From: Andrey Rys Date: Thu, 4 Apr 2019 13:32:29 +0000 (+0700) Subject: -O showsecrets: display passwords in plaintext. X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=4666ae1134223898de8012eca176625cc63a281f;p=tfcrypt.git -O showsecrets: display passwords in plaintext. --- diff --git a/VERSION b/VERSION index 4099407..a45fd52 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -23 +24 diff --git a/tfc_error.c b/tfc_error.c index 4fd81f1..11c22bb 100644 --- a/tfc_error.c +++ b/tfc_error.c @@ -239,6 +239,7 @@ void usage(void) tfc_say(" when the whole status line width is smaller than tty width."); tfc_say(" statless: emit less information in status line (only processed data)."); tfc_say(" norepeat: do not ask for any possible password confirmations."); + tfc_say(" showsecrets: show passwords in plaintext instead of masking them."); tfc_say(" prompt=str: set main password prompts to this string."); tfc_say(" macprompt=str: set MAC password prompts to this string."); tfc_say(" shorthex: with -H, do not print printable characters, dump only hex string."); diff --git a/tfc_vars.c b/tfc_vars.c index 933ef7b..15a0320 100644 --- a/tfc_vars.c +++ b/tfc_vars.c @@ -64,7 +64,7 @@ int counter_opt, mackey_opt, do_mac, do_outfmt = TFC_OUTFMT_B64, rawkey; int idx, write_flags; tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad; tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic = YES, do_less_stats; -tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown; +tfc_yesno no_repeat, do_full_hexdump = YES, verbose, statline_was_shown, show_secrets; char *srcfname = TFC_STDIN_NAME, *dstfname = TFC_STDOUT_NAME, *do_mac_file, *counter_file, *sksum_hashlist_file; char *saltf, *genkeyf, *mackeyf, *tweakf; char *pw_prompt, *mac_pw_prompt; diff --git a/tfcrypt.c b/tfcrypt.c index 01c1479..125e5c9 100644 --- a/tfcrypt.c +++ b/tfcrypt.c @@ -51,6 +51,38 @@ static int getps_hex_filter(struct getpasswd_state *getps, char chr, size_t pos) return 0; } +static inline int isctrlchr(int c) +{ + if (c == 9) return 0; + if (c >= 0 && c <= 31) return 1; + if (c == 127) return 1; + return 0; +} + +static int getps_plain_filter(struct getpasswd_state *getps, char chr, size_t pos) +{ + int x; + + x = getps_filter(getps, chr, pos); + if (x != 1) return x; + + if (pos < getps->pwlen && !isctrlchr(chr)) + write(getps->efd, &chr, sizeof(char)); + return 1; +} + +static int getps_plain_hex_filter(struct getpasswd_state *getps, char chr, size_t pos) +{ + int x; + + x = getps_hex_filter(getps, chr, pos); + if (x != 1) return x; + + if (pos < getps->pwlen && !isctrlchr(chr)) + write(getps->efd, &chr, sizeof(char)); + return 1; +} + int main(int argc, char **argv) { int c; @@ -227,6 +259,8 @@ _baddfname: do_full_hexdump = NO; else if (!strcmp(s, "fullkey")) do_full_key = YES; + else if (!strcmp(s, "showsecrets")) + show_secrets = YES; else if (!strncmp(s, "iobs", 4) && *(s+4) == '=') { s += 5; blksize = (size_t)tfc_humanfsize(s, &stoi); @@ -572,8 +606,8 @@ _mkragain: lio = xread(mkfd, pblk, lrem); getps.passwd = pwdask; getps.pwlen = sizeof(pwdask)-1; getps.echo = mac_pw_prompt ? mac_pw_prompt : "Enter MAC password: "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting MAC password"); @@ -767,8 +801,8 @@ _xts2keyaskstr: memset(&getps, 0, sizeof(struct getpasswd_state)); getps.passwd = (char *)pblk; getps.pwlen = n; getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (str): "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting string rawkey"); @@ -791,8 +825,8 @@ _rawkey_hex_again: getps.passwd = pwdask; getps.pwlen = (TF_FROM_BITS(TFC_KEY_BITS)*2); getps.echo = pw_prompt ? pw_prompt : "Enter rawkey (hex): "; - getps.charfilter = getps_hex_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_hex_filter : getps_hex_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting hex rawkey"); @@ -817,8 +851,8 @@ _pwdagain: memset(&getps, 0, sizeof(struct getpasswd_state)); getps.passwd = pwdask; getps.pwlen = sizeof(pwdask)-1; getps.echo = pw_prompt ? pw_prompt : "Enter password: "; - getps.charfilter = getps_filter; - getps.maskchar = 'x'; + getps.charfilter = (show_secrets == YES) ? getps_plain_filter : getps_filter; + getps.maskchar = (show_secrets == YES) ? 0 : 'x'; getps.flags = GETP_WAITFILL; n = xgetpasswd(&getps); if (n == NOSIZE) xerror(NO, NO, YES, "getting password"); diff --git a/tfcrypt.h b/tfcrypt.h index acb1c42..f2cb89c 100644 --- a/tfcrypt.h +++ b/tfcrypt.h @@ -157,7 +157,7 @@ extern int counter_opt, mackey_opt, do_mac, do_outfmt, rawkey; extern int idx, write_flags; extern tfc_yesno catch_all_errors, ignore_seek_errors, password, overwrite_source, do_fsync, do_pad; extern tfc_yesno do_preserve_time, do_stats_in_gibs, do_statline_dynamic, do_less_stats; -extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown; +extern tfc_yesno no_repeat, do_full_hexdump, verbose, statline_was_shown, show_secrets; extern char *srcfname, *dstfname, *do_mac_file, *counter_file, *sksum_hashlist_file; extern char *saltf, *genkeyf, *mackeyf, *tweakf; extern char *pw_prompt, *mac_pw_prompt;