Hi, Thanks a lot for considering my suggestions.
On 28/03/2021 19:11, Tõivo Leedjärv wrote: > The getpass() function is present in SUSv2, but marked LEGACY. It is > removed in POSIX.1-2001. Additionally, on Solaris getpass() returns > maximum 9 bytes. This will make longer passwords fail with no > possibility for user to know what is happening. > > This patch removes usage of getpass() completely and replaces it with > direct implementation of what getpass() does: opens tty (existing code), > outputs the prompt (existing code), turns off echoing (new code), reads > one line (existing code shared with echoed mode), restores tty state > (new code) and closes tty (existing code). > > Patch v2: incorporate review feedback, incl. style fixes, merge > termios.h check in configure.ac with an existing > AC_CHECK_HEADERS, add error check and logging after > tcsettattr() when restoring tty settings > > Signed-off-by: Tõivo Leedjärv <toi...@gmail.com> The code looks good and it actually simplifies our get_console_input() function. It's agreed that termios is available on most (all?) systems supporting tun interfaces, therefore it is a valid replacement for getpass(), without making us worry about old platforms. I tested this patch with a simple client-server setup: * Client was configured with "--auth-user-pass" and was sending some username/password. * Server was configured with "--auth-user-pass-verify script via-env", where script was just printing its full env. I then verified that the input on the client reflected the output on the server, also with some unicode chars, to be sure the new logic would still handle characters only Davids may use in his passwords. password=ciao@@@@ password=ééëëff password=test²³¤€’¥×~~ password=Ð Acked-by: Antonio Quartulli <anto...@openvpn.net> -- Antonio Quartulli _______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
