/* * Reads a passphrase from /dev/tty with echo turned off/on. Returns the * passphrase (allocated with xmalloc). Exits if EOF is encountered. If * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no * tty is available */ char * read_passphrase(const char *prompt, int flags) { char *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; if (flags & RP_USE_ASKPASS) use_askpass = 1; else if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) { debug("read_passphrase: stdin is not a tty"); use_askpass = 1; } } else { rppflags |= RPP_REQUIRE_TTY; ttyfd = open(_PATH_TTY, O_RDWR); if (ttyfd >= 0) close(ttyfd); else { debug("read_passphrase: can't open %s: %s", _PATH_TTY, strerror(errno)); use_askpass = 1; } } if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); if (use_askpass && getenv("DISPLAY")) { if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); else askpass = _PATH_SSH_ASKPASS_DEFAULT; if ((ret = ssh_askpass(askpass, prompt)) == NULL) if (!(flags & RP_ALLOW_EOF)) return xstrdup(""); return ret; } if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { if (flags & RP_ALLOW_EOF) return NULL; return xstrdup(""); } ret = xstrdup(buf); memset(buf, 'x', sizeof buf); return ret; }
char * lafe_readpassphrase(const char *prompt, char *buf, size_t bufsiz) { char *p; p = readpassphrase(prompt, buf, bufsiz, RPP_ECHO_OFF); if (p == NULL) { switch (errno) { case EINTR: break; default: lafe_errc(1, errno, "Couldn't read passphrase"); break; } } return (p); }
static void authuser(char *myname, char *login_style, int persist) { char *challenge = NULL, *response, rbuf[1024], cbuf[128]; auth_session_t *as; int fd = -1; if (persist) fd = open("/dev/tty", O_RDWR); if (fd != -1) { if (ioctl(fd, TIOCCHKVERAUTH) == 0) goto good; } if (!(as = auth_userchallenge(myname, login_style, "auth-doas", &challenge))) errx(1, "Authorization failed"); if (!challenge) { char host[HOST_NAME_MAX + 1]; if (gethostname(host, sizeof(host))) snprintf(host, sizeof(host), "?"); snprintf(cbuf, sizeof(cbuf), "\rdoas (%.32s@%.32s) password: "******"tty required for %s", myname); errx(1, "a tty is required"); } if (!auth_userresponse(as, response, 0)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); errc(1, EPERM, NULL); } explicit_bzero(rbuf, sizeof(rbuf)); good: if (fd != -1) { int secs = 5 * 60; ioctl(fd, TIOCSETVERAUTH, &secs); close(fd); } }
/* * Reads a passphrase from /dev/tty with echo turned off/on. Returns the * passphrase (allocated with xmalloc). Exits if EOF is encountered. If * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no * tty is available */ char * read_passphrase(const char *prompt, int flags) { char *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) use_askpass = 1; } else { rppflags |= RPP_REQUIRE_TTY; ttyfd = open(_PATH_TTY, O_RDWR); if (ttyfd >= 0) close(ttyfd); else use_askpass = 1; } if (use_askpass && getenv("DISPLAY")) { if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); else askpass = _PATH_SSH_ASKPASS_DEFAULT; return ssh_askpass(askpass, prompt); } if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { if (flags & RP_ALLOW_EOF) return NULL; return xstrdup(""); } ret = xstrdup(buf); memset(buf, 'x', sizeof buf); return ret; }
char * readline(char *prompt) { char *buf = NULL, *s = NULL, *p = NULL, *newline = NULL; if (tds_rl_instream == NULL) s = readpassphrase((const char *) prompt, passbuf, sizeof(passbuf), RPP_ECHO_ON | RPP_TIMEOUT_OFF); else s = fgets(passbuf, sizeof(passbuf), tds_rl_instream); if (s != NULL) { buf = (char *) malloc(strlen(s) + 1); strcpy(buf, s); } /* readline is documented to eat the newline. */ if (buf) { newline = strchr(buf, '\n'); if (newline) *newline = '\0'; } return buf; } /* readline */
int main(int argc, char** argv) { char salt[_PASSWORD_LEN], tmpl[sizeof("/tmp/htpasswd-XXXXXXXXXX")]; char hash[_PASSWORD_LEN], pass[1024], pass2[1024]; char *line = NULL, *login = NULL, *tok; int c, fd, loginlen, batch = 0; FILE *in = NULL, *out = NULL; const char *file = NULL; size_t linesize = 0; ssize_t linelen; mode_t old_umask; #ifdef __OpenBSD__ if (pledge("stdio rpath wpath cpath flock tmppath tty", NULL) == -1) err(1, "pledge"); #endif while ((c = getopt(argc, argv, "I")) != -1) { switch (c) { case 'I': batch = 1; break; default: usage(); /* NOT REACHED */ break; } } argc -= optind; argv += optind; if (batch) { if (argc == 1) file = argv[0]; else if (argc > 1) usage(); #ifdef __OpenBSD__ else if (pledge("stdio", NULL) == -1) err(1, "pledge"); #endif if ((linelen = getline(&line, &linesize, stdin)) == -1) err(1, "cannot read login:password from stdin"); line[linelen-1] = '\0'; if ((tok = strstr(line, ":")) == NULL) errx(1, "cannot find ':' in input"); *tok++ = '\0'; if ((loginlen = asprintf(&login, "%s:", line)) == -1) err(1, "asprintf"); if (strlcpy(pass, tok, sizeof(pass)) >= sizeof(pass)) errx(1, "password too long"); } else { switch (argc) { case 1: #ifdef __OpenBSD__ if (pledge("stdio tty", NULL) == -1) err(1, "pledge"); #endif if ((loginlen = asprintf(&login, "%s:", argv[0])) == -1) err(1, "asprintf"); break; case 2: file = argv[0]; if ((loginlen = asprintf(&login, "%s:", argv[1])) == -1) err(1, "asprintf"); break; default: usage(); /* NOT REACHED */ break; } if (!readpassphrase("Password: "******"unable to read password"); if (!readpassphrase("Retype Password: "******"unable to read password"); } if (strcmp(pass, pass2) != 0) { explicit_bzero(pass, sizeof(pass)); explicit_bzero(pass2, sizeof(pass2)); errx(1, "passwords don't match"); } explicit_bzero(pass2, sizeof(pass2)); } if (strlcpy(salt, bcrypt_gensalt(8), sizeof(salt)) >= sizeof(salt)) errx(1, "salt too long"); if (strlcpy(hash, bcrypt(pass, salt), sizeof(hash)) >= sizeof(hash)) errx(1, "hash too long"); explicit_bzero(pass, sizeof(pass)); if (file == NULL) printf("%s%s\n", login, hash); else { if ((in = fopen(file, "r+")) == NULL) { if (errno == ENOENT) { old_umask = umask(S_IXUSR| S_IWGRP|S_IRGRP|S_IXGRP| S_IWOTH|S_IROTH|S_IXOTH); if ((out = fopen(file, "w")) == NULL) err(1, "cannot open password file for" " reading or writing"); umask(old_umask); } else err(1, "cannot open password file for" " reading or writing"); } else if (flock(fileno(in), LOCK_EX|LOCK_NB) == -1) errx(1, "cannot lock password file"); /* file already exits, copy content and filter login out */ if (out == NULL) { strlcpy(tmpl, "/tmp/htpasswd-XXXXXXXXXX", sizeof(tmpl)); if ((fd = mkstemp(tmpl)) == -1) err(1, "mkstemp"); if ((out = fdopen(fd, "w+")) == NULL) err(1, "cannot open tempfile"); while ((linelen = getline(&line, &linesize, in)) != -1) { if (strncmp(line, login, loginlen) != 0) { if (fprintf(out, "%s", line) == -1) errx(1, "cannot write to temp " "file"); nag(line); } } } if (fprintf(out, "%s%s\n", login, hash) == -1) errx(1, "cannot write new password hash"); /* file already exists, overwrite it */ if (in != NULL) { if (fseek(in, 0, SEEK_SET) == -1) err(1, "cannot seek in password file"); if (fseek(out, 0, SEEK_SET) == -1) err(1, "cannot seek in temp file"); if (ftruncate(fileno(in), 0) == -1) err(1, "cannot truncate password file"); while ((linelen = getline(&line, &linesize, out)) != -1) if (fprintf(in, "%s", line) == -1) errx(1, "cannot write to password " "file"); if (fclose(in) == EOF) err(1, "cannot close password file"); } if (fclose(out) == EOF) { if (in != NULL) err(1, "cannot close temp file"); else err(1, "cannot close password file"); } if (in != NULL && unlink(tmpl) == -1) err(1, "cannot delete temp file (%s)", tmpl); } if (nagcount >= MAXNAG) warnx("%d more logins not using bcryt.", nagcount - MAXNAG); exit(0); }
