From 631b93a7d056b1d73b14993cd13c5bdc3b1785a6 Mon Sep 17 00:00:00 2001 From: Christian Hesse Date: Wed, 4 May 2016 21:02:10 +0200 Subject: move terminal input to function, verify matching strings for new factor --- bin/ykfde.c | 86 +++++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 49 insertions(+), 37 deletions(-) diff --git a/bin/ykfde.c b/bin/ykfde.c index 8dda1d9..b01b3a1 100644 --- a/bin/ykfde.c +++ b/bin/ykfde.c @@ -59,6 +59,42 @@ const static struct option options_long[] = { { 0, 0, 0, 0 } }; +char * ask_factor(const char * text) { + struct termios tp, tp_save; + char * factor = NULL; + size_t len; + ssize_t readlen; + + /* get terminal properties */ + if (tcgetattr(STDIN_FILENO, &tp) < 0) { + fprintf(stderr, "Failed reading terminal attributes. Not on terminal?\n"); + return NULL; + } + + tp_save = tp; + + /* disable echo on terminal */ + tp.c_lflag &= ~ECHO; + if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &tp) < 0) { + fprintf(stderr, "Failed setting terminal attributes.\n"); + return NULL; + } + + printf("Please give %s:", text); + readlen = getline(&factor, &len, stdin); + factor[readlen - 1] = '\0'; + putchar('\n'); + + /* restore terminal */ + if (tcsetattr(STDIN_FILENO, TCSANOW, &tp_save) < 0) { + fprintf(stderr, "Failed setting terminal attributes.\n"); + free(factor); + return NULL; + } + + return factor; +} + int main(int argc, char **argv) { unsigned int version = 0, help = 0; char challenge_old[CHALLENGELEN + 1], @@ -72,11 +108,8 @@ int main(int argc, char **argv) { challengefiletmpname[sizeof(CHALLENGEDIR) + 11 /* "/challenge-" */ + 10 /* unsigned int in char */ + 7 /* -XXXXXX */ + 1]; int challengefile = 0, challengefiletmp = 0; struct timeval tv; - struct termios tp, tp_save; - uint8_t have_term = 1; int i; size_t len; - ssize_t readlen; int8_t rc = EXIT_FAILURE; /* cryptsetup */ const char * device_name; @@ -87,7 +120,7 @@ int main(int argc, char **argv) { /* keyutils */ key_serial_t key; void * payload = NULL; - char * second_factor = NULL, * new_2nd_factor = NULL; + char * second_factor = NULL, * new_2nd_factor = NULL, * new_2nd_factor_verify = NULL; /* yubikey */ YK_KEY * yk; uint8_t yk_slot = SLOT_CHAL_HMAC2; @@ -97,19 +130,6 @@ int main(int argc, char **argv) { char section_ykslot[10 /* unsigned int in char */ + 1 + sizeof(CONFYKSLOT) + 1]; char section_luksslot[10 + 1 + sizeof(CONFLUKSSLOT) + 1]; - /* get terminal properties */ - if (tcgetattr(STDIN_FILENO, &tp) < 0) - have_term = 0; - tp_save = tp; - - /* disable echo on terminal */ - tp.c_lflag &= ~ECHO; - if (have_term) - if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &tp) < 0) { - fprintf(stderr, "Failed setting terminal attributes.\n"); - goto out0; - } - /* get command line options */ while ((i = getopt_long(argc, argv, optstring, options_long, NULL)) != -1) switch (i) { @@ -124,12 +144,16 @@ int main(int argc, char **argv) { } if (optarg == NULL) { /* N */ - if (have_term == 0) - fprintf(stderr, "Warning: Could not disable echo, input will be visible!\n"); - printf("Please give new second factor:"); - readlen = getline(&new_2nd_factor, &len, stdin); - new_2nd_factor[readlen - 1] = '\0'; - putchar('\n'); + if ((new_2nd_factor = ask_factor("new second factor")) == NULL) + goto out10; + + if ((new_2nd_factor_verify = ask_factor("new second factor for verification")) == NULL) + goto out10; + + if (strcmp(new_2nd_factor, new_2nd_factor_verify) != 0) { + fprintf(stderr, "Verification failed, given strings do not match.\n"); + goto out10; + } } else { /* n */ new_2nd_factor = strdup(optarg); memset(optarg, '*', strlen(optarg)); @@ -144,12 +168,7 @@ int main(int argc, char **argv) { } if (optarg == NULL) { /* S */ - if (have_term == 0) - fprintf(stderr, "Warning: Could not disable echo, input will be visible!\n"); - printf("Please give second factor:"); - readlen = getline(&second_factor, &len, stdin); - second_factor[readlen - 1] = '\0'; - putchar('\n'); + second_factor = ask_factor("second factor"); } else { /* s */ second_factor = strdup(optarg); memset(optarg, '*', strlen(optarg)); @@ -161,13 +180,6 @@ int main(int argc, char **argv) { break; } - /* restore terminal */ - if (have_term) - if (tcsetattr(STDIN_FILENO, TCSANOW, &tp_save) < 0) { - fprintf(stderr, "Failed setting terminal attributes.\n"); - goto out10; - } - if (version > 0) printf("%s: %s v%s (compiled: " __DATE__ ", " __TIME__ ")\n", argv[0], PROGNAME, VERSION); @@ -412,10 +424,10 @@ out10: memset(passphrase_old, 0, PASSPHRASELEN + 1); memset(passphrase_new, 0, PASSPHRASELEN + 1); + free(new_2nd_factor_verify); free(new_2nd_factor); free(second_factor); -out0: return rc; } -- cgit v1.2.3-70-g09d2