From dbf6355cbb69e588a4162debadb5337dd8b14ac0 Mon Sep 17 00:00:00 2001
From: Michal Srb <michalsrb@gmail.com>
Date: Mon, 10 Nov 2014 11:24:04 +0200
Subject: vncpasswd: Ask for read only password.

Ask for optional second password that is used for read only access. Save it
after the main password. This is same format as tightvnc uses.
---
 unix/vncpasswd/vncpasswd.cxx | 68 ++++++++++++++++++++++++++++----------------
 1 file changed, 44 insertions(+), 24 deletions(-)

(limited to 'unix/vncpasswd')

diff --git a/unix/vncpasswd/vncpasswd.cxx b/unix/vncpasswd/vncpasswd.cxx
index 7ba0b225..16c925ee 100644
--- a/unix/vncpasswd/vncpasswd.cxx
+++ b/unix/vncpasswd/vncpasswd.cxx
@@ -81,6 +81,36 @@ static int encrypt_pipe() {
   else return 1;
 }
 
+static ObfuscatedPasswd* readpassword() {
+  while (true) {
+    PlainPasswd passwd(getpassword("Password:"));
+    if (!passwd.buf) {
+      perror("getpassword error");
+      exit(1);
+    }
+    if (strlen(passwd.buf) < 6) {
+      if (strlen(passwd.buf) == 0) {
+        fprintf(stderr,"Password not changed\n");
+        exit(1);
+      }
+      fprintf(stderr,"Password must be at least 6 characters - try again\n");
+      continue;
+    }
+
+    PlainPasswd passwd2(getpassword("Verify:"));
+    if (!passwd2.buf) {
+      perror("getpass error");
+      exit(1);
+    }
+    if (strcmp(passwd.buf, passwd2.buf) != 0) {
+      fprintf(stderr,"Passwords don't match - try again\n");
+      continue;
+    }
+
+    return new ObfuscatedPasswd(passwd);
+  }
+}
+
 int main(int argc, char** argv)
 {
   prog = argv[0];
@@ -113,28 +143,13 @@ int main(int argc, char** argv)
   }
 
   while (true) {
-    PlainPasswd passwd(getpassword("Password:"));
-    if (!passwd.buf) {
-      perror("getpassword error");
-      exit(1);
-    }   
-    if (strlen(passwd.buf) < 6) {
-      if (strlen(passwd.buf) == 0) {
-        fprintf(stderr,"Password not changed\n");
-        exit(1);
-      }
-      fprintf(stderr,"Password must be at least 6 characters - try again\n");
-      continue;
-    }
+    ObfuscatedPasswd* obfuscated = readpassword();
+    ObfuscatedPasswd* obfuscatedReadOnly = 0;
 
-    PlainPasswd passwd2(getpassword("Verify:"));
-    if (!passwd2.buf) {
-      perror("getpass error");
-      exit(1);
-    }   
-    if (strcmp(passwd.buf, passwd2.buf) != 0) {
-      fprintf(stderr,"Passwords don't match - try again\n");
-      continue;
+    fprintf(stderr, "Would you like to enter a view-only password (y/n)? ");
+    char yesno[3];
+    if (fgets(yesno, 3, stdin) != NULL && (yesno[0] == 'y' || yesno[0] == 'Y')) {
+      obfuscatedReadOnly = readpassword();
     }
 
     FILE* fp = fopen(fname,"w");
@@ -144,13 +159,18 @@ int main(int argc, char** argv)
     }
     chmod(fname, S_IRUSR|S_IWUSR);
 
-    ObfuscatedPasswd obfuscated(passwd);
-
-    if (fwrite(obfuscated.buf, obfuscated.length, 1, fp) != 1) {
+    if (fwrite(obfuscated->buf, obfuscated->length, 1, fp) != 1) {
       fprintf(stderr,"Writing to %s failed\n",fname);
       exit(1);
     }
 
+    if (obfuscatedReadOnly) {
+      if (fwrite(obfuscatedReadOnly->buf, obfuscatedReadOnly->length, 1, fp) != 1) {
+        fprintf(stderr,"Writing to %s failed\n",fname);
+        exit(1);
+      }
+    }
+
     fclose(fp);
 
     return 0;
-- 
cgit v1.2.3