2 * Copyright (c) 1996, 1998-2005, 2007-2013
3 * Todd C. Miller <Todd.Miller@courtesan.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 * Sponsored in part by the Defense Advanced Research Projects
18 * Agency (DARPA) and Air Force Research Laboratory, Air Force
19 * Materiel Command, USAF, under agreement number F39502-99-1-0512.
28 #include <sys/types.h>
37 #endif /* STDC_HEADERS */
39 # if defined(HAVE_MEMORY_H) && !defined(STDC_HEADERS)
43 #endif /* HAVE_STRING_H */
46 #endif /* HAVE_STRINGS_H */
49 #endif /* HAVE_UNISTD_H */
57 static volatile sig_atomic_t signo[NSIG];
59 static void tgetpass_handler(int);
60 static char *getln(int, char *, size_t, int);
61 static char *sudo_askpass(const char *, const char *);
64 * Like getpass(3) but with timeout and echo flags.
67 tgetpass(const char *prompt, int timeout, int flags)
69 sigaction_t sa, savealrm, saveint, savehup, savequit, saveterm;
70 sigaction_t savetstp, savettin, savettou, savepipe;
72 static const char *askpass;
73 static char buf[SUDO_PASS_MAX + 1];
74 int i, input, output, save_errno, neednl = 0, need_restart;
75 debug_decl(tgetpass, SUDO_DEBUG_CONV)
77 (void) fflush(stdout);
79 if (askpass == NULL) {
80 askpass = getenv_unhooked("SUDO_ASKPASS");
81 if (askpass == NULL || *askpass == '\0')
82 askpass = sudo_conf_askpass_path();
85 /* If no tty present and we need to disable echo, try askpass. */
86 if (!ISSET(flags, TGP_STDIN|TGP_ECHO|TGP_ASKPASS|TGP_NOECHO_TRY) &&
88 if (askpass == NULL || getenv_unhooked("DISPLAY") == NULL) {
89 warningx(_("no tty present and no askpass program specified"));
90 debug_return_str(NULL);
92 SET(flags, TGP_ASKPASS);
95 /* If using a helper program to get the password, run it instead. */
96 if (ISSET(flags, TGP_ASKPASS)) {
97 if (askpass == NULL || *askpass == '\0')
98 fatalx(_("no askpass program specified, try setting SUDO_ASKPASS"));
99 debug_return_str_masked(sudo_askpass(askpass, prompt));
103 for (i = 0; i < NSIG; i++)
108 /* Open /dev/tty for reading/writing if possible else use stdin/stderr. */
109 if (ISSET(flags, TGP_STDIN) ||
110 (input = output = open(_PATH_TTY, O_RDWR|O_NOCTTY)) == -1) {
111 input = STDIN_FILENO;
112 output = STDERR_FILENO;
116 * If we are using a tty but are not the foreground pgrp this will
117 * generate SIGTTOU, so do it *before* installing the signal handlers.
119 if (!ISSET(flags, TGP_ECHO)) {
120 if (ISSET(flags, TGP_MASK))
121 neednl = term_cbreak(input);
123 neednl = term_noecho(input);
127 * Catch signals that would otherwise cause the user to end
128 * up with echo turned off in the shell.
