mturk 2005/06/07 00:22:06
Modified: jni/native/include ssl_private.h
jni/native/src sslutils.c
Log:
Use OpenSSL function for obtaining a password without echo.
On WIN32 if running from service mode (or redirected trough ant)
Open a new Console window and prompt for password.
Not sure if this is good idea, because the best would be to create a
small GUI dialog box rather then messing with console std handles.
Revision Changes Path
1.15 +12 -1
jakarta-tomcat-connectors/jni/native/include/ssl_private.h
Index: ssl_private.h
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-connectors/jni/native/include/ssl_private.h,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- ssl_private.h 6 Jun 2005 08:14:50 -0000 1.14
+++ ssl_private.h 7 Jun 2005 07:22:06 -0000 1.15
@@ -118,6 +118,16 @@
#define SSL_CVERIFY_OPTIONAL_NO_CA (3)
#define SSL_VERIFY_PEER_STRICT
(SSL_VERIFY_PEER|SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
+#define SSL_PASSWORD_PROMPT (0)
+#define SSL_PASSWORD_FILE (1)
+#define SSL_PASSWORD_EXEC (2)
+#define SSL_PASSWORD_ENGINE (3)
+
+#define STR_PASSWORD_PROMPT ("pass:")
+#define STR_PASSWORD_FILE ("file:")
+#define STR_PASSWORD_EXEC ("exec:")
+#define STR_PASSWORD_ENGINE ("engine:")
+
extern void *SSL_temp_keys[SSL_TMP_KEY_MAX];
typedef struct {
@@ -132,6 +142,7 @@
typedef struct {
char password[SSL_MAX_PASSWORD_LEN];
const char *prompt;
+ int mode;
tcn_ssl_ctxt_t *ctx;
} tcn_pass_cb_t;
1.16 +33 -30 jakarta-tomcat-connectors/jni/native/src/sslutils.c
Index: sslutils.c
===================================================================
RCS file: /home/cvs/jakarta-tomcat-connectors/jni/native/src/sslutils.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- sslutils.c 6 Jun 2005 16:15:20 -0000 1.15
+++ sslutils.c 7 Jun 2005 07:22:06 -0000 1.16
@@ -100,30 +100,6 @@
return APR_SUCCESS;
}
-static void password_prompt(const char *prompt, char *buf, size_t len)
-{
- size_t i=0;
- int ch;
-
- fprintf(stderr, prompt);
- fflush(stderr);
- for (i = 0; i < (len - 1); i++) {
- ch = getchar();
- if (ch == EOF)
- break;
- if (ch == '\n')
- break;
- else if (ch == '\b') {
- i--;
- if (i > 0)
- i--;
- }
- else
- buf[i] = ch;
- }
- buf[i] = '\0';
-}
-
#define PROMPT_STRING "Enter password: "
/* Simple echo password prompting */
int SSL_password_prompt(tcn_pass_cb_t *data)
@@ -135,16 +111,29 @@
if (data->ctx && data->ctx->bio_is) {
if (data->ctx->bio_is->flags & SSL_BIO_FLAG_RDONLY) {
/* Use error BIO in case of stdin */
- BIO_printf(data->ctx->bio_is, data->prompt);
+ BIO_puts(data->ctx->bio_os, data->prompt);
}
rv = BIO_gets(data->ctx->bio_is,
data->password, SSL_MAX_PASSWORD_LEN);
}
else {
- password_prompt(data->prompt, data->password,
- SSL_MAX_PASSWORD_LEN);
- fputc('\n', stderr);
- fflush(stderr);
+#ifdef WIN32
+ STARTUPINFO si;
+ GetStartupInfo(&si);
+ /* Display a new Console window */
+ if (si.wShowWindow == 0) {
+ FreeConsole();
+ AllocConsole();
+ SetConsoleTitle("Enter password");
+ }
+#endif
+ des_read_pw_string(data->password, SSL_MAX_PASSWORD_LEN,
+ data->prompt, 0);
+#ifdef WIN32
+ /* Destroy a new Console window */
+ if (si.wShowWindow == 0)
+ FreeConsole();
+#endif
rv = strlen(data->password);
}
if (rv > 0) {
@@ -154,6 +143,12 @@
*r = '\0';
rv--;
}
+#ifdef WIN32
+ if ((r = strchr(data->password, '\r'))) {
+ *r = '\0';
+ rv--;
+ }
+#endif
}
return rv;
}
@@ -171,6 +166,12 @@
memset(&c, 0, sizeof(tcn_pass_cb_t));
cb_data = &c;
}
+ else {
+ /* TODO: Implement password prompt checking.
+ * and decide what mechanism to use for obtaining
+ * the password.
+ */
+ }
if (cb_data->password[0] ||
(SSL_password_prompt(cb_data) > 0)) {
strncpy(buf, cb_data->password, bufsiz);
@@ -386,6 +387,8 @@
break;
case 2048:
idx = SSL_TMP_KEY_RSA_2048;
+ if (conn->ctx->temp_keys[idx] == NULL)
+ idx = SSL_TMP_KEY_RSA_1024;
break;
case 4096:
idx = SSL_TMP_KEY_RSA_4096;
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
