ikectl(8) readpassphrase

Dimitris Papastamos Sat, 03 Sep 2016 03:38:52 -0700

Hi,

I've converted ikectl(8) from getpass to readpassphrase.


===================================================================
RCS file: /cvs/src/usr.sbin/ikectl/ikeca.c,v
retrieving revision 1.40
diff -u -p -r1.40 ikeca.c
--- ikeca.c     2 Nov 2015 12:21:27 -0000       1.40
+++ ikeca.c     3 Sep 2016 10:36:10 -0000
@@ -29,6 +29,7 @@
 #include <fts.h>
 #include <dirent.h>
 #include <limits.h>
+#include <readpassphrase.h>
 
 #include <openssl/rand.h>
 #include <openssl/rsa.h>
@@ -366,21 +367,26 @@ void
 ca_newpass(char *passfile, char *password)
 {
        FILE    *f;
-       char    *pass;
-       char     prev[_PASSWORD_LEN + 1];
+       char     pass[1024];
+       char     prev[1024];
 
        if (password != NULL) {
-               pass = password;
+               if (strlcpy(pass, password, sizeof(pass)) >= sizeof(pass))
+                       errx(1, "password too long");
                goto done;
        }
 
-       pass = getpass("CA passphrase:");
-       if (pass == NULL || *pass == '\0')
-               err(1, "password not set");
+       if (readpassphrase("CA passphrase:", pass,
+           sizeof(pass), RPP_ECHO_OFF) == NULL)
+               err(1, "readpassphrase");
+       if (pass[0] == '\0')
+               errx(1, "password not set");
 
        strlcpy(prev, pass, sizeof(prev));
-       pass = getpass("Retype CA passphrase:");
-       if (pass == NULL || strcmp(prev, pass) != 0)
+       if (readpassphrase("Retype CA passphrase:", pass,
+           sizeof(pass), RPP_ECHO_OFF) == NULL)
+               err(1, "readpassphrase");
+       if (strcmp(prev, pass) != 0)
                errx(1, "passphrase does not match!");
 
  done:
@@ -637,8 +643,8 @@ ca_export(struct ca *ca, char *keyname, 
        DIR             *dexp;
        struct dirent   *de;
        struct stat      st;
-       char            *pass;
-       char             prev[_PASSWORD_LEN + 1];
+       char             pass[1024];
+       char             prev[1024];
        char             cmd[PATH_MAX * 2];
        char             oname[PATH_MAX];
        char             src[PATH_MAX];
@@ -659,16 +665,20 @@ ca_export(struct ca *ca, char *keyname, 
        while ((p = strchr(oname, ':')) != NULL)
                *p = '_';
 
-       if (password != NULL)
-               pass = password;
-       else {
-               pass = getpass("Export passphrase:");
-               if (pass == NULL || *pass == '\0')
-                       err(1, "password not set");
-
+       if (password != NULL) {
+               if (strlcpy(pass, password, sizeof(pass)) >= sizeof(pass))
+                       errx(1, "password too long");
+       } else {
+               if (readpassphrase("Export passphrase:", pass,
+                   sizeof(pass), RPP_ECHO_OFF) == NULL)
+                       err(1, "readpassphrase");
+               if (pass[0] == '\0')
+                       errx(1, "password not set");
                strlcpy(prev, pass, sizeof(prev));
-               pass = getpass("Retype export passphrase:");
-               if (pass == NULL || strcmp(prev, pass) != 0)
+               if (readpassphrase("Retype export passphrase:", pass,
+                   sizeof(pass), RPP_ECHO_OFF) == NULL)
+                       err(1, "readpassphrase");
+               if (strcmp(prev, pass) != 0)
                        errx(1, "passphrase does not match!");
        }

ikectl(8) readpassphrase

Reply via email to