diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/cerberus.c | 37 | ||||
| -rw-r--r-- | src/passphrase.c | 89 | ||||
| -rw-r--r-- | src/passphrase.h | 41 |
3 files changed, 156 insertions, 11 deletions
diff --git a/src/cerberus.c b/src/cerberus.c index 5f4afdc..a9772c9 100644 --- a/src/cerberus.c +++ b/src/cerberus.c @@ -17,9 +17,13 @@ * along with this program. If not, see <http://www.gnu.org/licenses/>. */ #include <stdio.h> -#include <termios.h> #include <unistd.h> +#include "passphrase.h" + + +#define xfree(VAR) ({ if (var) free(var); }) + /** * Mane method @@ -32,24 +36,26 @@ int main(int argc, char** argv) { char* username = NULL; char* hostname = NULL; + char* passphrase = NULL; char preserve_env = 0; - struct termios saved_stty; - struct termios stty; - int i; + char skip_auth = 0; /* Disable echoing */ - tcgetattr(STDIN_FILENO, &saved_stty); - stty = saved_stty; - stty.c_lflag &= ~ECHO; - tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty); + disable_echo(); /* This should be done as early and quickly as possible so as little as possible of the passphrase gets leaked to the output if the user begins entering the passphrase directly after the username. */ + + /* Set proccess group ID */ + setpgrp(); + + /* Parse command line arguments */ { char double_dashed = 0; char hostname_on_next = 0; + int i; for (i = 1; i < argc; i++) { char *arg = *(argv + i); @@ -75,6 +81,7 @@ int main(int argc, char** argv) { if (*(arg + 1)) username = arg + 1; + skip_auth = 1; break; } else if (c == '-') @@ -94,13 +101,21 @@ int main(int argc, char** argv) } } - printf("Passphrase: "); - fflush(stdout); + + /* Get the passphrase, if -f has not been used */ + if (skip_auth == 0) + { + printf("Passphrase: "); + fflush(stdout); + passphrase = get_passphrase(); + printf("\n"); + } /* Reset terminal settings */ - tcsetattr(STDIN_FILENO, TCSAFLUSH, &saved_stty); + reenable_echo(); + xfree(passphrase); return 0; } diff --git a/src/passphrase.c b/src/passphrase.c new file mode 100644 index 0000000..cd88c7f --- /dev/null +++ b/src/passphrase.c @@ -0,0 +1,89 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#include "passphrase.h" + + +#define START_PASSPHRASE_LIMIT 32 + + +/** + * The original TTY settings + */ +static struct termios saved_stty; + + +/** + * Reads the passphrase from stdin + * + * @return The passphrase, should be `free`:ed + */ +char* get_passphrase(void) +{ + /* malloc and realloc returns NULL if we run out of memory, + we will not do that under normal usecases, if we do, it + okay to segfault on null derefencing and quit on that. */ + + char* rc = malloc(START_PASSPHRASE_LIMIT); + long size = START_PASSPHRASE_LIMIT; + long len = 0; + int c; + + /* Read password until EOF or Enter, skip all ^0 as that + is probably not a part of the passphrase (good luck typing + that in X.org) and can be echoed into stdin by the kernel. */ + for (;;) + { + c = getchar(); + if ((c < 0) || (c == '\n')) + break; + if (c != 0) + { + *(rc + len++) = c; + if (len == size) + rc = realloc(rc, size <<= 1L); + } + } + + /* NUL-terminate passphrase */ + *(rc + len) = 0; + + return rc; +} + + +/** + * Disable echoing and do anything else to the terminal settnings `get_passphrase` requires + */ +void disable_echo() +{ + tcgetattr(STDIN_FILENO, &saved_stty); + stty = saved_stty; + stty.c_lflag &= ~ECHO; + tcsetattr(STDIN_FILENO, TCSAFLUSH, &stty); +} + + +/** + * Undo the actions of `disable_echo` + */ +void reenable_echo() +{ + tcsetattr(STDIN_FILENO, TCSAFLUSH, &saved_stty); +} + diff --git a/src/passphrase.h b/src/passphrase.h new file mode 100644 index 0000000..160e334 --- /dev/null +++ b/src/passphrase.h @@ -0,0 +1,41 @@ +/** + * cerberus – Minimal login program + * + * Copyright © 2013 Mattias Andrée (maandree@member.fsf.org) + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#include <stdlib.h> +#include <stdio.h> +#include <termios.h> +#include <unistd.h> + + +/** + * Reads the passphrase from stdin + * + * @return The passphrase, should be `free`:ed + */ +char* get_passphrase(void); + +/** + * Disable echoing and do anything else to the terminal settnings `get_passphrase` requires + */ +void disable_echo(); + +/** + * Undo the actions of `disable_echo` + */ +void reenable_echo(); + |