libhcrypto: UI_UTIL_FLAG_VERIFY_SILENT

diff --git a/admin/add.c b/admin/add.c
index 3e8be9a8c404538722b3d0e263986bd3fcb9eca2..13580b9bb570a3d1586627b84f157975959b259c 100644 (file)
--- a/admin/add.c
+++ b/admin/add.c
@@ -94,7 +94,8 @@ kt_add(struct add_options *opt, int argc, char **argv)
            goto out;
     }
     if(opt->password_string == NULL && opt->random_flag == 0) {
-       if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ", 1)) {
+       if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Password: ",
+                                 UI_UTIL_FLAG_VERIFY)) {
            ret = 1;
            goto out;
        }

diff --git a/appl/otp/otp.c b/appl/otp/otp.c
index 8699ba86641ed277af37775607ff1c64995a2bdc..1ca6a1f61bb8b4b873185c4846bfbda171ea82cc 100644 (file)
--- a/appl/otp/otp.c
+++ b/appl/otp/otp.c
@@ -153,7 +153,8 @@ set (int argc, char **argv, OtpAlgorithm *alg, char *inuser)
     strlcpy (ctx.seed, argv[1], sizeof(ctx.seed));
     strlwr(ctx.seed);
     do {
-       if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ", 1))
+       if (UI_UTIL_read_pw_string (pw, sizeof(pw), "Pass-phrase: ",
+           UI_UTIL_FLAG_VERIFY))
            return 1;
        if (strlen (pw) < OTP_MIN_PASSPHRASE)
            printf ("Too short pass-phrase.  Use at least %d characters\n",

diff --git a/kadmin/ank.c b/kadmin/ank.c
index f56abfc1246f7ae966bbed8be0bb8d47d218d6de..648e1ef1dd2398fa01a57eb686572916e9e9a5d8 100644 (file)
--- a/kadmin/ank.c
+++ b/kadmin/ank.c
@@ -138,7 +138,9 @@ add_one_principal (const char *name,
            krb5_set_error_message(context, ret, "out of memory");
            goto out;
        }
-       ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt, 1);
+       ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), prompt,
+                                     UI_UTIL_FLAG_VERIFY |
+                                     UI_UTIL_FLAG_VERIFY_SILENT);
        free (prompt);
        if (ret) {
            ret = KRB5_LIBOS_BADPWDMATCH;

diff --git a/kadmin/cpw.c b/kadmin/cpw.c
index 701c10ff97d50c988933e72ca5ae9be4ddcb5bb5..8a4a0b4974b369e096c432bdcce379f0b018f614 100644 (file)
--- a/kadmin/cpw.c
+++ b/kadmin/cpw.c
@@ -98,7 +98,9 @@ set_password (krb5_principal principal, char *password, int keepold)
        free (princ_name);
        if (aret == -1)
            return ENOMEM;
-       ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt, 1);
+       ret = UI_UTIL_read_pw_string(pwbuf, sizeof(pwbuf), prompt,
+                                    UI_UTIL_FLAG_VERIFY |
+                                    UI_UTIL_FLAG_VERIFY_SILENT);
        free (prompt);
        if(ret){
             return KRB5_LIBOS_BADPWDMATCH;

diff --git a/kadmin/stash.c b/kadmin/stash.c
index 1eb56b36fc2f228f4bc83f209f6cfef690d95746..785de43f872e7eb7f08288de37690cfe0a23dc99 100644 (file)
--- a/kadmin/stash.c
+++ b/kadmin/stash.c
@@ -99,7 +99,8 @@ stash(struct stash_options *opt, int argc, char **argv)
            random_password (buf, sizeof(buf));
            printf("Using random master stash password: %s\n", buf);
        } else {
-           if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1)) {
+           if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ",
+                                     UI_UTIL_FLAG_VERIFY)) {
                hdb_free_master_key(context, mkey);
                return 0;
            }

diff --git a/kdc/kstash.c b/kdc/kstash.c
index 54d6628388e3523a93b6b92f728ab6fe00599298..bba2b11d0f0dd0caafb7ba9d1b289f2006e5ad1b 100644 (file)
--- a/kdc/kstash.c
+++ b/kdc/kstash.c
@@ -124,7 +124,8 @@ main(int argc, char **argv)
                buf[strcspn(buf, "\r\n")] = '\0';
 
            } else {
-               if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ", 1))
+               if(UI_UTIL_read_pw_string(buf, sizeof(buf), "Master key: ",
+                                         UI_UTIL_FLAG_VERIFY))
                    exit(1);
            }
            krb5_string_to_key_salt(context, enctype, buf, salt, &key);

diff --git a/kpasswd/kpasswd.c b/kpasswd/kpasswd.c
index 491a907f4af9e51e224276b74eae1d344e66b7b0..af5012fb594c14c4a6ed8890f8939ff492a57189 100644 (file)
--- a/kpasswd/kpasswd.c
+++ b/kpasswd/kpasswd.c
@@ -83,7 +83,8 @@ change_password(krb5_context context,
     if (aret == -1 || msg == NULL)
        krb5_errx (context, 1, "out of memory");
 
-    ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg, 1);
+    ret = UI_UTIL_read_pw_string (pwbuf, sizeof(pwbuf), msg,
+                                 UI_UTIL_FLAG_VERIFY);
     free(msg);
     if (name)
        free(name);

diff --git a/lib/hcrypto/ui.c b/lib/hcrypto/ui.c
index ff0f7ec214e6d3e9f5e1057c29b9258a6a2f36ab..0eb09e78066a3bb0e694d4b72e1734586090ae93 100644 (file)
--- a/lib/hcrypto/ui.c
+++ b/lib/hcrypto/ui.c
@@ -194,7 +194,7 @@ UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
     if (ret)
        return ret;
 
-    if (verify) {
+    if (verify & UI_UTIL_FLAG_VERIFY) {
        char *buf2;
        buf2 = malloc(length);
        if (buf2 == NULL)
@@ -206,8 +206,10 @@ UI_UTIL_read_pw_string(char *buf, int length, const char *prompt, int verify)
            return ret;
        }
        if (strcmp(buf2, buf) != 0) {
-           fprintf(stderr, "Verify failure\n");
-           fflush(stderr);
+           if (!(verify & UI_UTIL_FLAG_VERIFY_SILENT)) {
+               fprintf(stderr, "Verify failure\n");
+               fflush(stderr);
+           }
            ret = 1;
        }
        free(buf2);

diff --git a/lib/hcrypto/ui.h b/lib/hcrypto/ui.h
index 6b4d6d8c4d5e89f5562ecbe2a492becb5db6c9c5..4f56da7aae97dbbfe2feb0cc1c9bf0e115f171aa 100644 (file)
--- a/lib/hcrypto/ui.h
+++ b/lib/hcrypto/ui.h
@@ -39,6 +39,10 @@
 /* symbol renaming */
 #define UI_UTIL_read_pw_string hc_UI_UTIL_read_pw_string
 
+/* OpenSSL API extensions */
+#define UI_UTIL_FLAG_VERIFY        0x1 /* ask to verify password */
+#define UI_UTIL_FLAG_VERIFY_SILENT  0x2 /* silence on verify failure */
+
 int    UI_UTIL_read_pw_string(char *, int, const char *, int); /* XXX */
 
 #endif /* _HEIM_UI_H */