1
/* Copyright 2000-2005 The Apache Software Foundation or its licensors, as
4
* Licensed under the Apache License, Version 2.0 (the "License");
5
* you may not use this file except in compliance with the License.
6
* You may obtain a copy of the License at
8
* http://www.apache.org/licenses/LICENSE-2.0
10
* Unless required by applicable law or agreed to in writing, software
11
* distributed under the License is distributed on an "AS IS" BASIS,
12
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13
* See the License for the specific language governing permissions and
14
* limitations under the License.
17
/* apr_password_get.c: abstraction to provide for obtaining a password from the
18
* command line in whatever way the OS supports. In the best case, it's a
19
* wrapper for the system library's getpass() routine; otherwise, we
20
* use one we define ourselves.
22
#include "apr_private.h"
23
#include "apr_strings.h"
25
#include "apr_errno.h"
26
#if APR_HAVE_SYS_TYPES_H
27
#include <sys/types.h>
37
#pragma warning(disable: 4032)
39
#pragma warning(default: 4032)
47
#if APR_HAVE_STRINGS_H
51
#if defined(HAVE_TERMIOS_H) && !defined(HAVE_GETPASS)
55
#if !APR_CHARSET_EBCDIC
58
#else /* APR_CHARSET_EBCDIC */
61
#endif /* APR_CHARSET_EBCDIC */
63
#define MAX_STRING_LEN 256
65
#define ERR_OVERFLOW 5
69
/* MPE, Win32, NetWare and BeOS all lack a native getpass() */
71
#if !defined(HAVE_TERMIOS_H) && !defined(WIN32) && !defined(NETWARE)
73
* MPE lacks getpass() and a way to suppress stdin echo. So for now, just
74
* issue the prompt and read the results with echo. (Ugh).
77
static char *getpass(const char *prompt)
79
static char password[MAX_STRING_LEN];
81
fputs(prompt, stderr);
82
fgets((char *) &password, sizeof(password), stdin);
84
return (char *) &password;
87
#elif defined (HAVE_TERMIOS_H)
90
static char *getpass(const char *prompt)
93
static char password[MAX_STRING_LEN];
95
fputs(prompt, stderr);
98
if (tcgetattr(STDIN_FILENO, &attr) != 0)
100
attr.c_lflag &= ~(ECHO);
102
if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &attr) != 0)
104
while ((password[n] = getchar()) != '\n') {
105
if (n < sizeof(password) - 1 && password[n] >= ' ' && password[n] <= '~') {
108
fprintf(stderr,"\n");
109
fputs(prompt, stderr);
117
if (n > (MAX_STRING_LEN - 1)) {
118
password[MAX_STRING_LEN - 1] = '\0';
121
attr.c_lflag |= ECHO;
122
tcsetattr(STDIN_FILENO, TCSANOW, &attr);
123
return (char*) &password;
129
* Windows lacks getpass(). So we'll re-implement it here.
132
static char *getpass(const char *prompt)
134
/* WCE lacks console. So the getpass is unsuported
135
* The only way is to use the GUI so the getpass should be implemented
136
* on per-application basis.
141
static char password[128];
145
fputs(prompt, stderr);
147
while ((ch = _getch()) != '\r') {
148
if (ch == EOF) /* EOF */ {
149
fputs("[EOF]\n", stderr);
152
else if (ch == 0 || ch == 0xE0) {
153
/* FN Keys (0 or E0) are a sentinal for a FN code */
154
ch = (ch << 4) | _getch();
155
/* Catch {DELETE}, {<--}, Num{DEL} and Num{<--} */
156
if ((ch == 0xE53 || ch == 0xE4B || ch == 0x053 || ch == 0x04b) && n) {
157
password[--n] = '\0';
158
fputs("\b \b", stderr);
164
else if ((ch == '\b' || ch == 127) && n) /* BS/DEL */ {
165
password[--n] = '\0';
166
fputs("\b \b", stderr);
168
else if (ch == 3) /* CTRL+C */ {
169
/* _getch() bypasses Ctrl+C but not Ctrl+Break detection! */
170
fputs("^C\n", stderr);
173
else if (ch == 26) /* CTRL+Z */ {
174
fputs("^Z\n", stderr);
177
else if (ch == 27) /* ESC */ {
179
fputs(prompt, stderr);
182
else if ((n < sizeof(password) - 1) && !apr_iscntrl(ch)) {
197
#endif /* no getchar or _getch */
199
#endif /* no getpass */
202
* Use the OS getpass() routine (or our own) to obtain a password from
207
* 5: Partial success; entered text truncated to the size of the
210
* Restrictions: Truncation also occurs according to the host system's
211
* getpass() semantics, or at position 255 if our own version is used,
212
* but the caller is *not* made aware of it unless their own buffer is
213
* smaller than our own.
216
APR_DECLARE(apr_status_t) apr_password_get(const char *prompt, char *pwbuf, apr_size_t *bufsiz)
218
#ifdef HAVE_GETPASSPHRASE
219
char *pw_got = getpassphrase(prompt);
221
char *pw_got = getpass(prompt);
223
apr_status_t rv = APR_SUCCESS;
227
if (strlen(pw_got) >= *bufsiz) {
228
rv = APR_ENAMETOOLONG;
230
apr_cpystrn(pwbuf, pw_got, *bufsiz);
231
memset(pw_got, 0, strlen(pw_got));