int main(int argc, char *argv[]) { struct vfsconf vfc; mntoptparse_t mp; struct stat st; char *name, *srv, *p; char *port, *asrv, *aport; char mntpath[MAXPATHLEN]; char pass[NAMELEN], akey[DESKEYLEN]; int mntflags, altflags, noauth, c; getmnt_silent = 0; mntflags = 0; altflags = 0; pass[0] = '\0'; port = "564"; asrv = NULL; aport = "567"; noauth = 0; while ((c=getopt(argc, argv, "ho:")) != -1) { switch(c) { case 'o': altflags = 0; mp = getmntopts(optarg, mopts, &mntflags, &altflags); if (mp == NULL) err(EX_USAGE, "getmntopts: %s", optarg); if (altflags & ALTF_UNAME) args.uname = egetmntoptstr(mp, "uname"); if (altflags & ALTF_ANAME) args.aname = egetmntoptstr(mp, "aname"); if (altflags & ALTF_VOLUME) args.volume = egetmntoptstr(mp, "volume"); if (altflags & ALTF_PASS) { p = egetmntoptstr(mp, "pass"); strlcpy(pass, p, NAMELEN); } if (altflags & ALTF_PORT) port = egetmntoptstr(mp, "port"); if (altflags & ALTF_ASRV) asrv = egetmntoptstr(mp, "asrv"); if (altflags & ALTF_APORT) aport = egetmntoptstr(mp, "aport"); if (altflags & ALTF_NOAUTH) noauth = 1; /* flags */ if (altflags & ALTF_CHATTY9P) args.flags |= FLAG_CHATTY9P; if (altflags & ALTF_DSSTORE) args.flags &= ~FLAG_DSSTORE; if (altflags & ALTF_DOTU) args.flags |= FLAG_DOTU; freemntopts(mp); break; default: Usage: fprintf(stderr, "Usage: mount_%s [-o options] srv node\n", VFS9PNAME); exit(EX_USAGE); } } argc -= optind; argv += optind; if (argc != 2) goto Usage; srv = *argv++; name = *argv; // check path if (!realpath(name, mntpath) || stat(mntpath, &st)<0) err(EX_USAGE, "%s", mntpath); if (!S_ISDIR(st.st_mode)) { errno = ENOTDIR; err(EX_USAGE, "%s", mntpath); } if (*srv == '/') noauth++; getaddr(&args.addr, &args.addrlen, srv, port); if (!noauth) { if (asrv == NULL) asrv = srv; getaddr(&args.authaddr, &args.authaddrlen, asrv, aport); if (*pass == '\0') { if (!readpassphrase("Password: "******"USER"); if (!args.uname) args.uname = "none"; args.spec = srv; if (getvfsbyname(VFS9PNAME, &vfc) < 0) { if (load9p() < 0) err(1, NULL); if (getvfsbyname(VFS9PNAME, &vfc) < 0) errx(EX_UNAVAILABLE, "%s filesystem is not available", VFS9PNAME); } if (mount(vfc.vfc_name, mntpath, mntflags, &args) < 0) err(1, "mount %s %s", srv, mntpath); return 0; }
string g_GetPasswordFromConsole(const string& prompt) { string password; CMutex lock; CMutexGuard guard(lock); #if defined(NCBI_OS_UNIX) // UNIX implementation #if defined(HAVE_READPASSPHRASE) char password_buffer[1024]; char* raw_password = readpassphrase(prompt.c_str(), password_buffer, sizeof(password_buffer), RPP_ECHO_OFF | RPP_REQUIRE_TTY); #elif defined(HAVE_GETPASSPHRASE) char* raw_password = getpassphrase(prompt.c_str()); #elif defined(HAVE_GETPASS) char* raw_password = getpass(prompt.c_str()); #else # error "Unsupported Unix platform; the getpass, getpassphrase, and readpassphrase functions are all absent" #endif if (!raw_password) NCBI_THROW (CGetPasswordFromConsoleException, eGetPassError, "g_GetPasswordFromConsole(): error getting password"); password = string(raw_password); #elif defined(NCBI_OS_MSWIN) // Windows implementation for (size_t index = 0; index < prompt.size(); ++index) { _putch(prompt[index]); } for (;;) { char ch; ch = _getch(); if (ch == '\r' || ch == '\n') break; if (ch == '\003') NCBI_THROW(CGetPasswordFromConsoleException, eKeyboardInterrupt, "g_GetPasswordFromConsole(): keyboard interrupt"); if (ch == '\b') { if ( !password.empty() ) { password.resize(password.size() - 1); } } else password.append(1, ch); } _putch('\r'); _putch('\n'); #endif return password; }
static void setup_passphrase(struct g_bde_softc *sc, int sure, const char *input, const char *keyfile) { char buf1[BUFSIZ + SHA512_DIGEST_LENGTH]; char buf2[BUFSIZ + SHA512_DIGEST_LENGTH]; char *p; int kfd, klen, bpos = 0; if (keyfile != NULL) { /* Read up to BUFSIZ bytes from keyfile */ kfd = open(keyfile, O_RDONLY, 0); if (kfd < 0) err(1, "%s", keyfile); klen = read(kfd, buf1, BUFSIZ); if (klen == -1) err(1, "%s", keyfile); close(kfd); /* Prepend the passphrase with the hash of the key read */ g_bde_hash_pass(sc, buf1, klen); memcpy(buf1, sc->sha2, SHA512_DIGEST_LENGTH); memcpy(buf2, sc->sha2, SHA512_DIGEST_LENGTH); bpos = SHA512_DIGEST_LENGTH; } if (input != NULL) { if (strlen(input) >= BUFSIZ) errx(1, "Passphrase too long"); strcpy(buf1 + bpos, input); g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos); memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH); return; } for (;;) { p = readpassphrase( sure ? "Enter new passphrase:" : "Enter passphrase: ", buf1 + bpos, sizeof buf1 - bpos, RPP_ECHO_OFF | RPP_REQUIRE_TTY); if (p == NULL) err(1, "readpassphrase"); if (sure) { p = readpassphrase("Reenter new passphrase: ", buf2 + bpos, sizeof buf2 - bpos, RPP_ECHO_OFF | RPP_REQUIRE_TTY); if (p == NULL) err(1, "readpassphrase"); if (strcmp(buf1 + bpos, buf2 + bpos)) { printf("They didn't match.\n"); continue; } } if (strlen(buf1 + bpos) < 3) { printf("Too short passphrase.\n"); continue; } break; } g_bde_hash_pass(sc, buf1, strlen(buf1 + bpos) + bpos); memcpy(sha2, sc->sha2, SHA512_DIGEST_LENGTH); }
char * get_pkcs_key(char *arg, char *saltopt) { char passphrase[128]; char saltbuf[128], saltfilebuf[PATH_MAX]; char *key = NULL; char *saltfile; const char *errstr; int rounds; rounds = strtonum(arg, 1000, INT_MAX, &errstr); if (errstr) err(1, "rounds: %s", errstr); bzero(passphrase, sizeof(passphrase)); if (readpassphrase("Encryption key: ", passphrase, sizeof(passphrase), RPP_REQUIRE_TTY) == NULL) errx(1, "Unable to read passphrase"); if (saltopt) saltfile = saltopt; else { printf("Salt file: "); fflush(stdout); saltfile = fgets(saltfilebuf, sizeof(saltfilebuf), stdin); if (saltfile) saltfile[strcspn(saltfile, "\n")] = '\0'; } if (!saltfile || saltfile[0] == '\0') { warnx("Skipping salt file, insecure"); memset(saltbuf, 0, sizeof(saltbuf)); } else { int fd; fd = open(saltfile, O_RDONLY); if (fd == -1) { int *s; fprintf(stderr, "Salt file not found, attempting to " "create one\n"); fd = open(saltfile, O_RDWR|O_CREAT|O_EXCL, 0600); if (fd == -1) err(1, "Unable to create salt file: '%s'", saltfile); for (s = (int *)saltbuf; s < (int *)(saltbuf + sizeof(saltbuf)); s++) *s = arc4random(); if (write(fd, saltbuf, sizeof(saltbuf)) != sizeof(saltbuf)) err(1, "Unable to write salt file: '%s'", saltfile); fprintf(stderr, "Salt file created as '%s'\n", saltfile); } else { if (read(fd, saltbuf, sizeof(saltbuf)) != sizeof(saltbuf)) err(1, "Unable to read salt file: '%s'", saltfile); } close(fd); } if ((key = calloc(1, BLF_MAXUTILIZED)) == NULL) err(1, NULL); if (pkcs5_pbkdf2(passphrase, sizeof(passphrase), saltbuf, sizeof (saltbuf), key, BLF_MAXUTILIZED, rounds)) errx(1, "pkcs5_pbkdf2 failed"); memset(passphrase, 0, sizeof(passphrase)); return (key); }
