ITS#4643 never use native getpass(), it's deprecated/unsafe

9463eb0e · Quanah Gibson-Mount · f71957c4 · 9463eb0e · 9463eb0e · 9463eb0e
Commit 9463eb0e authored Aug 13, 2009 by Quanah Gibson-Mount
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,7 @@ OpenLDAP 2.4 Change Log
 OpenLDAP 2.4.18 Engineering
 	Fixed liblber speed and other problems (ITS#6215)
 	Fixed libldap error parsing (ITS#6197)
+	Fixed libldap native getpass usage (ITS#4643)
 	Fixed libldap tls_check_hostname for OpenSSL and MozNSS (ITS#6239)
 	Fixed slapd allow mirrormode to be set to FALSE (ITS#5946)
 	Fixed slapd dncachesize behavior to unlimited by default (ITS#6222)

--- a/configure.in
+++ b/configure.in
@@ -2397,7 +2397,6 @@ AC_CHECK_FUNCS(			\
 	geteuid			\
 	getgrgid		\
 	gethostname		\
-	getpass			\
 	getpassphrase		\
 	getpwuid		\
 	getpwnam		\

--- a/include/ac/unistd.h
+++ b/include/ac/unistd.h
@@ -34,12 +34,7 @@
 #if defined(HAVE_GETPASSPHRASE)
 LDAP_LIBC_F(char*)(getpassphrase)();

-#elif defined(HAVE_GETPASS)
-#define getpassphrase(p) getpass(p)
-LDAP_LIBC_F(char*)(getpass)();
-
 #else
-#define NEED_GETPASSPHRASE 1
 #define getpassphrase(p) lutil_getpass(p)
 LDAP_LUTIL_F(char*)(lutil_getpass) LDAP_P((const char *getpass));
 #endif

--- a/include/portable.hin
+++ b/include/portable.hin
@@ -48,6 +48,9 @@
 /* end of portable.h.pre */


+/* Define if building universal (internal helper macro) */
+#undef AC_APPLE_UNIVERSAL_BUILD
+
 /* define to use both <string.h> and <strings.h> */
 #undef BOTH_STRINGS_H

@@ -214,9 +217,6 @@
 /* Define to 1 if you have the <getopt.h> header file. */
 #undef HAVE_GETOPT_H

-/* Define to 1 if you have the `getpass' function. */
-#undef HAVE_GETPASS
-
 /* Define to 1 if you have the `getpassphrase' function. */
 #undef HAVE_GETPASSPHRASE

@@ -253,18 +253,6 @@
 /* Define to 1 if you have the <grp.h> header file. */
 #undef HAVE_GRP_H

-/* define if you have GSSAPI */
-#undef HAVE_GSSAPI
-
-/* Define to 1 if you have the <gssapi/gssapi.h> header file. */
-#undef HAVE_GSSAPI_GSSAPI_H
-
-/* Define to 1 if you have the <gssapi.h> header file. */
-#undef HAVE_GSSAPI_H
-
-/* Define to 1 if you have the `gss_oid_to_str' function. */
-#undef HAVE_GSS_OID_TO_STR
-
 /* Define to 1 if you have the `hstrerror' function. */
 #undef HAVE_HSTRERROR

@@ -376,6 +364,9 @@
 /* define this if you have mkversion */
 #undef HAVE_MKVERSION

+/* define if you have MozNSS */
+#undef HAVE_MOZNSS
+
 /* Define to 1 if you have the <ndir.h> header file, and it defines `DIR'. */
 #undef HAVE_NDIR_H

@@ -385,6 +376,9 @@
 /* define if strerror_r returns char* instead of int */
 #undef HAVE_NONPOSIX_STRERROR_R

+/* Define to 1 if you have the <nssutil.h> header file. */
+#undef HAVE_NSSUTIL_H
+
 /* if you have NT Event Log */
 #undef HAVE_NT_EVENT_LOG

@@ -397,9 +391,6 @@
 /* define if you have OpenSSL */
 #undef HAVE_OPENSSL

-/* define if you have MozNSS */
-#undef HAVE_MOZNSS
-
 /* Define to 1 if you have the <openssl/bn.h> header file. */
 #undef HAVE_OPENSSL_BN_H

