Skip to content
Snippets Groups Projects
Unverified Commit 2bca8ab3 authored by Daniel's avatar Daniel
Browse files

ENH: Only unset password echoing if there's a TTY.

parent 285b94ed
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
misc/pam_authentication/pam_authentication.c
+ 34
15
View file @ 2bca8ab3
...@@ -25,6 +25,16 @@ ...@@ -25,6 +25,16 @@
// Pam Authentication // Pam Authentication
// A. Schlemmer, 07/2018 // A. Schlemmer, 07/2018
/*
Note: This program needs sufficient right to authenticate against anyone but
oneself. This can be done for example by changing the effective group id:
```
$ ls -l bin
-rwxrwsrwx 1 root shadow 16992 Apr 28 07:45 pam_authentication
```
*/
#include <stdbool.h> #include <stdbool.h>
#include <stdlib.h> #include <stdlib.h>
#include <stdio.h> #include <stdio.h>
...@@ -68,16 +78,18 @@ bool get_password(char *filename) { ...@@ -68,16 +78,18 @@ bool get_password(char *filename) {
// With code from https://stackoverflow.com/a/1196696/232888 // With code from https://stackoverflow.com/a/1196696/232888
// by user https://stackoverflow.com/users/89266/dfa // by user https://stackoverflow.com/users/89266/dfa
struct termios backup, secret_setting; struct termios backup, secret_setting;
bool is_tty = isatty(fileno(stdin));
/* disable echo */ /* disable echo */
tcgetattr(fileno(stdin), &backup); if (is_tty) {
secret_setting = backup; tcgetattr(fileno(stdin), &backup);
secret_setting.c_lflag &= ~ECHO; secret_setting = backup;
secret_setting.c_lflag |= ECHONL; secret_setting.c_lflag &= ~ECHO;
secret_setting.c_lflag |= ECHONL;
if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) {
perror("Setting echo-less output flags failed."); if (tcsetattr(fileno(stdin), TCSANOW, &secret_setting) != 0) {
return EXIT_FAILURE; perror("Setting echo-less output flags failed.");
return EXIT_FAILURE;
}
} }
FILE *pwfile; FILE *pwfile;
...@@ -85,7 +97,9 @@ bool get_password(char *filename) { ...@@ -85,7 +97,9 @@ bool get_password(char *filename) {
pwfile = fopen(filename, "r"); pwfile = fopen(filename, "r");
if (pwfile == NULL) { if (pwfile == NULL) {
perror(filename); perror(filename);
tcsetattr(fileno(stdin), TCSANOW, &backup); if (is_tty) {
tcsetattr(fileno(stdin), TCSANOW, &backup);
}
return false; return false;
} }
} else { } else {
...@@ -101,9 +115,10 @@ bool get_password(char *filename) { ...@@ -101,9 +115,10 @@ bool get_password(char *filename) {
password[pwlen - 1] = 0; password[pwlen - 1] = 0;
/* restore terminal settings */ /* restore terminal settings */
if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) { if (is_tty) {
perror("Resetting output flags failed."); if (tcsetattr(fileno(stdin), TCSANOW, &backup) != 0) {
return EXIT_FAILURE; perror("Resetting output flags failed.");
}
} }
return true; return true;
...@@ -133,9 +148,13 @@ int main(int argc, char **argv) { ...@@ -133,9 +148,13 @@ int main(int argc, char **argv) {
fprintf(stderr, "Error in starting pam authentication.\n"); fprintf(stderr, "Error in starting pam authentication.\n");
return 2; return 2;
} }
/* printf("\n>%s<\n", password); // Warning: this prints the password! */
res = pam_authenticate(pamh, 0); res = pam_authenticate(pamh, 0);
// printf("Return code %i: %s\n", res, pam_strerror(pamh, res));
/* printf("PAM_AUTH_ERR: %i\n\ */
/* PAM_CRED_INSUFFICIENT: %i\n\ */
/* PAM_AUTHINFO_UNAVAIL: %i\n", PAM_AUTH_ERR, PAM_CRED_INSUFFICIENT, PAM_AUTHINFO_UNAVAIL); */
/* printf("Return code (success=%i) %i: %s\n", PAM_SUCCESS, res, pam_strerror(pamh, res)); */
free(password); free(password);
return res; return res;
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment