peek(1): use stdbool.h

Makefile

@@ -32,7 +32,7 @@ RUSTLIBS = --extern getopt=build/o/libgetopt.rlib \
 CFLAGS += -I$(SYSEXITS)
 
 .PHONY: all
-all: dj false fop hru intcmp mm npc rpn scrut str strcmp swab true
+all: docs dj false fop hru intcmp mm npc peek rpn scrut str strcmp swab true
 
 # keep build/include until bindgen(1) has stdin support
 # https://github.com/rust-lang/rust-bindgen/issues/2703
@@ -120,7 +120,12 @@ build/bin/mm: src/mm.rs build rustlibs
 .PHONY: npc
 npc: build/bin/npc
 build/bin/npc: src/npc.c build
-	$(CC) $(CFLAGAS) -o $@ src/npc.c
+	$(CC) $(CFLAGS) -o $@ src/npc.c
+
+.PHONY: peek
+peek: build/bin/peek
+build/bin/peek: src/peek.c build
+	$(CC) $(CFLAGS) -o $@ src/peek.c
 
 .PHONY: rpn
 rpn: build/bin/rpn

docs/peek.1

@@ -0,0 +1,111 @@
+.\" Copyright (c) 2023-2024 DTB <trinity@trinity.moe>
+.\" Copyright (c) 2024 Emma Tebibyte <emma@tebibyte.media>
+.\"
+.\" This work is licensed under CC BY-SA 4.0. To see a copy of this license,
+.\" visit <http://creativecommons.org/licenses/by-sa/4.0/>.
+.\"
+.TH PEEK 1 2024-08-14 "Harakit X.X.X"
+.SH NAME
+peek \(en read from the standard input, furtively
+.\"
+.SH SYNOPSIS
+
+peek
+.RB ( -i )
+.\"
+.SH DESCRIPTION
+
+Read input from the standard input with terminal echo disabled.
+.\"
+.SH OPTIONS
+
+.IP \fB-i\fP
+Allows input to come from sources other than terminals (pipes).
+.\"
+.SH DIAGNOSTICS
+
+In the event of an error, a debug message will be printed and the program will
+exit with the appropriate
+.BR sysexits.h (3)
+error code.
+
+In order to ensure the user\(cqs terminal is still usable after premature
+termination, the program attempts to handle the SIGINT signal; if it cannot,
+an error message is printed and execution continues. If the program is
+interrupted, it exits unsuccessfully without an error message.
+.\"
+.SH RATIONALE
+
+This tool was originally written to accept passwords in shell scripts as an
+extremely simple alternative to the GNU Privacy Guard project\(cqs
+.BR pinentry (1)
+utility.
+
+Accepting input without showing what is being typed is useful when keying in
+secrets in public settings or in places where surveillance cameras are
+installed.
+.\"
+.SH CAVEATS
+
+This program does nothing to prevent others from seeing the key presses input to
+a keyboard. It also does not protect against the sound of typing being analyzed
+to determine what was input without needing to see screen or keyboard.
+
+Accepting secrets in shell scripts is probably not advisable.
+
+On systems that support it, the
+.BR ioctl (2)
+command TIOCSTI can be used to insert characters into the standard input. This
+doesn't allow snooping but can be used for general mischief.
+.\"
+.SH EXAMPLES
+
+This is an
+.BR sh (1p)
+command line that hashes a given password. It uses
+.BR head (1p)
+to only accept one line of input,
+.BR xargs (1p)
+and
+.BR printf (1p)
+to strip the trailing newline,
+.BR htpasswd (1) 
+from Apache\(cqs utilities to hash the input with the bcrypt algorithm, and
+.BR cut (1p)
+to print only the resulting hash:
+
+.RS
+$ peek | head -n 1 | xargs printf '%s' | htpasswd -nBi _ | cut -d : -f 2
+.RE
+
+This is an
+.BR sh (1p)
+command line that allows a user to write blindly into a text file but displaying
+only written lines. Some writers have the habit of prematurely revising their 
+work and use tools with functionality similar to this to prevent it. 
+It uses
+.BR mm (1)
+to pipe the output of the program to both the standard error and the regular
+file writing.txt:
+
+.RS
+$ echo Input ^D to quit. && peek | mm -eo - >writing.txt
+.RE
+.\"
+.SH AUTHOR
+
+Written by DTB
+.MT trinity@trinity.moe
+.ME .
+.\"
+.SH COPYRIGHT
+
+Copyright \(co 2023-2024 DTB. License AGPLv3+: GNU AGPL version 3 or later
+<https://gnu.org/licenses/gpl.html>.
+.\"
+.SH SEE ALSO
+.BR ioctl (2),
+.BR ioctl_tty (2),
+.BR read (1p),
+.BR sh (1p),
+.BR stty (1p)

