2 files changed, 234 insertions, 0 deletions

diff --git a/include/unistd.h b/include/unistd.h
index fb1a1c8..c45e425 100644
--- a/include/unistd.h
+++ b/include/unistd.h
@@ -1112,6 +1112,47 @@ int daemonise(const char*, int)
 #endif
 
 
+/**
+ * Get password input from the terminal.
+ * 
+ * The exact behaviour of this function depends on the implementations.
+ * However you can assume that, the controlling terminal (/dev/tty) is
+ * opened and used for input and output, and that echoing is disabled.
+ * You cannot assume that arbitrary lengths are supported. However, in
+ * this implementation, line editing is enabled and arbitrary lengths
+ * are supported. If the length of the input (excluding termination) is
+ * less than 8192 a statically allocated string is returned, otherwise
+ * a dynamically allocated string is returned.
+ * 
+ * @etymology  (Get) (pass)word from terminal!
+ * 
+ * @param   prompt  Text to print at the beginning of the line.
+ *                  Used to tell the user what is expected of her.
+ *                  Must not be `NULL`.
+ * @return          The entered line. You should override it with zeroes as
+ *                  soon as possible to avoid leaving cleartest passphrases
+ *                  visible in memory, or potentially stored to unencrypted
+ *                  swap. The returned string is statically allocated, do
+ *                  not deallocate it, unless you know that you are using
+ *                  slibc and the length of the string is at least 8192.
+ *                  `NULL` on error. If a statically allocated string is
+ *                  returned, it will be overwritten at the next call.
+ * 
+ * @throws  Any error specified for open(3).
+ * @throws  Any error specified for malloc(3).
+ * @throws  Any error specified for read(3).
+ * @throws  Any error specified for tcgetattr(3).
+ * @throws  Any error specified for tcsetattr(3).
+ * @throws  Any error specified for tcdrain(3).
+ * 
+ * @since  Always.
+ */
+char* getpass(const char*)
+  __GCC_ONLY(__attribute__((__nonnull__, __warn_unused_result__)))
+  __deprecated("'getpass' has been deprecated without any "
+	       "replacement. You could use libpassphrase instead. :)");
+
+
 
