179 lines
4.4 KiB
Diff
179 lines
4.4 KiB
Diff
From 8067d9bace148a254528fdf752f083d2a0debada Mon Sep 17 00:00:00 2001
|
|
From: Peter Jones <pjones@redhat.com>
|
|
Date: Fri, 19 Oct 2012 10:08:26 -0400
|
|
Subject: [PATCH 38/41] Add support to read the pin from stdin in client.
|
|
|
|
Signed-off-by: Peter Jones <pjones@redhat.com>
|
|
---
|
|
src/client.c | 10 +++++++---
|
|
src/password.c | 41 +++++++++++++++++++++++++++++++++++++++++
|
|
src/password.h | 1 +
|
|
src/signer_info.c | 45 +--------------------------------------------
|
|
4 files changed, 50 insertions(+), 47 deletions(-)
|
|
|
|
diff --git a/src/client.c b/src/client.c
|
|
index 777197a..1ec582b 100644
|
|
--- a/src/client.c
|
|
+++ b/src/client.c
|
|
@@ -212,10 +212,14 @@ get_token_pin(int pinfd, char *pinfile, char *envname)
|
|
|
|
fclose(pinf);
|
|
return pin;
|
|
- } else
|
|
- return strdup(getenv(envname));
|
|
+ } else {
|
|
+ pin = getenv(envname);
|
|
+ if (pin)
|
|
+ return strdup(pin);
|
|
+ }
|
|
|
|
- return NULL;
|
|
+ pin = readpw(NULL, PR_FALSE, NULL);
|
|
+ return pin;
|
|
}
|
|
|
|
static void
|
|
diff --git a/src/password.c b/src/password.c
|
|
index 100c584..c663955 100644
|
|
--- a/src/password.c
|
|
+++ b/src/password.c
|
|
@@ -17,6 +17,7 @@
|
|
* Author(s): Peter Jones <pjones@redhat.com>
|
|
*/
|
|
|
|
+#include <limits.h>
|
|
#include <stdlib.h>
|
|
#include <termios.h>
|
|
#include <unistd.h>
|
|
@@ -289,4 +290,44 @@ SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg)
|
|
return NULL;
|
|
}
|
|
|
|
+#if 0
|
|
+#warning investigate killing readpw
|
|
+#endif
|
|
+char *
|
|
+readpw(PK11SlotInfo *slot, PRBool retry, void *arg)
|
|
+{
|
|
+ struct termios sio, tio;
|
|
+ char line[LINE_MAX], *p;
|
|
|
|
+ if (tcgetattr(fileno(stdin), &sio) < 0) {
|
|
+ fprintf(stderr, "Could not read password from standard input.\n");
|
|
+ return NULL;
|
|
+ }
|
|
+ tio = sio;
|
|
+ tio.c_lflag &= ~ECHO;
|
|
+ if (tcsetattr(fileno(stdin), 0, &tio) < 0) {
|
|
+ fprintf(stderr, "Could not read password from standard input.\n");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ fprintf(stdout, "Enter passphrase for private key: ");
|
|
+ if (fgets(line, sizeof(line), stdin) == NULL) {
|
|
+ fprintf(stdout, "\n");
|
|
+ tcsetattr(fileno(stdin), 0, &sio);
|
|
+ return NULL;
|
|
+ }
|
|
+ fprintf(stdout, "\n");
|
|
+ tcsetattr(fileno(stdin), 0, &sio);
|
|
+
|
|
+ p = line + strcspn(line, "\r\n");
|
|
+ if (p != NULL)
|
|
+ *p = '\0';
|
|
+
|
|
+ char *ret = strdup(line);
|
|
+ memset(line, '\0', sizeof (line));
|
|
+ if (!ret) {
|
|
+ fprintf(stderr, "Could not read passphrase.\n");
|
|
+ return NULL;
|
|
+ }
|
|
+ return ret;
|
|
+}
|
|
diff --git a/src/password.h b/src/password.h
|
|
index 853bd5a..bcbac44 100644
|
|
--- a/src/password.h
|
|
+++ b/src/password.h
|
|
@@ -22,5 +22,6 @@
|
|
extern char *SECU_GetModulePassword(PK11SlotInfo *slot, PRBool retry, void *arg);
|
|
extern char *get_password_passthrough(PK11SlotInfo *slot, PRBool retry, void *arg);
|
|
extern char *get_password_fail(PK11SlotInfo *slot, PRBool retry, void *arg);
|
|
+extern char *readpw(PK11SlotInfo *slot, PRBool retry, void *arg);
|
|
|
|
#endif /* PASSWORD_H */
|
|
diff --git a/src/signer_info.c b/src/signer_info.c
|
|
index 932b896..f755bf6 100644
|
|
--- a/src/signer_info.c
|
|
+++ b/src/signer_info.c
|
|
@@ -19,10 +19,8 @@
|
|
|
|
#include "pesign.h"
|
|
|
|
-#include <limits.h>
|
|
#include <string.h>
|
|
#include <syslog.h>
|
|
-#include <termios.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
@@ -159,47 +157,6 @@ err:
|
|
return -1;
|
|
}
|
|
|
|
-#if 0
|
|
-#warning investigate killing getpw
|
|
-#endif
|
|
-static char *getpw(PK11SlotInfo *slot, PRBool retry, void *arg)
|
|
-{
|
|
- struct termios sio, tio;
|
|
- char line[LINE_MAX], *p;
|
|
-
|
|
- if (tcgetattr(fileno(stdin), &sio) < 0) {
|
|
- fprintf(stderr, "Could not read password from standard input.\n");
|
|
- return NULL;
|
|
- }
|
|
- tio = sio;
|
|
- tio.c_lflag &= ~ECHO;
|
|
- if (tcsetattr(fileno(stdin), 0, &tio) < 0) {
|
|
- fprintf(stderr, "Could not read password from standard input.\n");
|
|
- return NULL;
|
|
- }
|
|
-
|
|
- fprintf(stdout, "Enter passphrase for private key: ");
|
|
- if (fgets(line, sizeof(line), stdin) == NULL) {
|
|
- fprintf(stdout, "\n");
|
|
- tcsetattr(fileno(stdin), 0, &sio);
|
|
- return NULL;
|
|
- }
|
|
- fprintf(stdout, "\n");
|
|
- tcsetattr(fileno(stdin), 0, &sio);
|
|
-
|
|
- p = line + strcspn(line, "\r\n");
|
|
- if (p != NULL)
|
|
- *p = '\0';
|
|
-
|
|
- char *ret = strdup(line);
|
|
- memset(line, '\0', sizeof (line));
|
|
- if (!ret) {
|
|
- fprintf(stderr, "Could not read passphrase.\n");
|
|
- return NULL;
|
|
- }
|
|
- return ret;
|
|
-}
|
|
-
|
|
static int
|
|
sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content)
|
|
{
|
|
@@ -216,7 +173,7 @@ sign_blob(cms_context *cms, SECItem *sigitem, SECItem *sign_content)
|
|
if (!oid)
|
|
goto err;
|
|
|
|
- PK11_SetPasswordFunc(cms->func ? cms->func : getpw);
|
|
+ PK11_SetPasswordFunc(cms->func ? cms->func : readpw);
|
|
SECKEYPrivateKey *privkey = PK11_FindKeyByAnyCert(cms->cert,
|
|
cms->pwdata ? cms->pwdata : NULL);
|
|
if (!privkey) {
|
|
--
|
|
1.7.12.1
|
|
|