-O showsecrets: display passwords in plaintext.

diff --git a/VERSION b/VERSION
index 409940768f2a684935a7d15a29f96e82c487f439..a45fd52cc5891570d6299fab38643103c3955474 100644 (file)
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-23
+24

diff --git a/tfc_error.c b/tfc_error.c
index 4fd81f1eeb1c1ac24f172e0a9c5d60ce11d1a50a..11c22bbb12ec519812d1d5e0403249ae034ada59 100644 (file)
--- a/tfc_error.c
+++ b/tfc_error.c
@@ -239,6 +239,7 @@ void usage(void)
        tfc_say("    when the whole status line width is smaller than tty width.");
        tfc_say("    statless: emit less information in status line (only processed data).");
        tfc_say("    norepeat: do not ask for any possible password confirmations.");
+       tfc_say("    showsecrets: show passwords in plaintext instead of masking them.");
        tfc_say("    prompt=str: set main password prompts to this string.");
        tfc_say("    macprompt=str: set MAC password prompts to this string.");
        tfc_say("    shorthex: with -H, do not print printable characters, dump only hex string.");

diff --git a/tfc_vars.c b/tfc_vars.c
index 933ef7b9695a79efe479090365e60c7e4a4a3e16..15a0320694d5f6634a86d79a2d7da9934a559096 100644 (file)
--- a/tfc_vars.c
+++ b/tfc_vars.c
@@ -64,7 +64,7 @@ int counter_opt, mackey_opt, do_mac, do_outfmt = TFC_OUTFMT_B64, rawkey;
 int idx, write_flags;
 tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad;
 tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic = YES, do_less_stats;
-tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown;
+tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown, show_secrets;
 char *srcfname = TFC_STDIN_NAME, *dstfname = TFC_STDOUT_NAME, *do_mac_file, *counter_file, *sksum_hashlist_file;
 char *saltf, *genkeyf, *mackeyf, *tweakf;
 char *pw_prompt, *mac_pw_prompt;

diff --git a/tfcrypt.c b/tfcrypt.c
index 01c1479c879d839269c058aa4e4c0c4385f44df5..125e5c9c3743e56c0ad01b6ef15a6bf931070730 100644 (file)
--- a/tfcrypt.c
+++ b/tfcrypt.c
@@ -51,6 +51,38 @@ static int getps_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
        return 0;
 }
 
+static inline int isctrlchr(int c)
+{
+       if (c == 9) return 0;
+       if (c >= 0 && c <= 31) return 1;
+       if (c == 127) return 1;
+       return 0;
+}
+
+static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+       int x;
+
+       x = getps_filter(getps, chr, pos);
+       if (x != 1) return x;
+
+       if (pos < getps->pwlen && !isctrlchr(chr))
+               write(getps->efd, &chr, sizeof(char));
+       return 1;
+}
+
+static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos)
+{
+       int x;
+
+       x = getps_hex_filter(getps, chr, pos);
+       if (x != 1) return x;
+
+       if (pos < getps->pwlen && !isctrlchr(chr))
+               write(getps->efd, &chr, sizeof(char));
+       return 1;
+}
+
 int main(int argc, char **argv)
 {
        int c;
@@ -227,6 +259,8 @@ _baddfname:
                                                do_full_hexdump = NO;
                                        else if (!strcmp(s, "fullkey"))
                                                do_full_key = YES;
+                                       else if (!strcmp(s, "showsecrets"))
+                                               show_secrets = YES;
                                        else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') {
                                                s += 5;
                                                blksize = (size_t)tfc_humanfsize(s, &stoi);
@@ -572,8 +606,8 @@ _mkragain:          lio = xread(mkfd, pblk, lrem);
                getps.passwd = pwdask;
                getps.pwlen = sizeof(pwdask)-1;
                getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password");
@@ -767,8 +801,8 @@ _xts2keyaskstr:     memset(&getps, 0, sizeof(struct getpasswd_state));
                getps.passwd = (char *)pblk;
                getps.pwlen = n;
                getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey");
@@ -791,8 +825,8 @@ _rawkey_hex_again:
                getps.passwd = pwdask;
                getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2);
                getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): ";
-               getps.charfilter = getps_hex_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey");
@@ -817,8 +851,8 @@ _pwdagain:  memset(&getps, 0, sizeof(struct getpasswd_state));
                getps.passwd = pwdask;
                getps.pwlen = sizeof(pwdask)-1;
                getps.echo = pw_prompt ? pw_prompt : "Enter password: ";
-               getps.charfilter = getps_filter;
-               getps.maskchar = 'x';
+               getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter;
+               getps.maskchar = (show_secrets == YES) ? 0 : 'x';
                getps.flags = GETP_WAITFILL;
                n = xgetpasswd(&getps);
                if (n == NOSIZE) xerror(NO, NO, YES, "getting password");

diff --git a/tfcrypt.h b/tfcrypt.h
index acb1c420a112f55f3fe271f7b9c3328cdbea0f5e..f2cb89cefa99481a351297e428d9dc237e6ba70e 100644 (file)
--- a/tfcrypt.h
+++ b/tfcrypt.h
@@ -157,7 +157,7 @@ extern int counter_opt, mackey_opt, do_mac, do_outfmt, rawkey;
 extern int idx, write_flags;
 extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad;
 extern tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic, do_less_stats;
-extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown;
+extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown, show_secrets;
 extern char *srcfname, *dstfname, *do_mac_file, *counter_file, *sksum_hashlist_file;
 extern char *saltf, *genkeyf, *mackeyf, *tweakf;
 extern char *pw_prompt, *mac_pw_prompt;