1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
|
/**
* \file client/getpasswd.c
*
* \brief Routines for obtaining a password from a user.
*/
/* Fwknop is developed primarily by the people listed in the file 'AUTHORS'.
* Copyright (C) 2009-2015 fwknop developers and contributors. For a full
* list of contributors, see the file 'CREDITS'.
*
* License (GNU General Public License):
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
*****************************************************************************
*/
#include <stdio.h>
#include <signal.h>
#ifdef WIN32
#include <conio.h>
#else
#include <termios.h>
#endif
#include "fwknop_common.h"
#include "getpasswd.h"
#include "utils.h"
#define PW_BUFSIZE 128 /*!< Maximum number of chars an encryption key or a password can contain */
#define PW_BREAK_CHAR 0x03 /*!< Ascii code for the Ctrl-C char */
#define PW_BS_CHAR 0x08 /*!< Ascii code for the backspace char */
#define PW_LF_CHAR 0x0A /*!< Ascii code for the \n char */
#define PW_CR_CHAR 0x0D /*!< Ascii code for the \r char */
#define PW_CLEAR_CHAR 0x15 /*!< Ascii code for the Ctrl-U char */
#define ARRAY_FIRST_ELT_ADR(t) &((t)[0]) /*!< Macro to get the first element of an array */
#define ARRAY_LAST_ELT_ADR(t) &((t)[sizeof(t)-1]) /*!< Macro to get the last element of an array */
/**
* @brief Read a password from a stream object
*
* @param stream Pointer to a FILE object that identifies an input stream.
*
* @return The password buffer or NULL if not set
*/
static char *
read_passwd_from_stream(FILE *stream)
{
static char password[PW_BUFSIZE] = {0};
int c;
char *ptr;
ptr = ARRAY_FIRST_ELT_ADR(password);
if(stream == NULL)
return password;
#ifdef WIN32
while((c = _getch()) != PW_CR_CHAR)
#else
while( ((c = getc(stream)) != EOF) && (c != PW_LF_CHAR) && (c != PW_BREAK_CHAR) )
#endif
{
/* Handle a backspace without backing up too far. */
if (c == PW_BS_CHAR)
{
if (ptr != ARRAY_FIRST_ELT_ADR(password))
ptr--;
}
/* Handle a Ctrl-U to clear the password entry and start over */
else if (c == PW_CLEAR_CHAR)
ptr = ARRAY_FIRST_ELT_ADR(password);
/* Fill in the password buffer until it reaches the last -1 char.
* The last char is used to NULL terminate the string. */
else if (ptr < ARRAY_LAST_ELT_ADR(password))
{
*ptr++ = c;
}
/* Discard char */
else;
}
/* A CTRL-C char has been detected, we discard the password */
if (c == PW_BREAK_CHAR)
password[0] = '\0';
/* Otherwise we NULL terminate the string here. Overflows are handled
* previously, so we can add the char without worrying */
else
*ptr = '\0';
return password;
}
/**
* @brief Function for accepting password input from users
*
* The functions reads chars from a buffered stream and store them in a buffer of
* chars. If a file descriptor is supplied then, the password is read from
* the associated stream, otherwise a new buffered stream is created and a
* prompt is displayed to the user.
*
* @param prompt String displayed on the terminal to prompt the user for a
* password or an encryption key
* @param fd File descriptor to use to read the pasword from. If fd is set
* to FD_INVALID, then a new stream is opened.
*
* @return NULL if a problem occurred or the user killed the terminal (Ctrl-C)\n
* otherwise the password - empty password is accepted.
