helper/password: for reading passwords securely

2015-03-04 00:31:35 -08:00 · 2015-03-04 00:31:35 -08:00 · a524ef6537
parent 2cb4c63208
commit a524ef6537
4 changed files with 115 additions and 0 deletions
--- a/command/unseal.go
+++ b/command/unseal.go
@ -1,7 +1,10 @@
 package command

 import (
+	"os"
 	"strings"
+
+	"github.com/hashicorp/vault/helper/password"
 )

 // UnsealCommand is a Command that unseals the vault.
@ -16,6 +19,12 @@ func (c *UnsealCommand) Run(args []string) int {
 		return 1
 	}

+	value, err := password.Read(os.Stdin)
+	if err != nil {
+		return 1
+	}
+
+	c.Ui.Output(value)
 	return 0
 }

--- a/helper/password/password.go
+++ b/helper/password/password.go
@ -0,0 +1,33 @@
+// password is a package for reading a password securely from a terminal.
+// The code in this package disables echo in the terminal so that the
+// password is not echoed back in plaintext to the user.
+package password
+
+import (
+	"io"
+	"os"
+)
+
+// Read reads the password from the given os.File. The password
+// will not be echoed back to the user.
+func Read(f *os.File) (string, error) {
+	return read(f)
+}
+
+func readline(f *os.File) (string, error) {
+	var buf [1]byte
+	resultBuf := make([]byte, 0, 64)
+	for {
+		n, err := f.Read(buf[:])
+		if err != nil && err != io.EOF {
+			return "", err
+		}
+		if n == 0 || buf[0] == '\n' || buf[0] == '\r' {
+			break
+		}
+
+		resultBuf = append(resultBuf, buf[0])
+	}
+
+	return string(resultBuf), nil
+}
--- a/helper/password/password_unix.go
+++ b/helper/password/password_unix.go
@ -0,0 +1,25 @@
+// +build linux darwin
+
+package password
+
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/crypto/ssh/terminal"
+)
+
+func read(f *os.File) (string, error) {
+	fd := int(f.Fd())
+	if !terminal.IsTerminal(fd) {
+		return "", fmt.Errorf("File descriptor %d is not a terminal", fd)
+	}
+
+	oldState, err := terminal.MakeRaw(fd)
+	if err != nil {
+		return "", err
+	}
+	defer terminal.Restore(fd, oldState)
+
+	return readline(f)
+}
--- a/helper/password/password_windows.go
+++ b/helper/password/password_windows.go
@ -0,0 +1,48 @@
+// +build windows
+
+package password
+
+import (
+	"os"
+	"syscall"
+)
+
+var (
+	kernel32           = syscall.MustLoadDLL("kernel32.dll")
+	setConsoleModeProc = kernel.MustFindProc("SetConsoleMod")
+)
+
+// Magic constant from MSDN to control whether charactesr read are
+// repeated back on the console.
+//
+// http://msdn.microsoft.com/en-us/library/windows/desktop/ms686033(v=vs.85).aspx
+const ENABLE_ECHO_INPUT = 0x0004
+
+func read(f *os.File) (string, error) {
+	handle := syscall.Handle(f.Fd())
+
+	// Grab the old console mode so we can reset it. We defer the reset
+	// right away because it doesn't matter (it is idempotent).
+	var oldMode uint32
+	if err := syscall.GetConsoleMode(handle, &oldMode); err != nil {
+		return "", err
+	}
+	defer setConsoleMode(handle, oldMode)
+
+	// The new mode is the old mode WITHOUT the echo input flag set.
+	var newMode uint32 = oldMode & ^ENABLE_ECHO_INPUT
+	if err := setConsoleMode(handle, newMode); err != nil {
+		return "", err
+	}
+
+	return readline(f)
+}
+
+func setConsoleMode(console syscall.Handle, mode uint32) error {
+	r, _, err := stConsoleModeProc.Call(uintptr(console), uintptr(mode))
+	if r == 0 {
+		return err
+	}
+
+	return nil
+}