aboutsummaryrefslogblamecommitdiffstats
path: root/src/unistd/getpass.c
blob: 3a333151381aec518be6ef5a86fd9b0888c164eb (plain) (tree)
1
2
3

                                  
                                                           





























































































































































































                                                                                         
/**
 * slibc — Yet another C library
 * Copyright © 2015, 2016  Mattias Andrée (m@maandree.se)
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
#include <unistd.h>
#include <fcntl.h>
#include <stdio.h>
#include <termios.h>
#include <string.h>
#include <strings.h>
#include <errno.h>
#include <slibc-alloca.h>


#define t(...)  do { if (__VA_ARGS__) goto fail; } while (0)



/**
 * This function performs the actual password-reading
 * part of `getpass`. It will read into a statically
 * allocated buffer until that buffer is full (8196 bytes,
 * including termination), and switch to a dynamically
 * allocated buffer when the it [the statically allocated
 * buffer] is full.
 * 
 * @prarm   fd  File descriptor to the, already configured,
 *              controlling terminal.
 * @return      The entered line. You should override it with zeroes as
 *              soon as possible to avoid leaving cleartest passphrases
 *              visible in memory, or potentially stored to unencrypted
 *              swap. The returned string is statically allocated, and
 *              should not be deallocated, if the length of the string,
 *              is (strictly) less than 8196, otherwise it is dynamically
 *              allocated, and should be deallocated.
 * 
 * @throws  Any error specified for malloc(3).
 * @throws  Any error specified for read(3).
 */
static char* _getpass(int fd)
{
  static char pass_s[8196];
  char* pass_d = NULL;
  size_t ptr_s = 0, ptr_d = 8196, size_d = (8196 << 1);
  ssize_t got = 1;
  void* new;
  
  /* Read into statically allocated buffer until it is full. */
  while (ptr_s < sizeof(pass_s) / sizeof(char))
    {
      /* Read. */
      t (got = read(fd, pass_s + ptr_s, sizeof(pass_s) - ptr_s * sizeof(char)), got < 0);
      ptr_s += (size_t)got;
      /* End of line? */
      if ((got == 0) || (pass_s[ptr_s - 1] == '\n'))
	{
	  pass_s[ptr_s - !!got] = '\0';
	  return pass_s;
	}
    }
  
  /* Transfer input to dynamically allocated buffer. */
  t (pass_d = secure_realloc(pass_d, size_d * sizeof(char)), pass_d == NULL);
  memcpy(pass_d, pass_s, sizeof(pass_s)), explicit_bzero(pass_s, sizeof(pass_s));
  
  /* Read into dynamically allocated buffer. */
  for (;;)
    {
      /* Do we need to grow the buffer? */
      if (ptr_d + 1 == size_d)
	{
	  t (new = secure_realloc(pass_d, (size_d <<= 1) * sizeof(char)), new == NULL);
	  pass_d = new;
	}
      /* Read. */
      t (got = read(fd, pass_d + ptr_d, (size_d - ptr_d - 1) * sizeof(char)), got < 0);
      ptr_d += (size_t)got;
      /* End of line? */
      if ((got == 0) || (pass_d[ptr_d - 1] == '\n'))
	{
	  pass_d[ptr_d - !!got] = '\0';
	  return pass_d;
	}
    }
  
 fail:
  saved_errno = errno;
  explicit_bzero(pass_s, sizeof(pass_s));
  secure_free(pass_d);
  errno = saved_errno;
  return NULL;
}


/**
 * Get password input from the terminal.
 * 
 * The exact behaviour of this function depends on the implementations.
 * However you can assume that, the controlling terminal (/dev/tty) is
 * opened and used for input and output, and that echoing is disabled.
 * You cannot assume that arbitrary lengths are supported. However, in
 * this implementation, line editing is enabled and arbitrary lengths
 * are supported. If the length of the input (excluding termination) is
 * less than 8192 a statically allocated string is returned, otherwise
 * a dynamically allocated string is returned.
 * 
 * @etymology  (Get) (pass)word from terminal!
 * 
 * @param   prompt  Text to print at the beginning of the line.
 *                  Used to tell the user what is expected of her.
 *                  Must not be `NULL`.
 * @return          The entered line. You should override it with zeroes as
 *                  soon as possible to avoid leaving cleartest passphrases
 *                  visible in memory, or potentially stored to unencrypted
 *                  swap. The returned string is statically allocated, do
 *                  not deallocate it, unless you know that you are using
 *                  slibc and the length of the string is at least 8192.
 *                  `NULL` on error. If a statically allocated string is
 *                  returned, it will be overwritten at the next call.
 * 
 * @throws  Any error specified for open(3).
 * @throws  Any error specified for malloc(3).
 * @throws  Any error specified for read(3).
 * @throws  Any error specified for tcgetattr(3).
 * @throws  Any error specified for tcsetattr(3).
 * @throws  Any error specified for tcdrain(3).
 * 
 * @since  Always.
 */
char* getpass(const char* prompt)
{
  struct termios saved_stty, stty;
  char* pass;
  int fd = -1, stty_saved = 0, saved_errno;
  
  /* Open controlling terminal. */
  t (fd = open("/dev/tty", O_RDWR | O_NOCTTY | O_CLOEXEC), fd < 0);
  
  /* Configure terminal settings. */
  t (tcgetattr(fd, &stty));
  saved_stty = stty;
  stty_saved = 1;
  stty.c_lflag = (stty.c_lflag & (tcflag_t)~(ECHO  | ISIG )) | (tcflag_t)ICANON;
  stty.c_iflag = (stty.c_iflag & (tcflag_t)~(INLCR | IGNCR)) | (tcflag_t)ICRNL;
  t (tcsetattr(fd, TCSAFLUSH, &stty));
  t (tcdrain(fd));
  
  /* Prompt the user. */
  (void) dprintf(fd, "%s", prompt);
  
  /* Get password. */
  pass = _getpass(fd);
  if (pass == NULL)
    goto fail;
  
  /* Move cursor to next line. */
  (void) dprintf(fd, "\n");
  
  /* Restore terminal settings. */
  (void) tcsetattr(fd, TCSAFLUSH, &saved_stty);
  (void) tcdrain(fd);
  
  /* Close controlling terminal. */
  close(fd);
  
  return pass;
  
 fail:
  saved_errno = errno;
  if (fd >= 0)
    close(fd);
  if (stty_saved)
    {
      tcsetattr(fd, TCSAFLUSH, &saved_stty);
      tcdrain(fd);
    }
  errno = saved_errno;
  return NULL;
}