From 2858c037717cea6c261f3233778ae09bb5920d82 Mon Sep 17 00:00:00 2001
From: gregor herrmann <gregoa@debian.org>
Date: Tue, 30 Jun 2009 19:28:24 +0200
Subject: [PATCH] BTI should not display password while user types it

Add password handling logic to not display the password on the
command line.  Code is based on logic from:
	http://dev.kryo.se/iodine/browser/src/common.c
---
 bti.c | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/bti.c b/bti.c
index 003d804..259063c 100644
--- a/bti.c
+++ b/bti.c
@@ -38,6 +38,7 @@
 #include <libxml/parser.h>
 #include <libxml/tree.h>
 #include <pcre.h>
+#include <termios.h>
 
 
 #define zalloc(size)	calloc(size, 1)
@@ -654,6 +655,29 @@ static char *get_string_from_stdin(void)
 	return string;
 }
 
+void read_password(char *buf, size_t len)
+{
+	char pwd[80];
+	struct termios old;
+	struct termios tp;
+
+	tcgetattr(0, &tp);
+	old = tp;
+	
+	tp.c_lflag &= (~ECHO);
+	tcsetattr(0, TCSANOW, &tp);
+
+	fprintf(stdout, "Enter twitter password: ");
+	fflush(stdout);
+	scanf("%79s", pwd);
+	fprintf(stdout, "\n");
+
+	tcsetattr(0, TCSANOW, &old);	
+
+	strncpy(buf, pwd, len);
+	buf[len-1] = '\0';
+}
+
 static int find_urls(const char *tweet, int **pranges)
 {
 	/*
@@ -940,6 +964,7 @@ int main(int argc, char *argv[], char *envp[])
 	struct session *session;
 	pid_t child;
 	char *tweet;
+	static char password[80];
 	int retval = 0;
 	int option;
 	char *http_proxy;
@@ -1116,8 +1141,9 @@ int main(int argc, char *argv[], char *envp[])
 	}
 
 	if (!session->password) {
-		fprintf(stdout, "Enter twitter password: ");
-		session->password = readline(NULL);
+		read_password(password, sizeof(password));
+		session->password = strdup(password);
+		free(password);
 	}
 
 	if (session->action == ACTION_UPDATE) {
-- 
2.39.5