src/peek.c

@@ -0,0 +1,139 @@
+/*
+ * Copyright (c) 2023–2024 DTB <trinity@trinity.moe>
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ *
+ * This program is free software: you can redistribute it and/or modify it under
+ * the terms of the GNU Affero General Public License as published by the Free
+ * Software Foundation, either version 3 of the License, or (at your option) any
+ * later version.
+ * 
+ * This program is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see https://www.gnu.org/licenses/.
+ */
+
+#include <signal.h> /* sigaction(2), signal(2), struct sigaction, SIGINT */
+#include <stdbool.h> /* bool */
+#include <stdio.h> /* fprintf(3), fgetc(3), perror(3), fputc(3), stderr, stdin,
+                    * stdout, EOF, NULL */
+#include <stdlib.h> /* exit(3), EXIT_FAILURE */
+#include <sysexits.h> /* EX_IOERR, EX_OK, EX_USAGE */
+#include <termios.h> /* tcgetattr(3), tcsetattr(3), struct termios, ECHO */
+#include <unistd.h> /* getopt(3), isatty(3), pledge(2), unveil(2),
+                     * STDIN_FILENO */
+
+char *program_name = "peek";
+
+/* Restores terminal echo; otherwise when a user ^Cs the terminal would
+ * continue to not display typed text. If sig isn't zero, this will terminate
+ * the program. */
+static void
+restore_echo(int sig) {
+	static struct termios t;
+
+	/* Failure isn't reported because this is the termination routine anyway;
+	 * errors will be obvious. */
+	if (tcgetattr(STDIN_FILENO, &t) == 0) {
+		t.c_lflag |= ECHO;
+		(void)tcsetattr(STDIN_FILENO, TCSAFLUSH, &t);
+	}
+
+	if (sig != 0) { exit(EXIT_FAILURE); } /* Terminated by signal. */
+
+	return;
+}
+
+static int
+ioerr(char *argv0) {
+	perror(argv0);
+	restore_echo(0);
+	return EX_IOERR;
+}
+
+static int
+usage(char *argv0) {
+	(void)fprintf(stderr, "Usage: %s [-i]\n", argv0);
+
+	return EX_USAGE;
+}
+
+int main(int argc, char *argv[]){
+#ifdef __OpenBSD__
+	if (pledge("stdio tty unveil", "") != 0 || unveil(NULL, NULL) != 0) {
+		/* This isn't fatal; these return values could be cast to void just as
+		 * easily. */
+		(void)perror(argv[0] == NULL ? argv[0] : program_name);
+	}
+#endif
+
+	if (argc > 0) { /* option parsing */
+		bool allow_nonterminals;
+		int c;
+
+		program_name = argv[0];
+
+		allow_nonterminals = 0;
+		while ((c = getopt(argc, argv, "i")) != -1) {
+			switch (c) {
+				case 'i':	allow_nonterminals = 1; break;
+				default:	return usage(argv[0]);
+			}
+		}
+
+		if (argc > optind) { return usage(argv[0]); }
+
+		if (!allow_nonterminals && isatty(STDIN_FILENO) != 1) {
+			(void)fprintf(
+			    stderr,
+			    "%s: Must be run in a terminal (specify -i to skip this"
+			    " check)\n",
+			    argv[0]
+			);
+			return EX_USAGE;
+		}
+	}
+
+	{ /* Install signal handler */
+		/* There isn't a difference in functionality between the signal(2) and
+		 * sigaction(2) methods. sigaction(2) is vastly preferred for
+		 * portability but some configurations can only use signal(2). */
+		/* Errors aren't terminating because the worst that happens is some
+		 * terminal phooeyness if things go awry. */
+#if defined _POSIX_C_SOURCE
+		struct sigaction act = { 0 };
+
+		act.sa_handler = restore_echo;
+		if (sigaction(SIGINT, &act, NULL) != 0) { perror(program_name); }
+#else
+		if (signal(SIGINT, restore_echo) == SIG_ERR) { perror(program_name); }
+#endif
+	}
+
+	/* Banish terminal echo; this terminates when it fails, because it's the
+	 * whole point of the program. */
+	{
+		struct termios t;
+
+		if (tcgetattr(STDIN_FILENO, &t) != 0) { return ioerr(program_name); }
+		t.c_lflag ^= ECHO;
+		if (tcsetattr(STDIN_FILENO, TCSAFLUSH, &t) != 0) {
+			return ioerr(program_name);
+		}
+	}
+
+	{ /* Input loop */
+		int c;
+
+		while ((c = fgetc(stdin)) != EOF) {
+			if (fputc(c, stdout) == EOF) { return ioerr(program_name); }
+		}
+	}
+
+	restore_echo(0);
+
+	return EX_OK;
+}