When reading in a password, it is desirable to avoid displaying it on the screen, to help keep it secret. The following function handles this in a convenient way.
getpass
outputs prompt, then reads a string in from the
terminal without echoing it. It tries to connect to the real terminal,
`/dev/tty', if possible, to encourage users not to put plaintext
passwords in files; otherwise, it uses stdin
and stderr
.
getpass
also disables the INTR, QUIT, and SUSP characters on the
terminal using the ISIG
terminal attribute (see section Local Modes).
The terminal is flushed before and after getpass
, so that
characters of a mistyped password are not accidentally visible.
In other C libraries, getpass
may only return the first
PASS_MAX
bytes of a password. The GNU C library has no limit, so
PASS_MAX
is undefined.
The prototype for this function is in `unistd.h'. PASS_MAX
would be defined in `limits.h'.
This precise set of operations may not suit all possible situations. In
this case, it is recommended that users write their own getpass
substitute. For instance, a very simple substitute is as follows:
#include <termios.h> #include <stdio.h> ssize_t my_getpass (char **lineptr, size_t *n, FILE *stream) { struct termios old, new; int nread; /* Turn echoing off and fail if we can't. */ if (tcgetattr (fileno (stream), &old) != 0) return -1; new = old; new.c_lflag &= ~ECHO; if (tcsetattr (fileno (stream), TCSAFLUSH, &new) != 0) return -1; /* Read the password. */ nread = getline (lineptr, n, stream); /* Restore terminal. */ (void) tcsetattr (fileno (stream), TCSAFLUSH, &old); return nread; }
The substitute takes the same parameters as getline
(see section Line-Oriented Input); the user must print any prompt desired.
Go to the first, previous, next, last section, table of contents.