int main(int argc, char **argv) { struct ui u; char *config_path[4] = {NULL, NULL, NULL, NULL}; int num_config = 2; memset(&u, 0, sizeof(u)); hgd_debug = 3; /* XXX config file or getopt */ host = xstrdup(HGD_DFL_HOST); #ifdef HAVE_LIBCONFIG config_path[0] = NULL; xasprintf(&config_path[1], "%s", HGD_GLOBAL_CFG_DIR HGD_CLI_CFG ); config_path[2] = hgd_get_XDG_userprefs_location(hgdc); #endif hgd_read_config(config_path + num_config); while(num_config > 0) { if (config_path[num_config] != NULL) { free (config_path[num_config]); config_path[num_config] = NULL; } num_config--; } if (init_log() != HGD_OK) hgd_exit_nicely(); /* XXX proper dialog box needed */ if (password == NULL) { password = xmalloc(HGD_MAX_PASS_SZ); if (readpassphrase("Password: "******"Can't read password"); hgd_exit_nicely(); } } hgd_register_sig_handlers(); initscr(); cbreak(); keypad(stdscr, TRUE); noecho(); if (has_colors()) { if (start_color() == ERR) DPRINTF(HGD_D_WARN, "Could not initialise colour terminal"); } /* XXX fall back implementations for B+W terms? */ init_pair(HGD_CPAIR_BARS, COLOR_YELLOW, COLOR_BLUE); init_pair(HGD_CPAIR_SELECTED, COLOR_BLACK, COLOR_WHITE); init_pair(HGD_CPAIR_DIALOG, COLOR_BLACK, COLOR_CYAN); init_pair(HGD_CPAIR_PBAR_BG, COLOR_YELLOW, COLOR_BLACK); /* initialise top and bottom bars */ if (hgd_init_titlebar(&u) != HGD_OK) hgd_exit_nicely(); if (hgd_init_statusbar(&u) != HGD_OK) hgd_exit_nicely(); /* and all content windows */ if (hgd_init_files_win(&u) != HGD_OK) hgd_exit_nicely(); if (hgd_init_console_win(&u) != HGD_OK) hgd_exit_nicely(); if (hgd_init_playlist_win(&u) != HGD_OK) hgd_exit_nicely(); /* start on the playlist */ hgd_switch_content(&u, HGD_WIN_PLAYLIST); if (user == NULL) user = getenv("USER"); /* XXX duplicated */ if (hgd_ui_connect(&u) != HGD_OK) hgd_exit_nicely(); /* main event loop */ DPRINTF(HGD_D_INFO, "nchgdc event loop starting"); hgd_event_loop(&u); DPRINTF(HGD_D_INFO, "Closing down"); hgd_free_content_win(&u, HGD_WIN_PLAYLIST); hgd_free_content_win(&u, HGD_WIN_FILES); hgd_free_content_win(&u, HGD_WIN_CONSOLE); delwin(u.status); delwin(u.title); exit_ok = 1; hgd_exit_nicely(); return 0; }
int main(int argc, char *argv[]) { int sockfd, numbytes; char buf[MAXDATASIZE]; struct hostent *he; // connectors address information: struct sockaddr_in their_addr; // if no command line argument supplied: if(argc != 2) { fprintf(stderr, "Client-Usage: %s the_client_hostname\n", argv[0]); exit(EXIT_FAILURE); } // get the host info if((he=gethostbyname(argv[1])) == NULL) { perror("gethostbyname()"); exit(EXIT_FAILURE); } printf("Client-The remote host is: %s\n", argv[1]); if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket()"); exit(EXIT_FAILURE); } printf("Client-The socket() sockfd is %d\n", sockfd); // short, network byte order: printf("Server-Using %s and port %d...\n", argv[1], PORT); // host byte order their_addr.sin_family = AF_INET; their_addr.sin_port = htons(PORT); their_addr.sin_addr = *((struct in_addr *)he->h_addr); // zero the rest of the struct memset(&(their_addr.sin_zero), '\0', 8); if(connect(sockfd, (struct sockaddr *) &their_addr, sizeof(struct sockaddr) ) == -1) { perror("connect()"); exit(EXIT_FAILURE); } printf("Client-The connect() is OK...\n"); // Zauberwort senden: char alohomora[] = "auth\n"; if ((numbytes = send(sockfd, alohomora, strlen(alohomora), 0)) < 0) { perror("sending \"auth\\n\" failed"); exit(EXIT_FAILURE); } // Benutzernamen einlesen: char * username[MAX_USERNAME]; printf("Benutzername: "); fgets(username, MAX_USERNAME, stdin); // Benutzernamen senden: send(sockfd, username, strlen(username), 0); // Passwort einlesen: char * password = (char *) malloc(_PASSWORD_LEN); readpassphrase("Passwort: ", password, sizeof(password), 0); // Passwort senden // OMG - IM KLARTEXT!!!! Dafür stirbt gerade eine Nyan Katze. send(sockfd, password, strlen(password), 0); // Antwort von Authentifizierung empfangen: if((numbytes = recv(sockfd, buf, MAX_SIZE, 0)) < 0) { perror("recv()"); exit(EXIT_FAILURE); } else { printf("=> %s", buf); } char cmd = ' '; while (cmd != '0') { print_auswahlmenu(); cmd = fgetc(stdin); switch (cmd) { case '0': break; case 't': send_test(sockfd); break; } } /*buf[numbytes] = '\0';*/ printf("Client-Closing sockfd\n"); close(sockfd); return EXIT_SUCCESS; }
static char * ssh_askpass(char *askpass, const char *msg) { pid_t pid; size_t len; char *pass; int p[2], status, ret; char buf[1024]; if (fflush(stdout) != 0) error("ssh_askpass: fflush: %s", strerror(errno)); if (askpass == NULL) fatal("internal error: askpass undefined"); if (pipe(p) < 0) { error("ssh_askpass: pipe: %s", strerror(errno)); return NULL; } #ifdef __uClinux__ if ((pid = vfork()) < 0) { #else if ((pid = fork()) < 0) { #endif error("ssh_askpass: fork: %s", strerror(errno)); return NULL; } if (pid == 0) { seteuid(getuid()); setuid(getuid()); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); execlp(askpass, askpass, msg, (char *) 0); fatal("ssh_askpass: exec(%s): %s", askpass, strerror(errno)); #ifdef __uClinux__ _exit(0); #else exit(0); #endif } close(p[1]); len = ret = 0; do { ret = read(p[0], buf + len, sizeof(buf) - 1 - len); if (ret == -1 && errno == EINTR) continue; if (ret <= 0) break; len += ret; } while (sizeof(buf) - 1 - len > 0); buf[len] = '\0'; close(p[0]); while (waitpid(pid, &status, 0) < 0) if (errno != EINTR) break; if (!WIFEXITED(status) || WEXITSTATUS(status) != 0) { memset(buf, 0, sizeof(buf)); return NULL; } buf[strcspn(buf, "\r\n")] = '\0'; pass = xstrdup(buf); memset(buf, 0, sizeof(buf)); return pass; } /* * Reads a passphrase from /dev/tty with echo turned off/on. Returns the * passphrase (allocated with xmalloc). Exits if EOF is encountered. If * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no * tty is available */ char * read_passphrase(const char *prompt, int flags) { char *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; if (flags & RP_USE_ASKPASS) use_askpass = 1; else if (flags & RP_ALLOW_STDIN) { if (!isatty(STDIN_FILENO)) { debug("read_passphrase: stdin is not a tty"); use_askpass = 1; } } else { rppflags |= RPP_REQUIRE_TTY; ttyfd = open(_PATH_TTY, O_RDWR); if (ttyfd >= 0) close(ttyfd); else { debug("read_passphrase: can't open %s: %s", _PATH_TTY, strerror(errno)); use_askpass = 1; } } if ((flags & RP_USE_ASKPASS) && getenv("DISPLAY") == NULL) return (flags & RP_ALLOW_EOF) ? NULL : xstrdup(""); if (use_askpass && getenv("DISPLAY")) { if (getenv(SSH_ASKPASS_ENV)) askpass = getenv(SSH_ASKPASS_ENV); else askpass = _PATH_SSH_ASKPASS_DEFAULT; if ((ret = ssh_askpass(askpass, prompt)) == NULL) if (!(flags & RP_ALLOW_EOF)) return xstrdup(""); return ret; } if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) { if (flags & RP_ALLOW_EOF) return NULL; return xstrdup(""); } ret = xstrdup(buf); memset(buf, 'x', sizeof buf); return ret; }
