Sync with OpenBSD, primarily better signal and terminal handling.

Obtained from: OpenBSD MFC after: 2 weeks
2010-11-13 10:38:06 +00:00 · 2010-11-13 10:38:06 +00:00 · f29af3b2ac
commit f29af3b2ac
parent e04c378683
3 changed files with 148 additions and 148 deletions
--- a/include/readpassphrase.h
+++ b/include/readpassphrase.h
@ -1,31 +1,24 @@
-/*	$OpenBSD: /usr/local/www/cvsroot/OpenBSD/src/include/readpassphrase.h,v 1.2 2002/02/16 21:27:17 millert Exp $	*/
+/*	$OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $	*/
 /*	$FreeBSD$	*/

 /*
- * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
 *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
 *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
 */

 #ifndef _READPASSPHRASE_H_
@ -37,6 +30,7 @@
 #define RPP_FORCELOWER  0x04		/* Force input to lower case. */
 #define RPP_FORCEUPPER  0x08		/* Force input to upper case. */
 #define RPP_SEVENBIT    0x10		/* Strip the high bit from input. */
+#define RPP_STDIN       0x20		/* Read from stdin, not /dev/tty */

 #include <sys/cdefs.h>
 #include <sys/_types.h>
--- a/lib/libc/gen/readpassphrase.3
+++ b/lib/libc/gen/readpassphrase.3
@ -1,33 +1,26 @@
-.\"	$OpenBSD: readpassphrase.3,v 1.7 2001/12/15 15:37:51 millert Exp $
+.\"	$OpenBSD: readpassphrase.3,v 1.17 2007/05/31 19:19:28 jmc Exp $
 .\"
-.\" Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
-.\" All rights reserved.
+.\" Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
 .\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\" 3. The name of the author may not be used to endorse or promote products
-.\"    derived from this software without specific prior written permission.
+.\" Permission to use, copy, modify, and distribute this software for any
+.\" purpose with or without fee is hereby granted, provided that the above
+.\" copyright notice and this permission notice appear in all copies.
 .\"
-.\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
-.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
-.\" THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-.\" EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-.\" PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-.\" OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-.\" WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-.\" OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+.\"
+.\" Sponsored in part by the Defense Advanced Research Projects
+.\" Agency (DARPA) and Air Force Research Laboratory, Air Force
+.\" Materiel Command, USAF, under agreement number F39502-99-1-0512.
 .\"
 .\" $FreeBSD$
 .\"
-.Dd December 7, 2001
+.Dd May 31, 2007
 .Dt READPASSPHRASE 3
 .Os
 .Sh NAME
@ -79,6 +72,8 @@ force input to lower case
 force input to upper case
 .It Dv RPP_SEVENBIT
 strip the high bit from input
+.It Dv RPP_STDIN
+force read of passphrase from stdin
 .El
 .Pp
 The calling process should zero the passphrase as soon as possible to
@ -87,7 +82,7 @@ space.
 .Sh RETURN VALUES
 Upon successful completion,
 .Fn readpassphrase
-returns a pointer to the null-terminated passphrase.
+returns a pointer to the NUL-terminated passphrase.
 If an error is encountered, the terminal state is restored and
 a
 .Dv NULL
@ -117,40 +112,6 @@ if (compare(transform(passbuf), epass) != 0)