*/
char*
getpasswd(const char *prompt, int fd)
{
char *ptr = NULL;
FILE *fp = NULL;
#ifndef WIN32
sigset_t sig, old_sig;
struct termios ts;
tcflag_t old_c_lflag = 0;
#else
/* Force stdin on windows. */
fd = 0;
#endif
/* If a valid file descriptor is supplied, we try to open a stream from it */
if (FD_IS_VALID(fd))
{
fp = fdopen(fd, "r");
if (fp == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "getpasswd() - "
"Unable to create a stream from the file descriptor : %s",
strerror(errno));
return(NULL);
}
}
#ifndef WIN32
/* Otherwise we are going to open a new stream */
else
{
if((fp = fopen(ctermid(NULL), "r+")) == NULL)
return(NULL);
setbuf(fp, NULL);
/* Setup blocks for SIGINT and SIGTSTP and save the original signal
* mask.
*/
sigemptyset(&sig);
sigaddset(&sig, SIGINT);
sigaddset(&sig, SIGTSTP);
sigprocmask(SIG_BLOCK, &sig, &old_sig);
/*
* Save current tty state for later restoration after we :
* - disable echo of characters to the tty
* - disable signal generation
* - disable canonical mode (input read line by line mode)
*/
tcgetattr(fileno(fp), &ts);
old_c_lflag = ts.c_lflag;
ts.c_lflag &= ~(ECHO | ICANON | ISIG);
tcsetattr(fileno(fp), TCSAFLUSH, &ts);
fputs(prompt, fp);
}
#else
_cputs(prompt);
#endif
/* Read the password */
ptr = read_passwd_from_stream(fp);
#ifdef WIN32
/* In Windows, it would be a CR-LF
*/
_putch(PW_CR_CHAR);
_putch(PW_LF_CHAR);
#else
if(! FD_IS_VALID(fd))
{
/* Reset terminal settings
*/
fputs("\n", fp);
ts.c_lflag = old_c_lflag;
tcsetattr(fileno(fp), TCSAFLUSH, &ts);
}
#endif
fclose(fp);
return (ptr);
}
/* Function for accepting password input from a file
*/
int
get_key_file(char *key, int *key_len, const char *key_file,
fko_ctx_t ctx, const fko_cli_options_t *options)
{
FILE *pwfile_ptr;
unsigned int i = 0, found_dst;
char conf_line_buf[MAX_LINE_LEN] = {0};
char tmp_char_buf[MAX_LINE_LEN] = {0};
char *lptr;
memset(key, 0x00, MAX_KEY_LEN+1);
if ((pwfile_ptr = fopen(key_file, "r")) == NULL)
{
log_msg(LOG_VERBOSITY_ERROR, "Could not open config file: %s", key_file);
return 0;
}
while ((fgets(conf_line_buf, MAX_LINE_LEN, pwfile_ptr)) != NULL)
{
conf_line_buf[MAX_LINE_LEN-1] = '\0';
lptr = conf_line_buf;
memset(tmp_char_buf, 0x0, MAX_LINE_LEN);
while (*lptr == ' ' || *lptr == '\t' || *lptr == '=')
lptr++;
/* Get past comments and empty lines.
*/
if (*lptr == '#' || *lptr == '\n' || *lptr == '\r' || *lptr == '\0' || *lptr == ';')
continue;
/* Look for a line like "<SPA destination IP>: <password>" - this allows
* multiple keys to be placed within the same file, and the client will
* reference the matching one for the SPA server we are contacting
*/
found_dst = 1;
for (i=0; i < strlen(options->spa_server_str); i++)
if (*lptr++ != options->spa_server_str[i])
found_dst = 0;
if (! found_dst)
continue;
if (*lptr == ':')
lptr++;
else
continue;
/* Skip whitespace until we get to the password
*/
while (*lptr == ' ' || *lptr == '\t' || *lptr == '=')
lptr++;
i = 0;
while (*lptr != '\0' && *lptr != '\n') {
key[i] = *lptr;
lptr++;
i++;
}
key[i] = '\0';
}
fclose(pwfile_ptr);
if (key[0] == '\0') {
log_msg(LOG_VERBOSITY_ERROR, "Could not get key for IP: %s from: %s",
options->spa_server_str, key_file);
return 0;
}
*key_len = strlen(key);
return 1;
}
/***EOF***/
|
