/* ==================================================================== * The Apache Software License, Version 1.1 * * Copyright (c) 2000-2001 The Apache Software Foundation. All rights * reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in * the documentation and/or other materials provided with the * distribution. * * 3. The end-user documentation included with the redistribution, * if any, must include the following acknowledgment: * "This product includes software developed by the * Apache Software Foundation (http://www.apache.org/)." * Alternately, this acknowledgment may appear in the software itself, * if and wherever such third-party acknowledgments normally appear. * * 4. The names "Apache" and "Apache Software Foundation" must * not be used to endorse or promote products derived from this * software without prior written permission. For written * permission, please contact apache@apache.org. * * 5. Products derived from this software may not be called "Apache", * nor may "Apache" appear in their name, without prior written * permission of the Apache Software Foundation. * * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE * DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF * USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * ==================================================================== * * This software consists of voluntary contributions made by many * individuals on behalf of the Apache Software Foundation. For more * information on the Apache Software Foundation, please see * . */ /* apr_password_get.c: abstraction to provide for obtaining a password from the * command line in whatever way the OS supports. In the best case, it's a * wrapper for the system library's getpass() routine; otherwise, we * use one we define ourselves. */ #include "apr_private.h" #include "apr_strings.h" #include "apr_lib.h" #include "apr_errno.h" #include #include #if APR_HAVE_UNISTD_H #include #endif #if APR_HAVE_CONIO_H #pragma warning(disable: 4032) #include #pragma warning(default: 4032) #endif #if APR_HAVE_STDLIB_H #include #endif #if APR_HAVE_STRING_H #include #endif #if APR_HAVE_STRINGS_H #include #endif #if defined(HAVE_TERMIOS_H) && !defined(HAVE_GETPASS) #include #endif #if !APR_CHARSET_EBCDIC #define LF 10 #define CR 13 #else /* APR_CHARSET_EBCDIC */ #define LF '\n' #define CR '\r' #endif /* APR_CHARSET_EBCDIC */ #define MAX_STRING_LEN 256 #define ERR_OVERFLOW 5 #ifndef HAVE_GETPASS /* MPE, Win32 and BeOS all lack a native getpass() */ #if !defined(HAVE_TERMIOS_H) && !defined(WIN32) /* * MPE lacks getpass() and a way to suppress stdin echo. So for now, just * issue the prompt and read the results with echo. (Ugh). */ static char *getpass(const char *prompt) { static char password[MAX_STRING_LEN]; fputs(prompt, stderr); gets((char *) &password); if (strlen((char *) &password) > (MAX_STRING_LEN - 1)) { password[MAX_STRING_LEN - 1] = '\0'; } return (char *) &password; } #elif defined (HAVE_TERMIOS_H) #include static char *getpass(const char *prompt) { struct termios attr; static char password[MAX_STRING_LEN]; int n=0; fputs(prompt, stderr); fflush(stderr); if (tcgetattr(STDIN_FILENO, &attr) != 0) return NULL; attr.c_lflag &= ~(ECHO); if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0) return NULL; while ((password[n] = getchar()) != '\n') { if (password[n] >= ' ' && password[n] <= '~') { n++; } else { fprintf(stderr,"\n"); fputs(prompt, stderr); fflush(stderr); n = 0; } } password[n] = '\0'; printf("\n"); if (n > (MAX_STRING_LEN - 1)) { password[MAX_STRING_LEN - 1] = '\0'; } attr.c_lflag |= ECHO; tcsetattr(STDIN_FILENO, TCSANOW, &attr); return (char*) &password; } #else /* * Windows lacks getpass(). So we'll re-implement it here. */ static char *getpass(const char *prompt) { static char password[MAX_STRING_LEN]; int n = 0; fputs(prompt, stderr); while ((password[n] = _getch()) != '\r') { if (password[n] >= ' ' && password[n] <= '~') { n++; printf("*"); } else { printf("\n"); fputs(prompt, stderr); n = 0; } } password[n] = '\0'; printf("\n"); if (n > (MAX_STRING_LEN - 1)) { password[MAX_STRING_LEN - 1] = '\0'; } return (char *) &password; } #endif /* no getchar or _getch */ #endif /* no getpass */ /* * Use the OS getpass() routine (or our own) to obtain a password from * the input stream. * * Exit values: * 0: Success * 5: Partial success; entered text truncated to the size of the * destination buffer * * Restrictions: Truncation also occurs according to the host system's * getpass() semantics, or at position 255 if our own version is used, * but the caller is *not* made aware of it. */ APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, size_t *bufsiz) { char *pw_got = getpass(prompt); if (!pw_got) return APR_EINVAL; apr_cpystrn(pwbuf, pw_got, *bufsiz); memset(pw_got, 0, strlen(pw_got)); if (strlen(pw_got) >= *bufsiz) { return APR_ENAMETOOLONG; } return APR_SUCCESS; }