 memset(passbuf, 0, sizeof(passbuf));
 .Ed
-.Sh SIGNALS
-The
-.Fn readpassphrase
-function
-will catch the following signals:
-.Pp
-.Bl -tag -compact
-.It Dv SIGINT
-.It Dv SIGHUP
-.It Dv SIGQUIT
-.It Dv SIGTERM
-.It Dv SIGTSTP
-.It Dv SIGTTIN
-.It Dv SIGTTOU
-.El
-.Pp
-When one of the above signals is intercepted, terminal echo will
-be restored if it had previously been turned off.
-If a signal handler was installed for the signal when
-.Fn readpassphrase
-was called that handler is then executed.
-If no handler was previously installed for the signal then the
-default action is taken as per
-.Xr sigaction 2 .
-.Pp
-The
-.Dv SIGTSTP , SIGTTIN ,
-and
-.Dv SIGTTOU
-signals (stop signal generated from keyboard or due to terminal I/O
-from a background process) are treated specially.
-When the process is resumed after it has been stopped,
-.Fn readpassphrase
-will reprint the prompt and the user may then enter a passphrase.
 .Sh ERRORS
 .Bl -tag -width Er
 .It Bq Er EINTR
@ -159,14 +120,14 @@ The
 function was interrupted by a signal.
 .It Bq Er EINVAL
 The
-.Fa bufsiz
+.Ar bufsiz
 argument was zero.
 .It Bq Er EIO
 The process is a member of a background process attempting to read
 from its controlling terminal, the process is ignoring or blocking
 the
 .Dv SIGTTIN
-signal or the process group is orphaned.
+signal, or the process group is orphaned.
 .It Bq Er EMFILE
 The process has already reached its limit for open file descriptors.
 .It Bq Er ENFILE
@ -176,6 +137,35 @@ There is no controlling terminal and the
 .Dv RPP_REQUIRE_TTY
 flag was specified.
 .El
+.Sh SIGNALS
+The
+.Fn readpassphrase
+function
+will catch the following signals:
+.Bd -literal -offset indent
+SIGALRM		SIGHUP		SIGINT
+SIGPIPE		SIGQUIT		SIGTERM
+SIGTSTP		SIGTTIN		SIGTTOU
+.Ed
+.Pp
+When one of the above signals is intercepted, terminal echo will
+be restored if it had previously been turned off.
+If a signal handler was installed for the signal when
+.Fn readpassphrase
+was called, that handler is then executed.
+If no handler was previously installed for the signal then the
+default action is taken as per
+.Xr sigaction 2 .
+.Pp
+The
+.Dv SIGTSTP , SIGTTIN
+and
+.Dv SIGTTOU
+signals (stop signals generated from keyboard or due to terminal I/O
+from a background process) are treated specially.
+When the process is resumed after it has been stopped,
+.Fn readpassphrase
+will reprint the prompt and the user may then enter a passphrase.
 .Sh SEE ALSO
 .Xr sigaction 2 ,
 .Xr getpass 3
--- a/lib/libc/gen/readpassphrase.c
+++ b/lib/libc/gen/readpassphrase.c
@ -1,35 +1,26 @@
-/*	$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $	*/
+/*	$OpenBSD: readpassphrase.c,v 1.23 2010/05/14 13:30:34 millert Exp $	*/

 /*
- * Copyright (c) 2000 Todd C. Miller <Todd.Miller@courtesan.com>
- * All rights reserved.
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
 *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- *    derived from this software without specific prior written permission.
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
 *
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
- * THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
- * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
- * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
- * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
- * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
- * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
- * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
 */

-#if defined(LIBC_SCCS) && !defined(lint)
-static const char rcsid[] = "$OpenBSD: readpassphrase.c,v 1.12 2001/12/15 05:41:00 millert Exp $";
-#endif /* LIBC_SCCS and not lint */
 #include <sys/cdefs.h>
 __FBSDID("$FreeBSD$");

@ -46,7 +37,7 @@ __FBSDID("$FreeBSD$");
 #include <readpassphrase.h>
 #include "un-namespace.h"

-static volatile sig_atomic_t signo;
+static volatile sig_atomic_t signo[NSIG];

 static void handler(int);

@ -54,11 +45,11 @@ char *
 readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 {
 	ssize_t nr;
-	int input, output, save_errno;
+	int input, output, save_errno, i, need_restart;
 	char ch, *p, *end;
 	struct termios term, oterm;
-	struct sigaction sa, saveint, savehup, savequit, saveterm;
-	struct sigaction savetstp, savettin, savettou;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;

 	/* I suppose we could alloc on demand in this case (XXX). */
 	if (bufsiz == 0) {
@ -67,11 +58,17 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 	}

 restart:
+	for (i = 0; i < NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
 	/*
 	 * Read and write to /dev/tty if available.  If not, read from
 	 * stdin and write to stderr unless a tty is required.
 	 */
-	if ((input = output = _open(_PATH_TTY, O_RDWR)) == -1) {
+	if ((flags & RPP_STDIN) ||
+	    (input = output = _open(_PATH_TTY, O_RDWR)) == -1) {
 		if (flags & RPP_REQUIRE_TTY) {
 			errno = ENOTTY;
 			return(NULL);
@ -81,23 +78,11 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 	}