int main(int argc, char **argv) { char *infile = NULL; Filename *infilename = NULL, *outfilename = NULL; enum { NOKEYGEN, RSA1, RSA2, DSA, ECDSA, ED25519 } keytype = NOKEYGEN; char *outfile = NULL, *outfiletmp = NULL; enum { PRIVATE, PUBLIC, PUBLICO, FP, OPENSSH_AUTO, OPENSSH_NEW, SSHCOM } outtype = PRIVATE; int bits = -1; char *comment = NULL, *origcomment = NULL; int change_passphrase = FALSE; int errs = FALSE, nogo = FALSE; int intype = SSH_KEYTYPE_UNOPENABLE; int sshver = 0; struct ssh2_userkey *ssh2key = NULL; struct RSAKey *ssh1key = NULL; unsigned char *ssh2blob = NULL; char *ssh2alg = NULL; const struct ssh_signkey *ssh2algf = NULL; int ssh2bloblen; char *old_passphrase = NULL, *new_passphrase = NULL; int load_encrypted; progfn_t progressfn = is_interactive() ? progress_update : no_progress; const char *random_device = NULL; /* ------------------------------------------------------------------ * Parse the command line to figure out what we've been asked to do. */ /* * If run with no arguments at all, print the usage message and * return success. */ if (argc <= 1) { usage(TRUE); return 0; } /* * Parse command line arguments. */ while (--argc) { char *p = *++argv; if (*p == '-') { /* * An option. */ while (p && *++p) { char c = *p; switch (c) { case '-': /* * Long option. */ { char *opt, *val; opt = p++; /* opt will have _one_ leading - */ while (*p && *p != '=') p++; /* find end of option */ if (*p == '=') { *p++ = '\0'; val = p; } else val = NULL; if (!strcmp(opt, "-help")) { if (val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects no argument\n", opt); } else { help(); nogo = TRUE; } } else if (!strcmp(opt, "-version")) { if (val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects no argument\n", opt); } else { showversion(); nogo = TRUE; } } else if (!strcmp(opt, "-pgpfp")) { if (val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects no argument\n", opt); } else { /* support --pgpfp for consistency */ pgp_fingerprints(); nogo = TRUE; } } else if (!strcmp(opt, "-old-passphrase")) { if (!val && argc > 1) --argc, val = *++argv; if (!val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects an argument\n", opt); } else { old_passphrase = readpassphrase(val); if (!old_passphrase) errs = TRUE; } } else if (!strcmp(opt, "-new-passphrase")) { if (!val && argc > 1) --argc, val = *++argv; if (!val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects an argument\n", opt); } else { new_passphrase = readpassphrase(val); if (!new_passphrase) errs = TRUE; } } else if (!strcmp(opt, "-random-device")) { if (!val && argc > 1) --argc, val = *++argv; if (!val) { errs = TRUE; fprintf(stderr, "puttygen: option `-%s'" " expects an argument\n", opt); } else { random_device = val; } } else { errs = TRUE; fprintf(stderr, "puttygen: no such option `-%s'\n", opt); } } p = NULL; break; case 'h': case 'V': case 'P': case 'l': case 'L': case 'p': case 'q': /* * Option requiring no parameter. */ switch (c) { case 'h': help(); nogo = TRUE; break; case 'V': showversion(); nogo = TRUE; break; case 'P': change_passphrase = TRUE; break; case 'l': outtype = FP; break; case 'L': outtype = PUBLICO; break; case 'p': outtype = PUBLIC; break; case 'q': progressfn = no_progress; break; } break; case 't': case 'b': case 'C': case 'O': case 'o': /* * Option requiring parameter. */ p++; if (!*p && argc > 1) --argc, p = *++argv; else if (!*p) { fprintf(stderr, "puttygen: option `-%c' expects a" " parameter\n", c); errs = TRUE; } /* * Now c is the option and p is the parameter. */ switch (c) { case 't': if (!strcmp(p, "rsa") || !strcmp(p, "rsa2")) keytype = RSA2, sshver = 2; else if (!strcmp(p, "rsa1")) keytype = RSA1, sshver = 1; else if (!strcmp(p, "dsa") || !strcmp(p, "dss")) keytype = DSA, sshver = 2; else if (!strcmp(p, "ecdsa")) keytype = ECDSA, sshver = 2; else if (!strcmp(p, "ed25519")) keytype = ED25519, sshver = 2; else { fprintf(stderr, "puttygen: unknown key type `%s'\n", p); errs = TRUE; } break; case 'b': bits = atoi(p); break; case 'C': comment = p; break; case 'O': if (!strcmp(p, "public")) outtype = PUBLIC; else if (!strcmp(p, "public-openssh")) outtype = PUBLICO; else if (!strcmp(p, "private")) outtype = PRIVATE; else if (!strcmp(p, "fingerprint")) outtype = FP; else if (!strcmp(p, "private-openssh")) outtype = OPENSSH_AUTO, sshver = 2; else if (!strcmp(p, "private-openssh-new")) outtype = OPENSSH_NEW, sshver = 2; else if (!strcmp(p, "private-sshcom")) outtype = SSHCOM, sshver = 2; else { fprintf(stderr, "puttygen: unknown output type `%s'\n", p); errs = TRUE; } break; case 'o': outfile = p; break; } p = NULL; /* prevent continued processing */ break; default: /* * Unrecognised option. */ errs = TRUE; fprintf(stderr, "puttygen: no such option `-%c'\n", c); break; } } } else { /* * A non-option argument. */ if (!infile) infile = p; else { errs = TRUE; fprintf(stderr, "puttygen: cannot handle more than one" " input file\n"); } } } if (bits == -1) { /* * No explicit key size was specified. Default varies * depending on key type. */ switch (keytype) { case ECDSA: bits = 384; break; case ED25519: bits = 256; break; default: bits = DEFAULT_RSADSA_BITS; break; } } if (keytype == ECDSA && (bits != 256 && bits != 384 && bits != 521)) { fprintf(stderr, "puttygen: invalid bits for ECDSA, choose 256, 384 or 521\n"); errs = TRUE; } if (keytype == ED25519 && (bits != 256)) { fprintf(stderr, "puttygen: invalid bits for ED25519, choose 256\n"); errs = TRUE; } if (keytype == RSA2 || keytype == RSA1 || keytype == DSA) { if (bits < 256) { fprintf(stderr, "puttygen: cannot generate %s keys shorter than" " 256 bits\n", (keytype == DSA ? "DSA" : "RSA")); errs = TRUE; } else if (bits < DEFAULT_RSADSA_BITS) { fprintf(stderr, "puttygen: warning: %s keys shorter than" " %d bits are probably not secure\n", (keytype == DSA ? "DSA" : "RSA"), DEFAULT_RSADSA_BITS); /* but this is just a warning, so proceed anyway */ } } if (errs) return 1; if (nogo) return 0; /* * If run with at least one argument _but_ not the required * ones, print the usage message and return failure. */ if (!infile && keytype == NOKEYGEN) { usage(TRUE); return 1; } /* ------------------------------------------------------------------ * Figure out further details of exactly what we're going to do. */ /* * Bomb out if we've been asked to both load and generate a * key. */ if (keytype != NOKEYGEN && infile) { fprintf(stderr, "puttygen: cannot both load and generate a key\n"); return 1; } /* * We must save the private part when generating a new key. */ if (keytype != NOKEYGEN && (outtype != PRIVATE && outtype != OPENSSH_AUTO && outtype != OPENSSH_NEW && outtype != SSHCOM)) { fprintf(stderr, "puttygen: this would generate a new key but " "discard the private part\n"); return 1; } /* * Analyse the type of the input file, in case this affects our * course of action. */ if (infile) { infilename = filename_from_str(infile); intype = key_type(infilename); switch (intype) { case SSH_KEYTYPE_UNOPENABLE: case SSH_KEYTYPE_UNKNOWN: fprintf(stderr, "puttygen: unable to load file `%s': %s\n", infile, key_type_to_str(intype)); return 1; case SSH_KEYTYPE_SSH1: case SSH_KEYTYPE_SSH1_PUBLIC: if (sshver == 2) { fprintf(stderr, "puttygen: conversion from SSH-1 to SSH-2 keys" " not supported\n"); return 1; } sshver = 1; break; case SSH_KEYTYPE_SSH2: case SSH_KEYTYPE_SSH2_PUBLIC_RFC4716: case SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH: case SSH_KEYTYPE_OPENSSH_PEM: case SSH_KEYTYPE_OPENSSH_NEW: case SSH_KEYTYPE_SSHCOM: if (sshver == 1) { fprintf(stderr, "puttygen: conversion from SSH-2 to SSH-1 keys" " not supported\n"); return 1; } sshver = 2; break; case SSH_KEYTYPE_OPENSSH_AUTO: default: assert(0 && "Should never see these types on an input file"); } } /* * Determine the default output file, if none is provided. * * This will usually be equal to stdout, except that if the * input and output file formats are the same then the default * output is to overwrite the input. * * Also in this code, we bomb out if the input and output file * formats are the same and no other action is performed. */ if ((intype == SSH_KEYTYPE_SSH1 && outtype == PRIVATE) || (intype == SSH_KEYTYPE_SSH2 && outtype == PRIVATE) || (intype == SSH_KEYTYPE_OPENSSH_PEM && outtype == OPENSSH_AUTO) || (intype == SSH_KEYTYPE_OPENSSH_NEW && outtype == OPENSSH_NEW) || (intype == SSH_KEYTYPE_SSHCOM && outtype == SSHCOM)) { if (!outfile) { outfile = infile; outfiletmp = dupcat(outfile, ".tmp", NULL); } if (!change_passphrase && !comment) { fprintf(stderr, "puttygen: this command would perform no useful" " action\n"); return 1; } } else { if (!outfile) { /* * Bomb out rather than automatically choosing to write * a private key file to stdout. */ if (outtype == PRIVATE || outtype == OPENSSH_AUTO || outtype == OPENSSH_NEW || outtype == SSHCOM) { fprintf(stderr, "puttygen: need to specify an output file\n"); return 1; } } } /* * Figure out whether we need to load the encrypted part of the * key. This will be the case if either (a) we need to write * out a private key format, or (b) the entire input key file * is encrypted. */ if (outtype == PRIVATE || outtype == OPENSSH_AUTO || outtype == OPENSSH_NEW || outtype == SSHCOM || intype == SSH_KEYTYPE_OPENSSH_PEM || intype == SSH_KEYTYPE_OPENSSH_NEW || intype == SSH_KEYTYPE_SSHCOM) load_encrypted = TRUE; else load_encrypted = FALSE; if (load_encrypted && (intype == SSH_KEYTYPE_SSH1_PUBLIC || intype == SSH_KEYTYPE_SSH2_PUBLIC_RFC4716 || intype == SSH_KEYTYPE_SSH2_PUBLIC_OPENSSH)) { fprintf(stderr, "puttygen: cannot perform this action on a " "public-key-only input file\n"); return 1; } /* ------------------------------------------------------------------ * Now we're ready to actually do some stuff. */ /* * Either load or generate a key. */ if (keytype != NOKEYGEN) { char *entropy; char default_comment[80]; struct tm tm; struct progress prog; prog.phase = -1; prog.current = -1; tm = ltime(); if (keytype == DSA) strftime(default_comment, 30, "dsa-key-%Y%m%d", &tm); else if (keytype == ECDSA) strftime(default_comment, 30, "ecdsa-key-%Y%m%d", &tm); else if (keytype == ED25519) strftime(default_comment, 30, "ed25519-key-%Y%m%d", &tm); else strftime(default_comment, 30, "rsa-key-%Y%m%d", &tm); random_ref(); entropy = get_random_data(bits / 8, random_device); if (!entropy) { fprintf(stderr, "puttygen: failed to collect entropy, " "could not generate key\n"); return 1; } random_add_heavynoise(entropy, bits / 8); smemclr(entropy, bits/8); sfree(entropy); if (keytype == DSA) { struct dss_key *dsskey = snew(struct dss_key); dsa_generate(dsskey, bits, progressfn, &prog); ssh2key = snew(struct ssh2_userkey); ssh2key->data = dsskey; ssh2key->alg = &ssh_dss; ssh1key = NULL; } else if (keytype == ECDSA) {
int main(int argc, char *argv[]) { int echo = 0; #ifdef notyet int print_statistics = 0; #endif int fipsflagger = 0; int perfstats = 0; int no_prompt = 0; int use_encryption = 0; int chained_transactions = 0; const char *cmdend = "go"; int headers = 0; char *columnwidth = NULL; const char *colseparator = " "; const char *lineseparator = "\n"; int timeout = 0; char *username = NULL; char *password = NULL; char *server = NULL; DBCHAR *char_set = NULL; const char *editor; char *hostname = NULL; char *sqlch; char *interfaces_filename = NULL; char *input_filename = NULL; char *output_filename = NULL; int logintime = -1; char *language = NULL; int size = 0; char *sybenv; DBPROCESS *dbproc; LOGINREC *login; char **ibuf = NULL; int ibuflines = 0; int printedlines; int i; char *line; int dbrc; char foobuf[512]; char *firstword; char *cp; int c; int errflg = 0; char *prbuf; int prbuflen; FILE *fp; FILE *tmpfp; FILE *tmpfp2; char *tfn; char tmpfn[256]; int num_cols; int selcol; int col; int collen; DBINT colid; const char *opname; char adbuf[512]; DBINT convlen; int printedcompute = 0; char adash; const char *database_name = NULL; int default_exit = EXIT_SUCCESS; setlocale(LC_ALL, ""); #ifdef __VMS /* Convert VMS-style arguments to Unix-style */ parse_vms_args(&argc, &argv); #endif editor = getenv("EDITOR"); if (!editor) { editor = getenv("VISUAL"); } if (!editor) { editor = "vi"; } opterr = 0; optarg = NULL; while (!errflg && (c = getopt(argc, argv, "eFgpnvXYa:c:D:E:h:H:i:I:J:l:m:o:P:s:S:t:U:w:y:z:A:")) != -1) { switch (c) { case 'e': echo = 1; break; case 'F': fipsflagger = 1; break; case 'g': errflg++; break; case 'p': errflg++; perfstats = 1; break; case 'n': no_prompt = 1; break; case 'v': puts("fisql, a free isql replacement by Nicholas S. Castellano"); exit(EXIT_SUCCESS); break; case 'X': /* XXX: We get a different error message than isql gives; neither seems * to work */ use_encryption = 1; break; case 'Y': chained_transactions = 1; break; case 'c': cmdend = optarg; break; case 'E': editor = optarg; break; case 'h': headers = atoi(optarg); break; case 'H': hostname = optarg; break; case 'i': input_filename = optarg; break; case 'I': interfaces_filename = optarg; break; case 'J': errflg++; break; case 'l': logintime = atoi(optarg); break; case 'm': global_errorlevel = atoi(optarg); break; case 'o': output_filename = optarg; break; case 'P': password = optarg; break; case 's': colseparator = optarg; break; case 'S': server = optarg; break; case 't': timeout = atoi(optarg); break; case 'U': username = optarg; break; case 'w': columnwidth = optarg; break; case 'y': /* XXX: this doesn't seem to be what isql does with -y...it doesn't * seem to do anything actually */ sybenv = (char *) xmalloc((strlen(optarg) + 8) * sizeof(char)); strcpy(sybenv, "SYBASE="); strcat(sybenv, optarg); putenv(sybenv); break; case 'z': language = optarg; break; case 'A': size = atoi(optarg); break; case 'D': database_name = optarg; break; default: errflg++; break; } } if (errflg) { fprintf(stderr, "usage: fisql [-e] [-F] [-g] [-p] [-n] [-v] [-X] [-Y]\n"); fprintf(stderr, "\t[-c cmdend] [-D database_name] [-E editor]\n"); fprintf(stderr, "\t[-h headers] [-H hostname] [-i inputfile]\n"); fprintf(stderr, "\t[-I interfaces_file] [-J client character set]\n"); fprintf(stderr, "\t[-l login_timeout] [-m errorlevel]\n"); fprintf(stderr, "\t[-o outputfile]\n"); fprintf(stderr, "\t[-P password] [-s colseparator] [-S server]\n"); fprintf(stderr, "\t[-t timeout] [-U username] [-w columnwidth]\n"); fprintf(stderr, "\t[-y sybase_dir] [-z language]\n"); exit(EXIT_FAILURE); } if (!(isatty(fileno(stdin)))) { no_prompt = 1; rl_outstream = fopen("/dev/null", "rw"); } rl_readline_name = "fisql"; rl_bind_key('\t', rl_insert); if (password == NULL) { password = (char *) xmalloc(READPASSPHRASE_MAXLEN); readpassphrase("Password: "******"r", stdin) == NULL) { /* XXX: sybase isql generates this error while parsing the options, * but doesn't redirect the input until after the Password: prompt */ /* lack of newline for bug-compatibility with isql */ fprintf(stderr, "Unable to open input file '%s'.", optarg); exit(EXIT_FAILURE); } } if (output_filename) { if (freopen(output_filename, "w", stdout) == NULL) { /* XXX: sybase isql generates this error while parsing the options, * but doesn't redirect the output until after the Password: prompt */ /* lack of newline for bug-compatibility with isql */ fprintf(stderr, "Unable to open output file '%s'.", output_filename); exit(EXIT_FAILURE); } } if (isatty(fileno(stdin))) { rl_outstream = stdout; } dbinit(); #if 0 #ifdef DBVERSION_100 dbsetversion(DBVERSION_100); #endif #endif if ((login = dblogin()) == NULL) { reset_term(); exit(EXIT_FAILURE); } dbmsghandle(msg_handler); dberrhandle(err_handler); DBSETLAPP(login, "fisql"); if (username) { DBSETLUSER(login, username); } DBSETLPWD(login, password); memset(password, 0, strlen(password)); if (char_set) { DBSETLCHARSET(login, char_set); } if (use_encryption) { DBSETLENCRYPT(login, TRUE); } if (hostname) { DBSETLHOST(login, hostname); } if (language) { DBSETLNATLANG(login, language); } if (size) { DBSETLPACKET(login, (short) size); } if (interfaces_filename) { dbsetifile(interfaces_filename); } dbsettime(timeout); if (logintime >= 0) { dbsetlogintime(logintime); } if ((dbproc = dbopen(login, server)) == NULL) { fprintf(stderr, "fisql: dbopen() failed.\n"); reset_term(); exit(EXIT_FAILURE); } dbsetopt(dbproc, DBPRLINESEP, lineseparator, strlen(lineseparator)); if (colseparator) { dbsetopt(dbproc, DBPRCOLSEP, colseparator, strlen(colseparator)); } if (columnwidth) { dbsetopt(dbproc, DBPRLINELEN, columnwidth, 0); } if (chained_transactions) { dbsetopt(dbproc, DBCHAINXACTS, NULL, 0); } if (fipsflagger) { dbsetopt(dbproc, DBFIPSFLAG, NULL, 0); } if (perfstats) { dbsetopt(dbproc, DBSTAT, "time", 0); } if (database_name) { dbuse(dbproc, database_name); } while (1) { if (sigsetjmp(restart, 1)) { if (ibuf) { for (i = 0; i < ibuflines; i++) { free(ibuf[i]); } ibuflines = 0; free(ibuf); ibuf = NULL; } fputc('\n', stdout); rl_on_new_line(); rl_reset_line_state(); } dbcancel(dbproc); signal(SIGINT, inactive_interrupt_handler); ibuf = (char **) xmalloc(sizeof(char *)); ibuflines = 0; while (1) { if (no_prompt) { foobuf[0] = '\0'; } else { sprintf(foobuf, "%d>> ", ibuflines + 1); } line = readline(foobuf); if (line == NULL) { line = "exit"; } for (cp = line; *cp && isspace((unsigned char) *cp); cp++) continue; if (*cp) { add_history(line); } if (!(strncasecmp(line, "!!", 2))) { int rv; cp = line + 2; switch (rv = system(cp)) { case 0: continue; case -1: fprintf(stderr, "Failed to execute `%s'\n", cp); continue; default: fprintf(stderr, "Command `%s' exited " "with code %d\n", cp, rv); continue; } } /* XXX: isql off-by-one line count error for :r not duplicated */ if (!(strncasecmp(line, ":r", 2))) { for (cp = line + 2; *cp && (isspace((unsigned char) *cp)); cp++) continue; tfn = cp; for (; *cp && !(isspace((unsigned char) *cp)); cp++) continue; *cp = '\0'; if ((fp = fopen(tfn, "r")) == NULL) { fprintf(stderr, "Operating system error: Failed to open %s.\n", tfn); continue; } tmpfp = rl_instream; tmpfp2 = rl_outstream; rl_instream = fp; rl_outstream = fopen("/dev/null", "w"); while ((line = readline("")) != NULL) { ibuf[ibuflines++] = line; ibuf = (char **) xrealloc(ibuf, (ibuflines + 1) * sizeof(char *)); } rl_instream = tmpfp; fclose(rl_outstream); rl_outstream = tmpfp2; fclose(fp); fputc('\r', stdout); fflush(stdout); continue; } firstword = (char *) xmalloc((strlen(line) + 1) * sizeof(char)); strcpy(firstword, line); for (cp = firstword; *cp; cp++) { if (isspace((unsigned char) *cp)) { *cp = '\0'; break; } } if ((!(strcasecmp(firstword, "exit"))) || (!(strcasecmp(firstword, "quit")))) { reset_term(); dbexit(); exit(default_exit); } if (!(strcasecmp(firstword, "reset"))) { for (i = 0; i < ibuflines; i++) { free(ibuf[i]); } ibuflines = 0; continue; } if (!(strcasecmp(firstword, cmdend))) { if (ibuflines == 0) { continue; } free(firstword); break; } if ((!(strcasecmp(firstword, "vi"))) || (!(strcasecmp(firstword, editor)))) { int tmpfd; strcpy(tmpfn, "/tmp/fisqlXXXXXX"); tmpfd = mkstemp(tmpfn); if ((fp = fdopen(tmpfd, "w")) == NULL) { perror("fisql"); reset_term(); dbexit(); exit(2); } if (ibuflines) { for (i = 0; i < ibuflines; i++) { fputs(ibuf[i], fp); fputc('\n', fp); free(ibuf[i]); } } else { for (i = 0; ((sqlch = dbgetchar(dbproc, i)) != NULL); i++) { fputc(*sqlch, fp); } } fclose(fp); if (!(strcmp(firstword, "vi"))) { edit("vi", tmpfn); } else { edit(editor, tmpfn); } ibuflines = 0; fp = fopen(tmpfn, "r"); tmpfp = rl_instream; rl_instream = fp; strcpy(foobuf, "1>> "); while ((line = readline(foobuf)) != NULL) { ibuf[ibuflines++] = line; sprintf(foobuf, "%d>> ", ibuflines + 1); ibuf = (char **) xrealloc(ibuf, (ibuflines + 1) * sizeof(char *)); } rl_instream = tmpfp; fclose(fp); fputc('\r', stdout); fflush(stdout); unlink(tmpfn); continue; } free(firstword); ibuf[ibuflines++] = line; ibuf = (char **) xrealloc(ibuf, (ibuflines + 1) * sizeof(char *)); } dbfreebuf(dbproc); for (i = 0; i < ibuflines; i++) { if (echo) { puts(ibuf[i]); } dbcmd(dbproc, ibuf[i]); dbcmd(dbproc, "\n"); free(ibuf[i]); } free(ibuf); ibuf = NULL; signal(SIGINT, active_interrupt_handler); dbsetinterrupt(dbproc, (void *) active_interrupt_pending, (void *) active_interrupt_servhandler); if (dbsqlexec(dbproc) == SUCCEED) { maybe_handle_active_interrupt(); while ((dbrc = dbresults(dbproc)) != NO_MORE_RESULTS) { printedlines = 0; #define USE_DBPRROW 0 #if USE_DBPRROW dbprhead(dbproc); dbprrow(dbproc); #else if ((dbrc == SUCCEED) && (DBROWS(dbproc) == SUCCEED)) { prbuflen = dbspr1rowlen(dbproc); prbuf = (char *) xmalloc(prbuflen * sizeof(char)); dbsprhead(dbproc, prbuf, prbuflen); fputs(prbuf, stdout); fputc('\n', stdout); dbsprline(dbproc, prbuf, prbuflen, '-'); fputs(prbuf, stdout); fputc('\n', stdout); maybe_handle_active_interrupt(); while ((dbrc = dbnextrow(dbproc)) != NO_MORE_ROWS) { if (dbrc == FAIL) { break; } if (dbrc != REG_ROW) { num_cols = dbnumalts(dbproc, dbrc); for (selcol = col = 1; col <= num_cols; col++) { colid = dbaltcolid(dbproc, dbrc, col); while (selcol < colid) { collen = get_printable_column_size(dbproc, selcol); for (i = 0; i < collen; i++) { putchar(' '); } selcol++; printf("%s", colseparator); } opname = dbprtype(dbaltop(dbproc, dbrc, col)); printf("%s", opname); collen = get_printable_column_size(dbproc, colid); collen -= strlen(opname); while (collen-- > 0) { putchar(' '); } selcol++; printf("%s", colseparator); } printf("%s", lineseparator); for (selcol = col = 1; col <= num_cols; col++) { colid = dbaltcolid(dbproc, dbrc, col); while (selcol < colid) { collen = get_printable_column_size(dbproc, selcol); for (i = 0; i < collen; i++) { putchar(' '); } selcol++; printf("%s", colseparator); } collen = get_printable_column_size(dbproc, colid); adash = '-'; for (i = 0; i < collen; i++) { putchar(adash); } selcol++; printf("%s", colseparator); } printf("%s", lineseparator); for (selcol = col = 1; col <= num_cols; col++) { colid = dbaltcolid(dbproc, dbrc, col); while (selcol < colid) { collen = get_printable_column_size(dbproc, selcol); for (i = 0; i < collen; i++) { putchar(' '); } selcol++; printf("%s", colseparator); } convlen = dbconvert(dbproc, dbalttype(dbproc, dbrc, col), dbadata(dbproc, dbrc, col), dbadlen(dbproc, dbrc, col), SYBCHAR, (BYTE *) adbuf, sizeof(adbuf)); printf("%.*s", (int) convlen, adbuf); collen = get_printable_column_size(dbproc, colid); collen -= convlen; while (collen-- > 0) { putchar(' '); } selcol++; printf("%s", colseparator); } printf("%s", lineseparator); printedcompute = 1; continue; } if (printedcompute || (headers && (printedlines >= headers) && ((printedlines % headers) == 0))) { fputc('\n', stdout); dbsprhead(dbproc, prbuf, prbuflen); fputs(prbuf, stdout); fputc('\n', stdout); dbsprline(dbproc, prbuf, prbuflen, '-'); fputs(prbuf, stdout); fputc('\n', stdout); printedcompute = 0; } printedlines++; dbspr1row(dbproc, prbuf, prbuflen); fputs(prbuf, stdout); fputc('\n', stdout); maybe_handle_active_interrupt(); } fputc('\n', stdout); free(prbuf); maybe_handle_active_interrupt(); } #endif if (dbrc != FAIL) { if ((DBCOUNT(dbproc) >= 0) || dbhasretstat(dbproc)) { if (DBCOUNT(dbproc) >= 0) { fprintf(stdout, "(%d rows affected", (int) DBCOUNT(dbproc)); if (dbhasretstat(dbproc)) { dbrc = dbretstatus(dbproc); fprintf(stdout, ", return status = %d", dbrc); } fprintf(stdout, ")\n"); } else { if (dbhasretstat(dbproc)) { dbrc = dbretstatus(dbproc); fprintf(stdout, "(return status = %d)\n", dbrc); } } } } } } else { /* Something failed, so change the default * exit status to reflect that. */ default_exit = EXIT_FAILURE; } } reset_term(); dbexit(); exit(EXIT_FAILURE); return (0); }
void shadowauth(const char *myname, int persist) { const char *hash; char *encrypted; struct passwd *pw; char *challenge, *response, rbuf[1024], cbuf[128]; #ifdef USE_TIMESTAMP int fd = -1; int valid = 0; if (persist) fd = timestamp_open(&valid, 5 * 60); if (fd != -1 && valid == 1) goto good; #else (void) persist; #endif if ((pw = getpwnam(myname)) == NULL) err(1, "getpwnam"); hash = pw->pw_passwd; if (hash[0] == 'x' && hash[1] == '\0') { struct spwd *sp; if ((sp = getspnam(myname)) == NULL) errx(1, "Authorization failed"); hash = sp->sp_pwdp; } else if (hash[0] != '*') { errx(1, "Authorization failed"); } char host[HOST_NAME_MAX + 1]; if (gethostname(host, sizeof(host))) snprintf(host, sizeof(host), "?"); snprintf(cbuf, sizeof(cbuf), "\rdoas (%.32s@%.32s) password: "******"tty required for %s", myname); errx(1, "a tty is required"); } if (response == NULL) err(1, "readpassphrase"); if ((encrypted = crypt(response, hash)) == NULL) { explicit_bzero(rbuf, sizeof(rbuf)); errx(1, "Authorization failed"); } explicit_bzero(rbuf, sizeof(rbuf)); if (strcmp(encrypted, hash) != 0) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname); errx(1, "Authorization failed"); } #ifdef USE_TIMESTAMP good: if (fd != -1) { timestamp_set(fd, 5 * 60); close(fd); } #endif }
int main(int argc, char *argv[]) { FILE *back = NULL; char *username = 0; char *instance; char challenge[1024]; char response[1024]; char *pp = 0; int c; int mode = 0; struct rlimit cds; sigset_t blockset; (void)setpriority(PRIO_PROCESS, 0, 0); /* We block keyboard-generated signals during database accesses. */ sigemptyset(&blockset); sigaddset(&blockset, SIGINT); sigaddset(&blockset, SIGQUIT); sigaddset(&blockset, SIGTSTP); openlog(NULL, LOG_ODELAY, LOG_AUTH); cds.rlim_cur = 0; cds.rlim_max = 0; if (setrlimit(RLIMIT_CORE, &cds) < 0) syslog(LOG_ERR, "couldn't set core dump size to 0: %m"); (void)sigprocmask(SIG_BLOCK, &blockset, NULL); if (token_init(argv[0]) < 0) { syslog(LOG_ERR, "unknown token type"); errx(1, "unknown token type"); } (void)sigprocmask(SIG_UNBLOCK, &blockset, NULL); while ((c = getopt(argc, argv, "ds:v:")) != -1) switch (c) { case 'd': /* to remain undocumented */ back = stdout; break; case 'v': break; case 's': /* service */ if (strcmp(optarg, "login") == 0) mode = 0; else if (strcmp(optarg, "challenge") == 0) mode = 1; else if (strcmp(optarg, "response") == 0) mode = 2; else { syslog(LOG_ERR, "%s: invalid service", optarg); exit(1); } break; default: syslog(LOG_ERR, "usage error"); exit(1); } switch (argc - optind) { case 2: case 1: username = argv[optind]; break; default: syslog(LOG_ERR, "usage error"); exit(1); } if (back == NULL && (back = fdopen(3, "r+")) == NULL) { syslog(LOG_ERR, "reopening back channel"); exit(1); } if (mode == 2) { mode = 0; c = -1; while (++c < sizeof(challenge) && read(3, &challenge[c], 1) == 1) { if (challenge[c] == '\0' && ++mode == 2) break; if (challenge[c] == '\0' && mode == 1) pp = challenge + c + 1; } if (mode < 2) { syslog(LOG_ERR, "protocol error on back channel"); exit(1); } } else { (void)sigprocmask(SIG_BLOCK, &blockset, NULL); tokenchallenge(username, challenge, sizeof(challenge), tt->proper); (void)sigprocmask(SIG_UNBLOCK, &blockset, NULL); if (mode == 1) { fprintf(back, BI_VALUE " challenge %s\n", auth_mkvalue(challenge)); fprintf(back, BI_CHALLENGE "\n"); exit(0); } pp = readpassphrase(challenge, response, sizeof(response), 0); if (pp == NULL) exit(1); if (*pp == '\0') { char buf[64]; snprintf(buf, sizeof(buf), "%s Response [echo on]: ", tt->proper); pp = readpassphrase(buf, response, sizeof(response), RPP_ECHO_ON); if (pp == NULL) exit(1); } } (void)sigprocmask(SIG_BLOCK, &blockset, NULL); if (tokenverify(username, challenge, pp) == 0) { fprintf(back, BI_AUTH "\n"); if ((instance = strchr(username, '.'))) { *instance++ = 0; if (strcmp(instance, "root") == 0) fprintf(back, BI_ROOTOKAY "\n"); } fprintf(back, BI_SECURE "\n"); exit(0); } fprintf(back, BI_REJECT "\n"); exit(1); }
