Coverage Report

Created: 2024-06-18 06:24

/src/hpn-ssh/readpass.c
Line
Count
Source (jump to first uncovered line)
1
/* $OpenBSD: readpass.c,v 1.70 2022/05/27 04:27:49 dtucker Exp $ */
2
/*
3
 * Copyright (c) 2001 Markus Friedl.  All rights reserved.
4
 *
5
 * Redistribution and use in source and binary forms, with or without
6
 * modification, are permitted provided that the following conditions
7
 * are met:
8
 * 1. Redistributions of source code must retain the above copyright
9
 *    notice, this list of conditions and the following disclaimer.
10
 * 2. Redistributions in binary form must reproduce the above copyright
11
 *    notice, this list of conditions and the following disclaimer in the
12
 *    documentation and/or other materials provided with the distribution.
13
 *
14
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15
 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
16
 * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
17
 * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
18
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
19
 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
20
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
21
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
22
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
23
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24
 */
25
26
#include "includes.h"
27
28
#include <sys/types.h>
29
#include <sys/wait.h>
30
31
#include <errno.h>
32
#include <fcntl.h>
33
#ifdef HAVE_PATHS_H
34
# include <paths.h>
35
#endif
36
#include <signal.h>
37
#include <stdarg.h>
38
#include <stdio.h>
39
#include <stdlib.h>
40
#include <string.h>
41
#include <unistd.h>
42
43
#include "xmalloc.h"
44
#include "misc.h"
45
#include "pathnames.h"
46
#include "log.h"
47
#include "ssh.h"
48
#include "uidswap.h"
49
50
static char *
51
ssh_askpass(char *askpass, const char *msg, const char *env_hint)
52
0
{
53
0
  pid_t pid, ret;
54
0
  size_t len;
55
0
  char *pass;
56
0
  int p[2], status;
57
0
  char buf[1024];
58
0
  void (*osigchld)(int);
59
60
0
  if (fflush(stdout) != 0)
61
0
    error_f("fflush: %s", strerror(errno));
62
0
  if (askpass == NULL)
63
0
    fatal("internal error: askpass undefined");
64
0
  if (pipe(p) == -1) {
65
0
    error_f("pipe: %s", strerror(errno));
66
0
    return NULL;
67
0
  }
68
0
  osigchld = ssh_signal(SIGCHLD, SIG_DFL);
69
0
  if ((pid = fork()) == -1) {
70
0
    error_f("fork: %s", strerror(errno));
71
0
    ssh_signal(SIGCHLD, osigchld);
72
0
    return NULL;
73
0
  }
74
0
  if (pid == 0) {
75
0
    close(p[0]);
76
0
    if (dup2(p[1], STDOUT_FILENO) == -1)
77
0
      fatal_f("dup2: %s", strerror(errno));
78
0
    if (env_hint != NULL)
79
0
      setenv("SSH_ASKPASS_PROMPT", env_hint, 1);
80
0
    execlp(askpass, askpass, msg, (char *)NULL);
81
0
    fatal_f("exec(%s): %s", askpass, strerror(errno));
82
0
  }
83
0
  close(p[1]);
84
85
0
  len = 0;
86
0
  do {
87
0
    ssize_t r = read(p[0], buf + len, sizeof(buf) - 1 - len);
88
89
0
    if (r == -1 && errno == EINTR)
90
0
      continue;
91
0
    if (r <= 0)
92
0
      break;
93
0
    len += r;
94
0
  } while (sizeof(buf) - 1 - len > 0);
95
0
  buf[len] = '\0';
96
97
0
  close(p[0]);
98
0
  while ((ret = waitpid(pid, &status, 0)) == -1)
99
0
    if (errno != EINTR)
100
0
      break;
101
0
  ssh_signal(SIGCHLD, osigchld);
102
0
  if (ret == -1 || !WIFEXITED(status) || WEXITSTATUS(status) != 0) {
103
0
    explicit_bzero(buf, sizeof(buf));
104
0
    return NULL;
105
0
  }
106
107
0
  buf[strcspn(buf, "\r\n")] = '\0';
108
0
