Mailing List Archive

Author: Antonio Borneo
Date: Tue Feb 18 06:09:48 2014
New Revision: 544

Log:
Replace obsolete getpass()

Function getpass(3) is reported as obsolete.
Replace it with new vpnc_getpass().
Differences with original implementation:
- output prompt on stdout, instead of /dev/tty;
- input from stdin, instead of /dev/tty;
- password length limited by vpnc_getline() to 200 chars.

Functions tcgetattr()/tcsetattr() return error if stdin
is not a terminal but, e.g., a pipe or a file. I simply
ignore the error, since no need to disable ECHO on them.

Signed-off-by: Antonio Borneo <borneo.antonio@gmail.com>

Modified:
branches/vpnc-nortel/config.c
branches/vpnc-nortel/config.h
branches/vpnc-nortel/sysdep.h
branches/vpnc-nortel/vpnc.c

Modified: branches/vpnc-nortel/config.c
==============================================================================
--- branches/vpnc-nortel/config.c (original)
+++ branches/vpnc-nortel/config.c Tue Feb 18 06:09:48 2014
@@ -159,6 +159,26 @@
if (buf_allocated)
free(buf);
return -1;
+}
+
+char *vpnc_getpass(const char *prompt)
+{
+ struct termios t;
+ char *buf = NULL;
+ size_t len = 0;
+
+ printf("%s", prompt);
+ tcgetattr(STDIN_FILENO, &t);
+ t.c_lflag &= ~ECHO;
+ tcsetattr(STDIN_FILENO, TCSANOW, &t);
+
+ vpnc_getline(&buf, &len, stdin);
+
+ t.c_lflag |= ECHO;
+ tcsetattr(STDIN_FILENO, TCSANOW, &t);
+ printf("\n");
+
+ return buf;
}

static void config_deobfuscate(int obfuscated, int clear)
@@ -1028,7 +1048,9 @@
case CONFIG_IPSEC_SECRET:
case CONFIG_XAUTH_PIN:
case CONFIG_XAUTH_PASSWORD:
- s = strdup(getpass(""));
+ s = vpnc_getpass("");
+ if (s == NULL)
+ error(1, 0, "unable to get password");
break;
case CONFIG_IPSEC_GATEWAY:
case CONFIG_IPSEC_ID:

Modified: branches/vpnc-nortel/config.h
==============================================================================
--- branches/vpnc-nortel/config.h (original)
+++ branches/vpnc-nortel/config.h Tue Feb 18 06:09:48 2014
@@ -141,6 +141,7 @@

extern void hex_dump(const char *str, const void *data, ssize_t len, const struct debug_strings *decode);
extern void do_config(int argc, char **argv);
+extern char *vpnc_getpass(const char *prompt);

extern void (*logmsg)(int priority, const char *format, ...)
__attribute__ ((__format__ (__printf__, 2, 3)));

Modified: branches/vpnc-nortel/sysdep.h
==============================================================================
--- branches/vpnc-nortel/sysdep.h (original)
+++ branches/vpnc-nortel/sysdep.h Tue Feb 18 06:09:48 2014
@@ -115,8 +115,6 @@
#define IPPROTO_ESP 50
#endif

-#define getpass(prompt) getpassphrase(prompt)
-
/* where is this defined? */
#include <sys/socket.h>
const char *inet_ntop(int af, const void *src, char *dst, size_t cnt);

Modified: branches/vpnc-nortel/vpnc.c
==============================================================================
--- branches/vpnc-nortel/vpnc.c (original)
+++ branches/vpnc-nortel/vpnc.c Tue Feb 18 06:09:48 2014
@@ -2508,14 +2508,17 @@
|| ap->type == ISAKMP_XAUTH_02_ATTRIB_USER_PASSWORD) ?
"Password" : "Passcode",
config[CONFIG_XAUTH_USERNAME], ntop_buf);
- pass = getpass(prompt);
+ pass = vpnc_getpass(prompt);
free(prompt);
+ if (pass == NULL)
+ error(2, 0, "unable to get password");

na = new_isakmp_attribute(ap->type, NULL);
na->u.lots.length = strlen(pass);
na->u.lots.data = xallocc(na->u.lots.length);
memcpy(na->u.lots.data, pass, na->u.lots.length);
memset(pass, 0, na->u.lots.length);
+ free(pass);
} else {
if (opt_vendor == VENDOR_NORTEL
&& opt_auth_mode != AUTH_MODE_NORTEL_GPASSWORD)

_______________________________________________
vpnc-devel mailing list
vpnc-devel@unix-ag.uni-kl.de
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/