Always read password from environment.

Factored base64-decoding into its own function.
2025-12-06 07:53:56 +01:00 · 2021-09-11 00:24:44 +02:00
parent 0b01283cd9
commit 41e7c43ab8
2 changed files with 62 additions and 48 deletions
--- a/src/common.c
+++ b/src/common.c
@ -2,6 +2,8 @@
 #include <sys/stat.h>
 #include <fcntl.h>
 #include <unistd.h>
+#include <string.h>
+#include <sodium.h>
 #include "common.h"

 char *read_first_line(const char *filename) {
@ -41,8 +43,7 @@ char * read_first_line(const char * filename) {
    strncpy(cipherstring, map, cipherstring_len);

    // munmap and close file
-    if (munmap(map, fileInfo.st_size) == -1)
-    {
+    if (munmap(map, fileInfo.st_size) == -1) {
        close(fd);
        perror("Error un-mmapping the file");
        exit(EXIT_FAILURE);
@ -51,3 +52,23 @@ char * read_first_line(const char * filename) {

    return cipherstring;
 }
+
+typedef struct {
+    unsigned char *string;
+    size_t length;
+} Password;
+
+Password base64_decode_string(const char *input) {
+    Password p;
+    size_t input_len = strlen(input);
+    size_t outmaxlen = input_len / 4 * 3;
+    p.string = malloc(outmaxlen);
+    int b64err = sodium_base642bin(p.string, outmaxlen, (const char *) input, input_len,
+                                   NULL, &p.length, NULL, sodium_base64_VARIANT_ORIGINAL);
+    if (b64err != 0) {
+        fprintf(stderr, "[ERROR] Unable to base64-decode the password\n");
+        exit(EXIT_FAILURE);
+    }
+
+    return p;
+}
--- a/src/libexim-encrypt-dlfunc-decrypt-secretbox.c
+++ b/src/libexim-encrypt-dlfunc-decrypt-secretbox.c
@ -12,7 +12,8 @@ void print_usage(char * progname) {
    printf("Usage: %s [OPTIONS]\n\n", progname);
    printf("Password:\n");
    printf("  -p, --password PASSWORD    decrypt using PASSWORD\n");
-    printf("  -e, --pass-from-env        read password from environment variable LIBEXIM_PASSWORD\n");
+    printf("\n");
+    printf("  If the environment variable LIBEXIM_PASSWORD is set the password is read from it.\n");
    printf("\n");
    printf("Select input:\n");
    printf("  -c, --input STRING         decrypt contents of STRING\n");
@ -53,6 +54,15 @@ int main(int argc, char *argv[]) {
            {0,               0,                 0,    0}
    };

+    // check environment for LIBEXIM_PASSWORD
+    password_env = getenv(ENVVAR_PASSWORD_NAME);
+    if (password_env != NULL && strlen(password_env) > 0) {
+        pwlen = strlen(password_env);
+        b64password = malloc(pwlen + 1);
+        strncpy(b64password, password_env, pwlen);
+        mode |= PASSENV;
+    }
+
    // parse arguments
    int long_index = 0;
    while ((opt = getopt_long(argc, argv, shortargs,
@ -64,17 +74,6 @@ int main(int argc, char *argv[]) {
                strncpy(b64password, optarg, pwlen);
                mode |= PASSARG;
                break;
-            case 'e':
-                password_env = getenv(ENVVAR_PASSWORD_NAME);
-                if (password_env == NULL) {
-                    fprintf(stderr, "[ERROR] Environment variable %s is undefined.\n\n", ENVVAR_PASSWORD_NAME);
-                    exit(EXIT_FAILURE);
-                }
-                pwlen = strlen(password_env);
-                b64password = malloc(pwlen+1);
-                strncpy(b64password, password_env, pwlen);
-                mode |= PASSENV;
-                break;
            case 'f':
                cipherstring = read_first_line(optarg);
                input |= INFILE;
@ -82,13 +81,6 @@ int main(int argc, char *argv[]) {
        }
    }

-    // check if a password was provided
-    if (mode == NONE) {
-            fprintf(stderr, "[ERROR] Please specify a password.\n\n");
-            print_usage(prog_basename);
-            exit(EXIT_FAILURE);
-    }
-
    // read first non-option argument as ciphertext if present
    if (optind < argc) {
        size_t cipherstring_len = strlen(argv[optind]) + 1;
@ -96,6 +88,14 @@ int main(int argc, char *argv[]) {
        strncpy(cipherstring, argv[optind], cipherstring_len);
        input |= INSTRING;
    }
+
+    // check if a password was provided
+    if (mode == NONE) {
+        fprintf(stderr, "[ERROR] Please specify a password.\n\n");
+        print_usage(prog_basename);
+        exit(EXIT_FAILURE);
+    }
+
    // fail if neither argument nor filename is present
    if (input == NONE) {
        fprintf(stderr, "[ERROR] Please specify a ciphertext source.\n\n");
@ -104,15 +104,8 @@ int main(int argc, char *argv[]) {
    }

    // base64-decode password
-    size_t password_len = strlen(b64password) / 4 * 3;
-    unsigned char * password = malloc(password_len);
-    int b64err = sodium_base642bin(password, password_len,
-                                   (const char *) b64password, strlen(b64password),
-                                   NULL, &password_len, NULL, sodium_base64_VARIANT_ORIGINAL);
-    if (b64err != 0) {
-        fprintf(stderr, "[ERROR] Unable to base64-decode the password\n");
-        exit(EXIT_FAILURE);
-    }
+    Password p;
+    p = base64_decode_string(b64password);

-    printf("»%s«\n", password);
+    printf("»%s« [%zu]\n", p.string, p.length);
 }