 	/*
-	 * Catch signals that would otherwise cause the user to end
-	 * up with echo turned off in the shell.  Don't worry about
-	 * things like SIGALRM and SIGPIPE for now.
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
 	 */
-	sigemptyset(&sa.sa_mask);
-	sa.sa_flags = 0;		/* don't restart system calls */
-	sa.sa_handler = handler;
-	(void)_sigaction(SIGINT, &sa, &saveint);
-	(void)_sigaction(SIGHUP, &sa, &savehup);
-	(void)_sigaction(SIGQUIT, &sa, &savequit);
-	(void)_sigaction(SIGTERM, &sa, &saveterm);
-	(void)_sigaction(SIGTSTP, &sa, &savetstp);
-	(void)_sigaction(SIGTTIN, &sa, &savettin);
-	(void)_sigaction(SIGTTOU, &sa, &savettou);
-
-	/* Turn off echo if possible. */
-	if (tcgetattr(input, &oterm) == 0) {
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
 		memcpy(&term, &oterm, sizeof(term));
 		if (!(flags & RPP_ECHO_ON))
 			term.c_lflag &= ~(ECHO | ECHONL);
@ -106,20 +91,42 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
 	} else {
 		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
 		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
 	}

+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)_sigaction(SIGALRM, &sa, &savealrm);
+	(void)_sigaction(SIGHUP, &sa, &savehup);
+	(void)_sigaction(SIGINT, &sa, &saveint);
+	(void)_sigaction(SIGPIPE, &sa, &savepipe);
+	(void)_sigaction(SIGQUIT, &sa, &savequit);
+	(void)_sigaction(SIGTERM, &sa, &saveterm);
+	(void)_sigaction(SIGTSTP, &sa, &savetstp);
+	(void)_sigaction(SIGTTIN, &sa, &savettin);
+	(void)_sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
 		(void)_write(output, prompt, strlen(prompt));
 	end = buf + bufsiz - 1;
-	for (p = buf; (nr = _read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r';) {
+	p = buf;
+	while ((nr = _read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
 		if (p < end) {
 			if ((flags & RPP_SEVENBIT))
 				ch &= 0x7f;
 			if (isalpha(ch)) {
 				if ((flags & RPP_FORCELOWER))
-					ch = tolower(ch);
+					ch = (char)tolower(ch);
 				if ((flags & RPP_FORCEUPPER))
-					ch = toupper(ch);
+					ch = (char)toupper(ch);
 			}
 			*p++ = ch;
 		}
@ -130,11 +137,16 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 		(void)_write(output, "\n", 1);

 	/* Restore old terminal settings and signals. */
-	if (memcmp(&term, &oterm, sizeof(term)) != 0)
-		(void)tcsetattr(input, TCSANOW|TCSASOFT, &oterm);
-	(void)_sigaction(SIGINT, &saveint, NULL);
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+	}
+	(void)_sigaction(SIGALRM, &savealrm, NULL);
 	(void)_sigaction(SIGHUP, &savehup, NULL);
+	(void)_sigaction(SIGINT, &saveint, NULL);
 	(void)_sigaction(SIGQUIT, &savequit, NULL);
+	(void)_sigaction(SIGPIPE, &savepipe, NULL);
 	(void)_sigaction(SIGTERM, &saveterm, NULL);
 	(void)_sigaction(SIGTSTP, &savetstp, NULL);
 	(void)_sigaction(SIGTTIN, &savettin, NULL);
@ -146,17 +158,21 @@ readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
 	 * If we were interrupted by a signal, resend it to ourselves
 	 * now that we have restored the signal handlers.
 	 */
-	if (signo) {
-		kill(getpid(), signo); 
-		switch (signo) {
+	for (i = 0; i < NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
 			case SIGTSTP:
 			case SIGTTIN:
 			case SIGTTOU:
-			signo = 0;
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
 		goto restart;
-		}
-	}

+	if (save_errno)
 		errno = save_errno;
 	return(nr == -1 ? NULL : buf);
 }
@ -174,5 +190,5 @@ getpass(const char *prompt)
 static void handler(int s)
 {

-	signo = s;
+	signo[s] = 1;
 }