LOGINREC * get_login(int argc, char *argv[], OPTIONS *options) { LOGINREC *login; int ch; char *username = NULL, *password = NULL; extern char *optarg; assert(options && argv); options->appname = tds_basename(argv[0]); options->colsep = default_colsep; /* may be overridden by -t */ login = dblogin(); if (!login) { fprintf(stderr, "%s: unable to allocate login structure\n", options->appname); exit(1); } DBSETLAPP(login, options->appname); options->servername = getenv("DSQUERY"); while ((ch = getopt(argc, argv, "U:P:R:S:dD:i:o:e:t:H:hqv")) != -1) { switch (ch) { case 'U': username = strdup(optarg); break; case 'R': parse_pivot_description(options, optarg); break; case 'P': password = getpassarg(optarg); break; case 'S': options->servername = strdup(optarg); break; case 'd': case 'D': options->database = strdup(optarg); break; case 'i': options->input_filename = strdup(optarg); break; case 'o': options->output_filename = strdup(optarg); break; case 'e': options->error_filename = strdup(optarg); break; case 't': unescape(optarg); options->colsep = strdup(optarg); break; case 'h': options->headers = stdout; break; case 'H': strcpy(options->hostname, optarg); break; case 'q': options->fquiet = 1; break; case 'v': options->fverbose = 1; break; case '?': default: usage(options->appname); exit(1); } } if (username) DBSETLUSER(login, username); if( !options->hostname[0] ) { if (-1 == gethostname(options->hostname, sizeof(options->hostname))) { perror("unable to get hostname"); } } if( options->hostname[0] ) { DBSETLHOST(login, options->hostname); } /* Look for a password if a username was provided, else assume domain login */ if (password) { DBSETLPWD(login, password); memset(password, 0, strlen(password)); } else if (username) { char password[128]; readpassphrase("Password: ", password, sizeof(password), RPP_ECHO_OFF); DBSETLPWD(login, password); } if (!options->servername) { usage(options->appname); exit(1); } return login; }
char * getpass_x(const char *prompt) { static char buf[_PASSWORD_LEN + 1] = {0}; return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF)); }
/*ARGSUSED*/ int main(int argc, char *argv[]) { char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ], date[256]; char *p, *style, *nstyle, *ttynam; struct itimerval ntimer, otimer; int ch, sectimeout, usemine; const char *errstr; struct passwd *pw; struct tm *timp; time_t curtime; login_cap_t *lc; sectimeout = TIMEOUT; style = NULL; usemine = 0; no_timeout = 0; if (!(pw = getpwuid(getuid()))) errx(1, "unknown uid %u.", getuid()); lc = login_getclass(pw->pw_class); while ((ch = getopt(argc, argv, "a:npt:")) != -1) switch (ch) { case 'a': if (lc) { style = login_getstyle(lc, optarg, "auth-lock"); if (style == NULL) errx(1, "invalid authentication style: %s", optarg); } usemine = 1; break; case 't': sectimeout = (int)strtonum(optarg, 1, INT_MAX, &errstr); if (errstr) errx(1, "timeout %s: %s", errstr, optarg); break; case 'p': usemine = 1; break; case 'n': no_timeout = 1; break; default: (void)fprintf(stderr, "usage: %s [-np] [-a style] [-t timeout]\n", __progname); exit(1); } timeout.tv_sec = sectimeout * 60; gethostname(hostname, sizeof(hostname)); if (!(ttynam = ttyname(STDIN_FILENO))) errx(1, "not a terminal?"); curtime = time(NULL); nexttime = curtime + (sectimeout * 60); timp = localtime(&curtime); strftime(date, sizeof(date), "%c", timp); if (!usemine) { /* get key and check again */ if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) || *s == '\0') exit(0); /* * Don't need EOF test here, if we get EOF, then s1 != s * and the right things will happen. */ (void)readpassphrase("Again: ", s1, sizeof(s1), RPP_ECHO_OFF); if (strcmp(s1, s)) { warnx("\apasswords didn't match."); exit(1); } s[0] = '\0'; } /* set signal handlers */ (void)signal(SIGINT, hi); (void)signal(SIGQUIT, hi); (void)signal(SIGTSTP, hi); (void)signal(SIGALRM, bye); ntimer.it_interval = zerotime; ntimer.it_value = timeout; if (!no_timeout) setitimer(ITIMER_REAL, &ntimer, &otimer); /* header info */ if (no_timeout) { (void)fprintf(stderr, "%s: %s on %s. no timeout\ntime now is %s\n", __progname, ttynam, hostname, date); } else { (void)fprintf(stderr, "%s: %s on %s. timeout in %d minutes\ntime now is %s\n", __progname, ttynam, hostname, sectimeout, date); } for (;;) { if (!readpassphrase("Key: ", s, sizeof(s), RPP_ECHO_OFF) || *s == '\0') { hi(0); continue; } if (usemine) { /* * If user entered 's/key' or the style specified via * the '-a' argument, auth_userokay() will prompt * for a new password. Otherwise, use what we have. */ if ((strcmp(s, "s/key") == 0 && (nstyle = login_getstyle(lc, "skey", "auth-lock"))) || ((nstyle = style) && strcmp(s, nstyle) == 0)) p = NULL; else p = s; if (auth_userokay(pw->pw_name, nstyle, "auth-lock", p)) break; } else if (strcmp(s, s1) == 0) break; (void)putc('\a', stderr); } exit(0); }
void derive_key_pkcs(int rounds, u_int8_t *key, size_t keysz, u_int8_t *salt, size_t saltsz, char *prompt, int verify) { FILE *f; size_t pl; struct stat sb; char passphrase[1024], verifybuf[1024]; if (!key) errx(1, "Invalid key"); if (!salt) errx(1, "Invalid salt"); if (rounds < 1000) errx(1, "Too few rounds: %d", rounds); /* get passphrase */ if (password && verify) errx(1, "can't specify passphrase file during initial " "creation of crypto volume"); if (password) { if ((f = fopen(password, "r")) == NULL) err(1, "invalid passphrase file"); if (fstat(fileno(f), &sb) == -1) err(1, "can't stat passphrase file"); if (sb.st_uid != 0) errx(1, "passphrase file must be owned by root"); if ((sb.st_mode & ~S_IFMT) != (S_IRUSR | S_IWUSR)) errx(1, "passphrase file has the wrong permissions"); if (fgets(passphrase, sizeof(passphrase), f) == NULL) err(1, "can't read passphrase file"); pl = strlen(passphrase); if (pl > 0 && passphrase[pl - 1] == '\n') passphrase[pl - 1] = '\0'; else errx(1, "invalid passphrase length"); fclose(f); } else { if (readpassphrase(prompt, passphrase, sizeof(passphrase), rpp_flag) == NULL) errx(1, "unable to read passphrase"); } if (verify) { /* request user to re-type it */ if (readpassphrase("Re-type passphrase: ", verifybuf, sizeof(verifybuf), rpp_flag) == NULL) { memset(passphrase, 0, sizeof(passphrase)); errx(1, "unable to read passphrase"); } if ((strlen(passphrase) != strlen(verifybuf)) || (strcmp(passphrase, verifybuf) != 0)) { memset(passphrase, 0, sizeof(passphrase)); memset(verifybuf, 0, sizeof(verifybuf)); errx(1, "Passphrases did not match"); } /* forget the re-typed one */ memset(verifybuf, 0, strlen(verifybuf)); } /* derive key from passphrase */ if (pkcs5_pbkdf2(passphrase, strlen(passphrase), salt, saltsz, key, keysz, rounds) != 0) errx(1, "pbkdf2 failed"); /* forget passphrase */ memset(passphrase, 0, sizeof(passphrase)); return; }