X-Git-Url: https://diplodocus.org/git/nmh/blobdiff_plain/ae31d21710465851fdecc8e5fb447e690b83a9f4..e65127948:/sbr/ruserpass.c?ds=sidebyside

diff --git a/sbr/ruserpass.c b/sbr/ruserpass.c
index 5ed6fde2..7038cf5c 100644
--- a/sbr/ruserpass.c
+++ b/sbr/ruserpass.c
@@ -15,20 +15,17 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id$
+ * Portions of this code are Copyright (c) 2013, by the authors of
+ * nmh.  See the COPYRIGHT file in the root directory of the nmh
+ * distribution for complete copyright information.
  */
 
 #include <h/mh.h>
 #include <h/utils.h>
 #include <pwd.h>
-#include <errno.h>
 
 static FILE *cfile;
 
-#ifndef MAXHOSTNAMELEN
-# define MAXHOSTNAMELEN 64
-#endif
-
 #define	DEFAULT	1
 #define	LOGIN	2
 #define	PASSWD	3
@@ -37,7 +34,7 @@ static FILE *cfile;
 #define	ID	10
 #define	MACH	11
 
-static char tokval[100];
+#define MAX_TOKVAL_SIZE 1024
 
 struct toktab {
     char *tokstr;
@@ -58,84 +55,87 @@ static struct toktab toktabs[] = {
 /*
  * prototypes
  */
-static int token(void);
+static int token(char *);
 
 
 void
 ruserpass(char *host, char **aname, char **apass)
 {
-    char *hdir, buf[BUFSIZ];
     int t, usedefault = 0;
     struct stat stb;
 
-    hdir = getenv("HOME");
-    if (hdir == NULL)
-	hdir = ".";
-    snprintf(buf, sizeof(buf), "%s/.netrc", hdir);
-    cfile = fopen(buf, "r");
+    init_credentials_file ();
+
+    cfile = fopen (credentials_file, "r");
     if (cfile == NULL) {
 	if (errno != ENOENT)
-	    perror(buf);
-	goto done;
-    }
-
-    while ((t = token())) {
-	switch(t) {
-	case DEFAULT:
-	    usedefault = 1;
-	    /* FALL THROUGH */
-
-	case MACH:
-	    if (!usedefault) {
-		if (token() != ID)
+	    perror (credentials_file);
+    } else {
+        char tokval[MAX_TOKVAL_SIZE];
+        tokval[0] = '\0';
+
+	while ((t = token(tokval))) {
+	    switch(t) {
+	    case DEFAULT:
+		usedefault = 1;
+		/* FALL THROUGH */
+
+	    case MACH:
+		if (!usedefault) {
+		    if (token(tokval) != ID)
+			continue;
+		    /*
+		     * Allow match either for user's host name.
+		     */
+		    if (strcasecmp(host, tokval) == 0)
+			goto match;
 		    continue;
-		/*
-		 * Allow match either for user's host name.
-		 */
-		if (mh_strcasecmp(host, tokval) == 0)
-		    goto match;
-		continue;
-	    }
-match:
-	    while ((t = token()) && t != MACH && t != DEFAULT) {
-		switch(t) {
-		case LOGIN:
-		    if (token() && *aname == 0) {
-			*aname = mh_xmalloc((size_t) strlen(tokval) + 1);
-			strcpy(*aname, tokval);
-		    }
-		    break;
-		case PASSWD:
-		    if (fstat(fileno(cfile), &stb) >= 0 &&
-			(stb.st_mode & 077) != 0) {
-			/* We make this a fatal error to force the user to correct it */
-			advise(NULL, "Error - ~/.netrc file must not be world or group readable.");
-			adios(NULL, "Remove password or correct file permissions.");
-		    }
-		    if (token() && *apass == 0) {
-			*apass = mh_xmalloc((size_t) strlen(tokval) + 1);
-			strcpy(*apass, tokval);
+		}
+	    match:
+		while ((t = token(tokval)) && t != MACH && t != DEFAULT) {
+		    switch(t) {
+		    case LOGIN:
+			if (token(tokval) && *aname == 0) {
+			    *aname = mh_xmalloc((size_t) strlen(tokval) + 1);
+			    strcpy(*aname, tokval);
+			}
+			break;
+
+		    case PASSWD:
+			if (fstat(fileno(cfile), &stb) >= 0 &&
+			    (stb.st_mode & 077) != 0) {
+			    /* We make this a fatal error to force the
+			       user to correct it. */
+			    advise(NULL, "Error - file %s must not be world or "
+				   "group readable.", credentials_file);
+			    adios(NULL, "Remove password or correct file "
+				  "permissions.");
+			}
+			if (token(tokval) && *apass == 0) {
+			    *apass = mh_xmalloc((size_t) strlen(tokval) + 1);
+			    strcpy(*apass, tokval);
+			}
+			break;
+
+		    case ACCOUNT:
+			break;
+
+		    case MACDEF:
+			fclose(cfile);
+			return;
+
+		    default:
+			fprintf(stderr,
+				"Unknown keyword %s in credentials file %s\n",
+				tokval, credentials_file);
+			break;
 		    }
-		    break;
-		case ACCOUNT:
-		    break;
-
-		case MACDEF:
-		    goto done_close;
-		    break;
-		default:
-		    fprintf(stderr, "Unknown .netrc keyword %s\n", tokval);
-		    break;
 		}
+		return;
 	    }
-	    goto done;
 	}
     }
 
-done_close:
-    fclose(cfile);
-
-done:
     if (!*aname) {
 	char tmp[80];
 	char *myname;
@@ -148,9 +148,11 @@ done:
 	}
 	printf("Name (%s:%s): ", host, myname);
 
-	fgets(tmp, sizeof(tmp) - 1, stdin);
+	if (fgets(tmp, sizeof(tmp) - 1, stdin) == NULL) {
+	    advise ("tmp", "fgets");
+	}
 	tmp[strlen(tmp) - 1] = '\0';
-	if (*tmp != '\0') {
+	if (*tmp != '\0' || myname == NULL) {
 	    myname = tmp;
 	}
 
@@ -164,7 +166,7 @@ done:
 
 	snprintf(prompt, sizeof(prompt), "Password (%s:%s): ", host, *aname);
 	mypass = nmh_getpass(prompt);
-	
+
 	if (*mypass == '\0') {
 	    mypass = *aname;
 	}
@@ -176,7 +178,7 @@ done:
 }
 
 static int
-token(void)
+token(char *tokval)
 {
     char *cp;
     int c;
@@ -195,6 +197,10 @@ token(void)
 	    if (c == '\\')
 		c = getc(cfile);
 	    *cp++ = c;
+            if (cp - tokval > MAX_TOKVAL_SIZE-1) {
+                adios(NULL, "credential tokens restricted to length %d",
+                      MAX_TOKVAL_SIZE - 1);
+            }
 	}
     } else {
 	*cp++ = c;
@@ -203,6 +209,10 @@ token(void)
 	    if (c == '\\')
 		c = getc(cfile);
 	    *cp++ = c;
+            if (cp - tokval > MAX_TOKVAL_SIZE-1) {
+                adios(NULL, "credential tokens restricted to length %d",
+                      MAX_TOKVAL_SIZE - 1);
+            }
 	}
     }
     *cp = 0;