static char *getPin(SVRCOREPinObj *obj, const char *tokenName, PRBool retry) { SVRCOREUserPinObj *tty = (SVRCOREUserPinObj*)obj; char line[128]; char *res; /* If the program is not interactive then return no result */ if (!tty->interactive) return 0; #ifdef _WIN32 if (retry) { MessageBox(GetDesktopWindow(), nt_retryWarning, "Netscape Server", MB_ICONEXCLAMATION | MB_OK); } return NT_PromptForPin(tokenName); #else if (retry) fprintf(stdout, "%s\n", retryWarning); echoOff(fileno(stdin)); /*** Please Note: the following printf statement was changed from fprintf(stdout,...) because of an odd problem with the Linux build. The issue is that libc.so has a symbol for stdout and libstdc++.so which we also reference has a symbol for stdout. Normally the libc.so version of stdout is resolved first and writing to stdout is no problem. Unfortunately something happens on Linux which allows the "other" stdout from libstdc++.so to get referenced so that when a call to fprintf(stdout,...) is made the new stdout which has never been initialized get's written to causing a sigsegv. At this point we can not easily remove libstdc++.so from the dependencies because other code which slapd uses happens to be C++ code which causes the reference of libstdc++.so . It was determined that the quickest way to resolve the issue for now was to change the fprintf calls to printf thereby fixing the crashes on a temp basis. Using printf seems to work because it references stdout internally which means it will use the one from libc.so . ***/ printf("%s %s: ", prompt, tokenName); fflush(stdout); /* Read input */ res = fgets(line, sizeof line, stdin); echoOn(fileno(stdin)); printf("\n"); if (!res) return 0; /* Find and kill the newline */ if ((res = strchr(line, '\n')) != NULL) *res = 0; /* Return no-response if user typed an empty line */ if (line[0] == 0) return 0; return strdup(line); #endif /* _WIN32 */ }
char *SEC_GetPassword(FILE *input, FILE *output, char *prompt, PRBool (*ok)(char *)) { #if defined(_WINDOWS) int isTTY = (input == stdin); #define echoOn(x) #define echoOff(x) #else int infd = fileno(input); int isTTY = isatty(infd); #endif char phrase[200] = {'\0'}; /* ensure EOF doesn't return junk */ for (;;) { /* Prompt for password */ if (isTTY) { fprintf(output, "%s", prompt); fflush (output); echoOff(infd); } QUIET_FGETS ( phrase, sizeof(phrase), input); if (isTTY) { fprintf(output, "\n"); echoOn(infd); } /* stomp on newline */ phrase[PORT_Strlen(phrase)-1] = 0; /* Validate password */ if (!(*ok)(phrase)) { /* Not weird enough */ if (!isTTY) return 0; fprintf(output, "Password must be at least 8 characters long with one or more\n"); fprintf(output, "non-alphabetic characters\n"); continue; } return (char*) PORT_Strdup(phrase); } }
int watchdog_pwd_prompt(const char *prompt, int serial, char **pwdvalue, bool smfwatchdog) { char phrase[256]; char *cp; int infd = fileno(stdin); int isTTY = isatty(infd); int plen; /* Turn off buffering to avoid leaving password in I/O buffer */ setbuf(stdin, NULL); /* Prompt for password */ if (isTTY) { fprintf(stdout, "%s", prompt); echoOff(infd); } else { /* * Since stdin is not a tty, fail if the server asks * for the same password. The password is invalid, and it's * unlikely that a non-tty stdin is going to have the valid * one. */ if (watchdog_pwd_lookup((char *)prompt, serial, pwdvalue)) { if (pwdvalue && *pwdvalue) { free((void *)(*pwdvalue)); } return -2; } } /* Return error if EOF */ if (feof(stdin)) { if (isTTY) { echoOn(infd); } return -1; } cp = fgets(phrase, sizeof(phrase), stdin); /* EOF is more likely to be seen here */ if (cp == NULL) { if (isTTY) { echoOn(infd); } return -1; } if (isTTY) { fprintf(stdout, "\n"); echoOn(infd); } if (!smfwatchdog) { /* stomp on newline */ plen = strlen(phrase); if (plen > 0) { phrase[--plen] = 0; } } *pwdvalue = strdup(phrase); /* Clear password from local buffer */ memset((void *)phrase, 0, sizeof(phrase)); return 0; }