DWS/chrony
1
0
Fork 0
mirror of https://gitlab.com/chrony/chrony.git synced 2025-12-04 10:35:08 -05:00
Code Issues Packages Projects Releases Wiki Activity

Fix password handling in chronyc

Browse Source
This commit is contained in:
Miroslav Lichvar
2012-02-28 11:26:37 +01:00
parent 2a305d8e16
commit be1e1dc441
1 changed files with 33 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
client.c
View File

@@ -1094,8 +1094,7 @@ process_cmd_delete(CMD_Request *msg, char *line)
/* ================================================== */ /* ================================================== */
static char *password; static char *password = NULL;
static int password_seen = 0;
static int password_length; static int password_length;
static int auth_hash_id; static int auth_hash_id;
@@ -1106,6 +1105,15 @@ process_cmd_password(CMD_Request *msg, char *line)
{ {
char *p, *q; char *p, *q;
struct timeval now; struct timeval now;
int i, len;
/* Blank and free the old password */
if (password) {
for (i = 0; i < password_length; i++)
password[i] = 0;
free(password);
password = NULL;
}
p = line; p = line;
while (*p && isspace((unsigned char)*p)) while (*p && isspace((unsigned char)*p))
@@ -1116,23 +1124,29 @@ process_cmd_password(CMD_Request *msg, char *line)
if (isspace((unsigned char)*q)) *q = 0; if (isspace((unsigned char)*q)) *q = 0;
} }
if (*p) { if (!*p) {
password = p;
} else {
/* blank line, prompt for password */ /* blank line, prompt for password */
password = getpass("Password: "); p = getpass("Password: ");
} }
if (!*password) { if (!*p)
password_seen = 0; return 0;
} else {
password_length = UTI_DecodePasswordFromText(password); len = strlen(p);
password_length = UTI_DecodePasswordFromText(p);
if (password_length > 0) { if (password_length > 0) {
password_seen = 1; password = malloc(password_length);
} else { memcpy(password, p, password_length);
password_seen = 0;
fprintf(stderr, "Could not decode password\n");
} }
/* Erase the password from the input or getpass buffer */
for (i = 0; i < len; i++)
p[i] = 0;
if (password_length <= 0) {
fprintf(stderr, "Could not decode password\n");
return 0;
} }
if (gettimeofday(&now, NULL) < 0) { if (gettimeofday(&now, NULL) < 0) {
@@ -1285,7 +1299,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
do { do {
/* Decide whether to authenticate */ /* Decide whether to authenticate */
if (password_seen) { if (password) {
if (!utoken || (request->command == htons(REQ_LOGON))) { if (!utoken || (request->command == htons(REQ_LOGON))) {
/* Otherwise, the daemon won't bother authenticating our /* Otherwise, the daemon won't bother authenticating our
packet and we won't get a token back */ packet and we won't get a token back */
@@ -1427,7 +1441,7 @@ submit_request(CMD_Request *request, CMD_Reply *reply, int *reply_auth_ok)
ntohl(reply->token)); ntohl(reply->token));
#endif #endif
if (password_seen) { if (password) {
*reply_auth_ok = check_reply_auth(reply, read_length); *reply_auth_ok = check_reply_auth(reply, read_length);
} else { } else {
/* Assume in this case that the reply is always considered /* Assume in this case that the reply is always considered
@@ -2855,6 +2869,8 @@ main(int argc, char **argv)
close_io(); close_io();
free(password);
return !ret; return !ret;
} }