 #endif
 
diff --git a/src/unistd/getpass.c b/src/unistd/getpass.c
new file mode 100644
index 0000000..5968d38
--- /dev/null
+++ b/src/unistd/getpass.c
@@ -0,0 +1,193 @@
+/**
+ * slibc — Yet another C library
+ * Copyright © 2015  Mattias Andrée (maandree@member.fsf.org)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+#include <unistd.h>
+#include <fcntl.h>
+#include <stdio.h>
+#include <termios.h>
+#include <string.h>
+#include <strings.h>
+#include <errno.h>
+#include <slibc-alloca.h>
+
+
+#define t(...)  do { if (__VA_ARGS__) goto fail; } while (0)
+
+
+
+/**
+ * This function performs the actual password-reading
+ * part of `getpass`. It will read into a statically
+ * allocated buffer until that buffer is full (8196 bytes,
+ * including termination), and switch to a dynamically
+ * allocated buffer when the it [the statically allocated
+ * buffer] is full.
+ * 
+ * @prarm   fd  File descriptor to the, already configured,
+ *              controlling terminal.
+ * @return      The entered line. You should override it with zeroes as
+ *              soon as possible to avoid leaving cleartest passphrases
+ *              visible in memory, or potentially stored to unencrypted
+ *              swap. The returned string is statically allocated, and
+ *              should not be deallocated, if the length of the string,
+ *              is (strictly) less than 8196, otherwise it is dynamically
+ *              allocated, and should be deallocated.
+ * 
+ * @throws  Any error specified for malloc(3).
+ * @throws  Any error specified for read(3).
+ */
+static char* _getpass(int fd)
+{
+  static char pass_s[8196];
+  char* pass_d = NULL;
+  size_t ptr_s = 0, ptr_d = 8196, size_d = (8196 << 1);
+  ssize_t got = 1;
+  void* new;
+  
+  /* Read into statically allocated buffer until it is full. */
+  while (ptr_s < sizeof(pass_s) / sizeof(char))
+    {
+      /* Read. */
+      t (got = read(fd, pass_s + ptr_s, sizeof(pass_s) - ptr_s * sizeof(char)), got < 0);
+      ptr_s += (size_t)got;
+      /* End of line? */
+      if ((got == 0) || (pass_s[ptr_s - 1] == '\n'))
+	{
+	  pass_s[ptr_s - !!got] = '\0';
+	  return pass_s;
+	}
+    }
+  
+  /* Transfer input to dynamically allocated buffer. */
+  t (pass_d = secure_realloc(pass_d, size_d * sizeof(char)), pass_d == NULL);
+  memcpy(pass_d, pass_s, sizeof(pass_s)), explicit_bzero(pass_s, sizeof(pass_s));
+  
+  /* Read into dynamically allocated buffer. */
+  for (;;)
+    {
+      /* Do we need to grow the buffer? */
+      if (ptr_d + 1 == size_d)
+	{
+	  t (new = secure_realloc(pass_d, (size_d <<= 1) * sizeof(char)), new == NULL);
+	  pass_d = new;
+	}
+      /* Read. */
+      t (got = read(fd, pass_d + ptr_d, (size_d - ptr_d - 1) * sizeof(char)), got < 0);
+      ptr_d += (size_t)got;
+      /* End of line? */
+      if ((got == 0) || (pass_d[ptr_d - 1] == '\n'))
+	{
+	  pass_d[ptr_d - !!got] = '\0';
+	  return pass_d;
+	}
+    }
+  
+ fail:
+  saved_errno = errno;
+  explicit_bzero(pass_s, sizeof(pass_s));
+  secure_free(pass_d);
+  errno = saved_errno;
+  return NULL;
+}
+
+
+/**
+ * Get password input from the terminal.
+ * 
+ * The exact behaviour of this function depends on the implementations.
+ * However you can assume that, the controlling terminal (/dev/tty) is
+ * opened and used for input and output, and that echoing is disabled.
+ * You cannot assume that arbitrary lengths are supported. However, in
+ * this implementation, line editing is enabled and arbitrary lengths
+ * are supported. If the length of the input (excluding termination) is
+ * less than 8192 a statically allocated string is returned, otherwise
+ * a dynamically allocated string is returned.
+ * 
+ * @etymology  (Get) (pass)word from terminal!
+ * 
+ * @param   prompt  Text to print at the beginning of the line.
+ *                  Used to tell the user what is expected of her.
+ *                  Must not be `NULL`.
+ * @return          The entered line. You should override it with zeroes as
+ *                  soon as possible to avoid leaving cleartest passphrases
+ *                  visible in memory, or potentially stored to unencrypted
+ *                  swap. The returned string is statically allocated, do
+ *                  not deallocate it, unless you know that you are using
+ *                  slibc and the length of the string is at least 8192.
+ *                  `NULL` on error. If a statically allocated string is
+ *                  returned, it will be overwritten at the next call.
+ * 
+ * @throws  Any error specified for open(3).
+ * @throws  Any error specified for malloc(3).
+ * @throws  Any error specified for read(3).
+ * @throws  Any error specified for tcgetattr(3).
+ * @throws  Any error specified for tcsetattr(3).
+ * @throws  Any error specified for tcdrain(3).
+ * 
+ * @since  Always.
+ */
+char* getpass(const char* prompt)
+{
+  struct termios saved_stty, stty;
+  char* pass;
+  int fd = -1, stty_saved = 0, saved_errno;
+  
+  /* Open controlling terminal. */
+  t (fd = open("/dev/tty", O_RDWR | O_NOCTTY | O_CLOEXEC), fd < 0);
+  
+  /* Configure terminal settings. */
+  t (tcgetattr(fd, &stty));
+  saved_stty = stty;
+  stty_saved = 1;
+  stty.c_lflag = (stty.c_lflag & (tcflag_t)~(ECHO  | ISIG )) | (tcflag_t)ICANON;
+  stty.c_iflag = (stty.c_iflag & (tcflag_t)~(INLCR | IGNCR)) | (tcflag_t)ICRNL;
+  t (tcsetattr(fd, TCSAFLUSH, &stty));
+  t (tcdrain(fd));
+  
+  /* Prompt the user. */
+  (void) dprintf(fd, "%s", prompt);
+  
+  /* Get password. */
+  pass = _getpass(fd);
+  if (pass == NULL)
+    goto fail;
+  
+  /* Move cursor to next line. */
+  (void) dprintf(fd, "\n");
+  
+  /* Restore terminal settings. */
+  (void) tcsetattr(fd, TCSAFLUSH, &saved_stty);
+  (void) tcdrain(fd);
+  
+  /* Close controlling terminal. */
+  close(fd);
+  
+  return pass;
+  
+ fail:
+  saved_errno = errno;
+  if (fd >= 0)
+    close(fd);
+  if (stty_saved)
+    {
+      tcsetattr(fd, TCSAFLUSH, &saved_stty);
+      tcdrain(fd);
+    }
+  errno = saved_errno;
+  return NULL;
+}
+