  pass = xstrdup(buf);
109
0
  explicit_bzero(buf, sizeof(buf));
110
0
  return pass;
111
0
}
112
113
/* private/internal read_passphrase flags */
114
0
#define RP_ASK_PERMISSION 0x8000 /* pass hint to askpass for confirm UI */
115
116
/*
117
 * Reads a passphrase from /dev/tty with echo turned off/on.  Returns the
118
 * passphrase (allocated with xmalloc).  Exits if EOF is encountered. If
119
 * RP_ALLOW_STDIN is set, the passphrase will be read from stdin if no
120
 * tty is or askpass program is available
121
 */
122
char *
123
read_passphrase(const char *prompt, int flags)
124
0
{
125
0
  char cr = '\r', *askpass = NULL, *ret, buf[1024];
126
0
  int rppflags, ttyfd, use_askpass = 0, allow_askpass = 0;
127
0
  const char *askpass_hint = NULL;
128
0
  const char *s;
129
130
0
  if ((s = getenv("DISPLAY")) != NULL)
131
0
    allow_askpass = *s != '\0';
132
0
  if ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) != NULL) {
133
0
    if (strcasecmp(s, "force") == 0) {
134
0
      use_askpass = 1;
135
0
      allow_askpass = 1;
136
0
    } else if (strcasecmp(s, "prefer") == 0)
137
0
      use_askpass = allow_askpass;
138
0
    else if (strcasecmp(s, "never") == 0)
139
0
      allow_askpass = 0;
140
0
  }
141
142
0
  rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF;
143
0
  if (use_askpass)
144
0
    debug_f("requested to askpass");
145
0
  else if (flags & RP_USE_ASKPASS)
146
0
    use_askpass = 1;
147
0
  else if (flags & RP_ALLOW_STDIN) {
148
0
    if (!isatty(STDIN_FILENO)) {
149
0
      debug_f("stdin is not a tty");
150
0
      use_askpass = 1;
151
0
    }
152
0
  } else {
153
0
    rppflags |= RPP_REQUIRE_TTY;
154
0
    ttyfd = open(_PATH_TTY, O_RDWR);
155
0
    if (ttyfd >= 0) {
156
      /*
157
       * If we're on a tty, ensure that show the prompt at
158
       * the beginning of the line. This will hopefully
159
       * clobber any password characters the user has
160
       * optimistically typed before echo is disabled.
161
       */
162
0
      (void)write(ttyfd, &cr, 1);
163
0
      close(ttyfd);
164
0
    } else {
165
0
      debug_f("can't open %s: %s", _PATH_TTY,
166
0
          strerror(errno));
167
0
      use_askpass = 1;
168
0
    }
169
0
  }
170
171
0
  if ((flags & RP_USE_ASKPASS) && !allow_askpass)
172
0
    return (flags & RP_ALLOW_EOF) ? NULL : xstrdup("");
173
174
0
  if (use_askpass && allow_askpass) {
175
0
    if (getenv(SSH_ASKPASS_ENV))
176
0
      askpass = getenv(SSH_ASKPASS_ENV);
177
0
    else
178
0
      askpass = _PATH_SSH_ASKPASS_DEFAULT;
179
0
    if ((flags & RP_ASK_PERMISSION) != 0)
180
0
      askpass_hint = "confirm";
181
0
    if ((ret = ssh_askpass(askpass, prompt, askpass_hint)) == NULL)
182
0
      if (!(flags & RP_ALLOW_EOF))
183
0
        return xstrdup("");
184
0
    return ret;
185
0
  }
186
187
0
  if (readpassphrase(prompt, buf, sizeof buf, rppflags) == NULL) {
188
0
    if (flags & RP_ALLOW_EOF)
189
0
      return NULL;
190
0
    return xstrdup("");
191
0
  }
192
193
0
  ret = xstrdup(buf);
194
0
  explicit_bzero(buf, sizeof(buf));
195
0
  return ret;
196
0
}
197
198
int
199
ask_permission(const char *fmt, ...)
200
0
{
201
0
  va_list args;
202
0
  char *p, prompt[1024];
203
0
  int allowed = 0;
204
205
0
  va_start(args, fmt);
206
0
  vsnprintf(prompt, sizeof(prompt), fmt, args);
207
0
  va_end(args);
208
209
0
  p = read_passphrase(prompt,
210
0
      RP_USE_ASKPASS|RP_ALLOW_EOF|RP_ASK_PERMISSION);
211
0
  if (p != NULL) {
212
    /*
213
     * Accept empty responses and responses consisting
214
     * of the word "yes" as affirmative.