@@ -813,6 +804,9 @@
 /* define if select implicitly yields */
 #undef HAVE_YIELDING_SELECT

+/* Define to 1 if you have the `_vsnprintf' function. */
+#undef HAVE__VSNPRINTF
+
 /* define to 32-bit or greater integer type */
 #undef LBER_INT_T

@@ -909,19 +903,19 @@
 /* Define to the type of arg 5 for `select'. */
 #undef SELECT_TYPE_ARG5

-/* The size of a `int', as computed by sizeof. */
+/* The size of `int', as computed by sizeof. */
 #undef SIZEOF_INT

-/* The size of a `long', as computed by sizeof. */
+/* The size of `long', as computed by sizeof. */
 #undef SIZEOF_LONG

-/* The size of a `long long', as computed by sizeof. */
+/* The size of `long long', as computed by sizeof. */
 #undef SIZEOF_LONG_LONG

-/* The size of a `short', as computed by sizeof. */
+/* The size of `short', as computed by sizeof. */
 #undef SIZEOF_SHORT

-/* The size of a `wchar_t', as computed by sizeof. */
+/* The size of `wchar_t', as computed by sizeof. */
 #undef SIZEOF_WCHAR_T

 /* define to support per-object ACIs */
@@ -1080,9 +1074,17 @@
 /* define to use 'long long' for MP */
 #undef USE_MP_LONG_LONG

-/* Define to 1 if your processor stores words with the most significant byte
-   first (like Motorola and SPARC, unlike Intel and VAX). */
-#undef WORDS_BIGENDIAN
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
+   significant byte first (like Motorola and SPARC, unlike Intel). */
+#if defined AC_APPLE_UNIVERSAL_BUILD
+# if defined __BIG_ENDIAN__
+#  define WORDS_BIGENDIAN 1
+# endif
+#else
+# ifndef WORDS_BIGENDIAN
+#  undef WORDS_BIGENDIAN
+# endif
+#endif

 /* Define to the type of arg 3 for `accept'. */
 #undef ber_socklen_t

--- a/libraries/liblutil/getpass.c
+++ b/libraries/liblutil/getpass.c
@@ -26,7 +26,7 @@
 */
 /* This work was originally developed by the University of Michigan
 * and distributed as part of U-MICH LDAP.  It was adapted for use in
- * -llutil by Kurt D. Zeilenga.
+ * -llutil by Kurt D. Zeilenga and subsequently rewritten by Howard Chu.
 */

 #include "portable.h"
@@ -42,7 +42,7 @@
 #include <ac/time.h>
 #include <ac/unistd.h>

-#ifdef NEED_GETPASSPHRASE
+#ifndef HAVE_GETPASSPHRASE

 #ifdef HAVE_FCNTL_H
 #include <fcntl.h>
@@ -57,38 +57,25 @@

 #include "ldap_defaults.h"

+#define PBUF	512
+
+#ifdef HAVE_WINSOCK
+#define TTY "con:"
+#else
+#define TTY "/dev/tty"
+#endif
+
 char *
 lutil_getpass( const char *prompt )
 {
-#if !defined(HAVE_TERMIOS_H) && !defined(HAVE_SGTTY_H)
-	static char buf[256];
+	static char pbuf[PBUF];
+	FILE *fi;
 	int i, c;
-
-	if( prompt == NULL ) prompt = _("Password: ");
-
-#ifdef DEBUG
-	if (debug & D_TRACE)
-		printf("->getpass(%s)\n", prompt);
-#endif
-
-	printf("%s", prompt);
-	i = 0;
-	while ( (c = getch()) != EOF && c != '\n' && c != '\r' )
-		buf[i++] = c;
-	if ( c == EOF )
-		return( NULL );
-	buf[i] = '\0';
-	return (buf);
-#else
-	int no_pass = 0;
-	char i, j, k;
+#if defined(HAVE_TERMIOS_H) || defined(HAVE_SGTTY_H)
 	TERMIO_TYPE ttyb;
 	TERMFLAG_TYPE flags;
-	static char pbuf[513];
-	register char *p;
-	register int c;
-	FILE *fi;
 	RETSIGTYPE (*sig)( int sig );
+#endif

 	if( prompt == NULL ) prompt = _("Password: ");

