From: Martin Willi Date: Mon, 19 Jul 2010 07:43:11 +0000 (+0200) Subject: Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials X-Git-Tag: 4.5.0~597 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=70789d28a13ac8f2448d97c23df2c7707b11937a;p=thirdparty%2Fstrongswan.git Handle PIN: as a magic keyword for prompt, use getpass() to silently read credentials --- diff --git a/src/libstrongswan/utils/leak_detective.c b/src/libstrongswan/utils/leak_detective.c index 680c3085b6..5673fc32de 100644 --- a/src/libstrongswan/utils/leak_detective.c +++ b/src/libstrongswan/utils/leak_detective.c @@ -185,6 +185,7 @@ char *whitelist[] = { "__vsyslog_chk", "getaddrinfo", "setlocale", + "getpass", /* ignore dlopen, as we do not dlclose to get proper leak reports */ "dlopen", "dlerror", diff --git a/src/stroke/stroke.c b/src/stroke/stroke.c index 4fa0f76a86..32e628df1c 100644 --- a/src/stroke/stroke.c +++ b/src/stroke/stroke.c @@ -56,9 +56,8 @@ static char* push_string(stroke_msg_t *msg, char *string) static int send_stroke_msg (stroke_msg_t *msg) { struct sockaddr_un ctl_addr; - int sock; - char buffer[512]; - int byte_count; + int sock, byte_count; + char buffer[512], *pass; ctl_addr.sun_family = AF_UNIX; strcpy(ctl_addr.sun_path, STROKE_SOCKET); @@ -90,16 +89,29 @@ static int send_stroke_msg (stroke_msg_t *msg) while ((byte_count = read(sock, buffer, sizeof(buffer)-1)) > 0) { buffer[byte_count] = '\0'; - printf("%s", buffer); - /* we prompt if we receive the "Passphrase:" magic keyword */ - if (byte_count >= 12 && - strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0) + /* we prompt if we receive the "Passphrase:"/"PIN:" magic keyword */ + if ((byte_count >= 12 && + strcmp(buffer + byte_count - 12, "Passphrase:\n") == 0) || + (byte_count >= 5 && + strcmp(buffer + byte_count - 5, "PIN:\n") == 0)) { - if (fgets(buffer, sizeof(buffer), stdin)) + /* remove trailing newline */ + pass = strrchr(buffer, '\n'); + if (pass) { - ignore_result(write(sock, buffer, strlen(buffer))); + *pass = ' '; } + pass = getpass(buffer); + if (pass) + { + ignore_result(write(sock, pass, strlen(pass))); + ignore_result(write(sock, "\n", 1)); + } + } + else + { + printf("%s", buffer); } } if (byte_count < 0)