The Windows implementation of get_password in passwd/apr_getpass.c is a kludge. The same problem can be solved by an API very akin to termios -- using the GetConsoleMode and SetConsoleMode system calls. These are available since Windows 95 (according to MSDN).
Created attachment 20617 [details] Proposed solution The patch basically replaces the current Windows implementation of get_password with one copied from the termios version and edited to work on Windows. It should provide behavior comparable to that on Unix (in terms of arrow key, backspace, etc. behaviour). It has not been extensively tested.
A few comments: the last printf("\n") goes to stdout, GetStdHandle() might return NULL, the return is "wrong". Otherwise looks good.
If the printf going to stdout and the return are wrong, then it's probably a problem with the termios implementation a few lines up too. I confess I was aggressively copypasting. As for the NULL on GetStdHandle, yeah, sorry for that oversight. I overlooked the corresponding paragraph on MSDN. Anyway, thanks for the positive feedback. It's the first time I'm contributing to an Apache project.
AIUI the unix termios flavor actually lets you redirect password input from the current stream, correct? This patch would break that concept horridly, if applicable.