@@ -96,82 +83,46 @@ lutil_getpass( const char *prompt )
 	if (debug & D_TRACE)
 		printf("->getpass(%s)\n", prompt);
 #endif
-	/*
-	 *  Stolen from the getpass() routine.  Can't use the plain
-	 *  getpass() for two reasons.  One is that LDAP passwords
-	 *  can be really, really long - much longer than 8 chars.
-	 *  The second is that we like to make this client available
-	 *  out of inetd via a Merit asynch port, and we need to be
-	 *  able to do telnet control codes to turn on and off line
-	 *  blanking.
-	 */
-	if ((fi = fdopen(open("/dev/tty", 2), "r")) == NULL)
+
+#if defined(HAVE_TERMIOS_H) || defined(HAVE_SGTTY_H)
+	if ((fi = fopen(TTY, "r")) == NULL)
 		fi = stdin;
 	else
 		setbuf(fi, (char *)NULL);
-	sig = SIGNAL (SIGINT, SIG_IGN);
 	if (fi != stdin) {
 		if (GETATTR(fileno(fi), &ttyb) < 0)
 			perror("GETATTR");
-	}
-	flags = GETFLAGS( ttyb );
-	SETFLAGS( ttyb, flags & ~ECHO );
-	if (fi != stdin) {
+		sig = SIGNAL (SIGINT, SIG_IGN);
+		flags = GETFLAGS( ttyb );
+		SETFLAGS( ttyb, flags & ~ECHO );
 		if (SETATTR(fileno(fi), &ttyb) < 0)
 			perror("SETATTR");
 	}
-
-	/*  blank the line if through Merit */
-	if (fi == stdin) {
-		printf("%c%c%c", 255, 251, 1);
-		fflush(stdout);
-		(void) scanf("%c%c%c", &i, &j, &k);
-		fflush(stdin);
-	}
-
-	/* fetch the password */
+#else
+	fi = stdin;
+#endif
 	fprintf(stdout, "%s", prompt); 
 	fflush(stdout);
-	for (p=pbuf; (c = getc(fi))!='\n' && c!=EOF;) {
-		if (c == '\r')
-			break;
-		if (p < &pbuf[512])
-			*p++ = c;
-	}
-	if (c == EOF)
-		no_pass = 1;
-	else {
-		*p = '\0';
-		if (*(p - 1) == '\r')
-			*(p - 1) = '\0';
-	}
-
-	/*  unblank the line if through Merit */
-	if (fi == stdin) {
-		printf("%c%c%c", 255, 252, 1);
-		fflush(stdout);
-		(void) scanf("%c%c%c", &i, &j, &k);
-		fflush(stdin);
-		printf("\n"); fflush(stdout);
-	}
-	fprintf(stdout, "\n"); 
-	fflush(stdout);
-
+	i = 0;
+	while ( (c = getc(fi)) != EOF && c != '\n' && c != '\r' )
+		if ( i < (sizeof(pbuf)-1) )
+			pbuf[i++] = c;
+#if defined(HAVE_TERMIOS_H) || defined(HAVE_SGTTY_H)
 	/* tidy up */
-	SETFLAGS( ttyb, flags );
 	if (fi != stdin) {
+		fprintf(stdout, "\n"); 
+		fflush(stdout);
+		SETFLAGS( ttyb, flags );
 		if (SETATTR(fileno(fi), &ttyb) < 0)
 			perror("SETATTR");
-	}
-	(void) SIGNAL (SIGINT, sig);
-	if (fi != stdin)
+		(void) SIGNAL (SIGINT, sig);
 		(void) fclose(fi);
-	else
-		i = getchar();
-	if (no_pass)
-		return(NULL);
-	return(pbuf);
+	}
 #endif
+	if ( c == EOF )
+		return( NULL );
+	pbuf[i] = '\0';
+	return (pbuf);
 }

 #endif /* !NEED_GETPASSPHRASE */