215
     */
216
0
    if (*p == '\0' || *p == '\n' ||
217
0
        strcasecmp(p, "yes") == 0)
218
0
      allowed = 1;
219
0
    free(p);
220
0
  }
221
222
0
  return (allowed);
223
0
}
224
225
static void
226
writemsg(const char *msg)
227
0
{
228
0
  (void)write(STDERR_FILENO, "\r", 1);
229
0
  (void)write(STDERR_FILENO, msg, strlen(msg));
230
0
  (void)write(STDERR_FILENO, "\r\n", 2);
231
0
}
232
233
struct notifier_ctx {
234
  pid_t pid;
235
  void (*osigchld)(int);
236
};
237
238
struct notifier_ctx *
239
notify_start(int force_askpass, const char *fmt, ...)
240
0
{
241
0
  va_list args;
242
0
  char *prompt = NULL;
243
0
  pid_t pid = -1;
244
0
  void (*osigchld)(int) = NULL;
245
0
  const char *askpass, *s;
246
0
  struct notifier_ctx *ret = NULL;
247
248
0
  va_start(args, fmt);
249
0
  xvasprintf(&prompt, fmt, args);
250
0
  va_end(args);
251
252
0
  if (fflush(NULL) != 0)
253
0
    error_f("fflush: %s", strerror(errno));
254
0
  if (!force_askpass && isatty(STDERR_FILENO)) {
255
0
    writemsg(prompt);
256
0
    goto out_ctx;
257
0
  }
258
0
  if ((askpass = getenv("SSH_ASKPASS")) == NULL)
259
0
    askpass = _PATH_SSH_ASKPASS_DEFAULT;
260
0
  if (*askpass == '\0') {
261
0
    debug3_f("cannot notify: no askpass");
262
0
    goto out;
263
0
  }
264
0
  if (getenv("DISPLAY") == NULL &&
265
0
      ((s = getenv(SSH_ASKPASS_REQUIRE_ENV)) == NULL ||
266
0
      strcmp(s, "force") != 0)) {
267
0
    debug3_f("cannot notify: no display");
268
0
    goto out;
269
0
  }
270
0
  osigchld = ssh_signal(SIGCHLD, SIG_DFL);
271
0
  if ((pid = fork()) == -1) {
272
0
    error_f("fork: %s", strerror(errno));
273
0
    ssh_signal(SIGCHLD, osigchld);
274
0
    free(prompt);
275
0
    return NULL;
276
0
  }
277
0
  if (pid == 0) {
278
0
    if (stdfd_devnull(1, 1, 0) == -1)
279
0
      fatal_f("stdfd_devnull failed");
280
0
    closefrom(STDERR_FILENO + 1);
281
0
    setenv("SSH_ASKPASS_PROMPT", "none", 1); /* hint to UI */
282
0
    execlp(askpass, askpass, prompt, (char *)NULL);
283
0
    error_f("exec(%s): %s", askpass, strerror(errno));
284
0
    _exit(1);
285
    /* NOTREACHED */
286
0
  }
287
0
 out_ctx:
288
0
  if ((ret = calloc(1, sizeof(*ret))) == NULL) {
289
0
    if (pid != -1)
290
0
      kill(pid, SIGTERM);
291
0
    fatal_f("calloc failed");
292
0
  }
293
0
  ret->pid = pid;
294
0
  ret->osigchld = osigchld;
295
0
 out:
296
0
  free(prompt);
297
0
  return ret;
298
0
}
299
300
void
301
notify_complete(struct notifier_ctx *ctx, const char *fmt, ...)
302
6
{
303
6
  int ret;
304
6
  char *msg = NULL;
305
6
  va_list args;
306
307
6
  if (ctx != NULL && fmt != NULL && ctx->pid == -1) {
308
    /*
309
     * notify_start wrote to stderr, so send conclusion message
310
     * there too
311
    */
312
0
    va_start(args, fmt);
313
0
    xvasprintf(&msg, fmt, args);
314
0
    va_end(args);
315
0
    writemsg(msg);
316
0
    free(msg);
317
0
  }
318
319
6
  if (ctx == NULL || ctx->pid <= 0) {
320
6
    free(ctx);
321
6
    return;
322
6
  }
323
0
  kill(ctx->pid, SIGTERM);
324
0
  while ((ret = waitpid(ctx->pid, NULL, 0)) == -1) {
325
0
    if (errno != EINTR)
326
0
      break;
327
0
  }
328
0
  if (ret == -1)
329
0
    fatal_f("waitpid: %s", strerror(errno));
330
0
  ssh_signal(SIGCHLD, ctx->osigchld);
331
0
  free(ctx);
332
0
}