130 zero_bytes(&sa, sizeof(sa));
131 sigemptyset(&sa.sa_mask);
132 sa.sa_flags = SA_INTERRUPT; /* don't restart system calls */
133 sa.sa_handler = tgetpass_handler;
134 (void) sigaction(SIGALRM, &sa, &savealrm);
135 (void) sigaction(SIGINT, &sa, &saveint);
136 (void) sigaction(SIGHUP, &sa, &savehup);
137 (void) sigaction(SIGQUIT, &sa, &savequit);
138 (void) sigaction(SIGTERM, &sa, &saveterm);
139 (void) sigaction(SIGTSTP, &sa, &savetstp);
140 (void) sigaction(SIGTTIN, &sa, &savettin);
141 (void) sigaction(SIGTTOU, &sa, &savettou);
143 /* Ignore SIGPIPE in case stdin is a pipe and TGP_STDIN is set */
144 sa.sa_handler = SIG_IGN;
145 (void) sigaction(SIGPIPE, &sa, &savepipe);
148 if (write(output, prompt, strlen(prompt)) == -1)
154 pass = getln(input, buf, sizeof(buf), ISSET(flags, TGP_MASK));
158 if (neednl || pass == NULL) {
159 if (write(output, "\n", 1) == -1)
164 /* Restore old tty settings and signals. */
165 if (!ISSET(flags, TGP_ECHO))
166 term_restore(input, 1);
167 (void) sigaction(SIGALRM, &savealrm, NULL);
168 (void) sigaction(SIGINT, &saveint, NULL);
169 (void) sigaction(SIGHUP, &savehup, NULL);
170 (void) sigaction(SIGQUIT, &savequit, NULL);
171 (void) sigaction(SIGTERM, &saveterm, NULL);
172 (void) sigaction(SIGTSTP, &savetstp, NULL);
173 (void) sigaction(SIGTTIN, &savettin, NULL);
174 (void) sigaction(SIGTTOU, &savettou, NULL);
175 (void) sigaction(SIGTTOU, &savepipe, NULL);
176 if (input != STDIN_FILENO)
180 * If we were interrupted by a signal, resend it to ourselves
181 * now that we have restored the signal handlers.
183 for (i = 0; i < NSIG; i++) {
201 debug_return_str_masked(pass);
205 * Fork a child and exec sudo-askpass to get the password from the user.
208 sudo_askpass(const char *askpass, const char *prompt)
210 static char buf[SUDO_PASS_MAX + 1], *pass;
211 sigaction_t sa, saved_sa_pipe;
214 debug_decl(sudo_askpass, SUDO_DEBUG_CONV)
217 fatal(_("unable to create pipe"));
219 if ((pid = fork()) == -1)
220 fatal(_("unable to fork"));
223 /* child, point stdout to output side of the pipe and exec askpass */
224 if (dup2(pfd[1], STDOUT_FILENO) == -1) {
228 if (setuid(ROOT_UID) == -1)
229 warning("setuid(%d)", ROOT_UID);
230 if (setgid(user_details.gid)) {
231 warning(_("unable to set gid to %u"), (unsigned int)user_details.gid);
234 if (setuid(user_details.uid)) {
235 warning(_("unable to set uid to %u"), (unsigned int)user_details.uid);
238 closefrom(STDERR_FILENO + 1);
239 execl(askpass, askpass, prompt, (char *)NULL);
240 warning(_("unable to run %s"), askpass);
244 /* Ignore SIGPIPE in case child exits prematurely */
245 zero_bytes(&sa, sizeof(sa));
246 sigemptyset(&sa.sa_mask);
247 sa.sa_flags = SA_INTERRUPT;
248 sa.sa_handler = SIG_IGN;
249 (void) sigaction(SIGPIPE, &sa, &saved_sa_pipe);
251 /* Get response from child (askpass) and restore SIGPIPE handler */
252 (void) close(pfd[1]);
253 pass = getln(pfd[0], buf, sizeof(buf), 0);
254 (void) close(pfd[0]);
255 (void) sigaction(SIGPIPE, &saved_sa_pipe, NULL);
258 errno = EINTR; /* make cancel button simulate ^C */
260 debug_return_str_masked(pass);
263 extern int term_erase, term_kill;
266 getln(int fd, char *buf, size_t bufsiz, int feedback)
268 size_t left = bufsiz;
272 debug_decl(getln, SUDO_DEBUG_CONV)
276 debug_return_str(NULL); /* sanity */
280 nr = read(fd, &c, 1);
281 if (nr != 1 || c == '\n' || c == '\r')
284 if (c == term_kill) {
286 if (write(fd, "\b \b", 3) == -1)
292 } else if (c == term_erase) {
294 if (write(fd, "\b \b", 3) == -1)
301 ignore_result(write(fd, "*", 1));
309 if (write(fd, "\b \b", 3) == -1)
315 debug_return_str_masked(nr == 1 ? buf : NULL);
319 tgetpass_handler(int s)
329 debug_decl(tty_present, SUDO_DEBUG_UTIL)
331 if ((fd = open(_PATH_TTY, O_RDWR|O_NOCTTY)) != -1)
333 debug_return_bool(fd != -1);