Differences with original implementation: - output prompt on stdout, instead of /dev/tty; - input from stdin, instead of /dev/tty; - password length limited by vpnc_getline() to 200 chars. Functions tcgetattr()/tcsetattr() return error if stdin is not a terminal but, e.g., a pipe or a file. I simply ignore the error, since no need to disable ECHO on them. Signed-off-by: Antonio Borneo git-svn-id: https://svn.unix-ag.uni-kl.de/vpnc/trunk@542 315857ad-0bdb-0310-b42e-dec37551a5f0 --- config.c | 24 +++++++++++++++++++++++- config.h | 1 + sysdep.h | 2 -- vpnc.c | 5 ++++- 4 files changed, 28 insertions(+), 4 deletions(-) diff --git a/config.c b/config.c index bc8af7d..9dd6014 100644 --- a/config.c +++ b/config.c @@ -160,6 +160,26 @@ eof_or_ceot: return -1; } +char *vpnc_getpass(const char *prompt) +{ + struct termios t; + char *buf = NULL; + size_t len = 0; + + printf("%s", prompt); + tcgetattr(STDIN_FILENO, &t); + t.c_lflag &= ~ECHO; + tcsetattr(STDIN_FILENO, TCSANOW, &t); + + vpnc_getline(&buf, &len, stdin); + + t.c_lflag |= ECHO; + tcsetattr(STDIN_FILENO, TCSANOW, &t); + printf("\n"); + + return buf; +} + static void config_deobfuscate(int obfuscated, int clear) { int ret, len = 0; @@ -879,7 +899,9 @@ void do_config(int argc, char **argv) switch (i) { case CONFIG_IPSEC_SECRET: case CONFIG_XAUTH_PASSWORD: - s = strdup(getpass("")); + s = vpnc_getpass(""); + if (s == NULL) + error(1, 0, "unable to get password"); break; case CONFIG_IPSEC_GATEWAY: case CONFIG_IPSEC_ID: diff --git a/config.h b/config.h index 6fbd231..f92695f 100644 --- a/config.h +++ b/config.h @@ -131,6 +131,7 @@ extern uint16_t opt_udpencapport; extern void hex_dump(const char *str, const void *data, ssize_t len, const struct debug_strings *decode); extern void do_config(int argc, char **argv); +extern char *vpnc_getpass(const char *prompt); extern void (*logmsg)(int priority, const char *format, ...) __attribute__ ((__format__ (__printf__, 2, 3))); diff --git a/sysdep.h b/sysdep.h index 739f2a2..137bf6d 100644 --- a/sysdep.h +++ b/sysdep.h @@ -115,8 +115,6 @@ int tun_get_hwaddr(int fd, char *dev, uint8_t *hwaddr); #define IPPROTO_ESP 50 #endif -#define getpass(prompt) getpassphrase(prompt) - /* where is this defined? */ #include const char *inet_ntop(int af, const void *src, char *dst, size_t cnt); diff --git a/vpnc.c b/vpnc.c index b3518b6..a0c211b 100644 --- a/vpnc.c +++ b/vpnc.c @@ -2335,14 +2335,17 @@ static int do_phase2_xauth(struct sa_block *s) (ap->type == ISAKMP_XAUTH_06_ATTRIB_USER_PASSWORD) ? "Password" : "Passcode", config[CONFIG_XAUTH_USERNAME], ntop_buf); - pass = getpass(prompt); + pass = vpnc_getpass(prompt); free(prompt); + if (pass == NULL) + error(2, 0, "unable to get password"); na = new_isakmp_attribute(ap->type, NULL); na->u.lots.length = strlen(pass); na->u.lots.data = xallocc(na->u.lots.length); memcpy(na->u.lots.data, pass, na->u.lots.length); memset(pass, 0, na->u.lots.length); + free(pass); } else { na = new_isakmp_attribute(ap->type, NULL); na->u.lots.length = strlen(config[CONFIG_XAUTH_PASSWORD]); -- 2.11.4.GIT