[systemd-devel] [PATCH] ask-password: Add --echo to enable echoing the user input
David Sommerseth
davids at redhat.com
Fri Oct 3 06:53:45 PDT 2014
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames. Masking usernames with * seems just silly.
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
v3 - Renamed 'do_echo' variables and argument to 'echo'. Also
modified the ask_password_{tty,agent,auto} API instead of
additional wrapper functions.
---
man/systemd-ask-password.xml | 9 +++++++++
src/ask-password/ask-password.c | 12 ++++++++++--
src/cryptsetup/cryptsetup.c | 4 ++--
src/firstboot/firstboot.c | 4 ++--
src/shared/ask-password-api.c | 12 ++++++++----
src/shared/ask-password-api.h | 6 +++---
src/tty-ask-password-agent/tty-ask-password-agent.c | 5 +++--
7 files changed, 37 insertions(+), 15 deletions(-)
diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml
index ce0ac3d..bfe646f 100644
--- a/man/systemd-ask-password.xml
+++ b/man/systemd-ask-password.xml
@@ -127,6 +127,15 @@
</varlistentry>
<varlistentry>
+ <term><option>--echo</option></term>
+
+ <listitem><para>Echo the user input
+ instead of masking it. This is useful
+ when using systemd-ask-password to
+ query for usernames.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>--no-tty</option></term>
<listitem><para>Never ask for password
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 5c37cff..54acace 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -45,6 +45,7 @@
static const char *arg_icon = NULL;
static const char *arg_id = NULL;
static const char *arg_message = NULL;
+static bool arg_echo = false;
static bool arg_use_tty = true;
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
static bool arg_accept_cached = false;
@@ -56,6 +57,7 @@ static void help(void) {
" -h --help Show this help\n"
" --icon=NAME Icon name\n"
" --timeout=SEC Timeout in sec\n"
+ " --echo Do not mask the user input. Used when asking for usernames\n"
" --no-tty Ask question via agent even on TTY\n"
" --accept-cached Accept cached passwords\n"
" --multiple List multiple passwords if available\n"
@@ -68,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) {
enum {
ARG_ICON = 0x100,
ARG_TIMEOUT,
+ ARG_ECHO,
ARG_NO_TTY,
ARG_ACCEPT_CACHED,
ARG_MULTIPLE,
@@ -78,6 +81,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "help", no_argument, NULL, 'h' },
{ "icon", required_argument, NULL, ARG_ICON },
{ "timeout", required_argument, NULL, ARG_TIMEOUT },
+ { "echo", no_argument, NULL, ARG_ECHO },
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
@@ -109,6 +113,10 @@ static int parse_argv(int argc, char *argv[]) {
}
break;
+ case ARG_ECHO:
+ arg_echo = true;
+ break;
+
case ARG_NO_TTY:
arg_use_tty = false;
break;
@@ -160,7 +168,7 @@ int main(int argc, char *argv[]) {
if (arg_use_tty && isatty(STDIN_FILENO)) {
char *password = NULL;
- if ((r = ask_password_tty(arg_message, timeout, NULL, &password)) >= 0) {
+ if ((r = ask_password_tty(arg_message, timeout, arg_echo, NULL, &password)) >= 0) {
puts(password);
free(password);
}
@@ -168,7 +176,7 @@ int main(int argc, char *argv[]) {
} else {
char **l;
- if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
+ if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_echo, arg_accept_cached, &l)) >= 0) {
char **p;
STRV_FOREACH(p, l) {
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 94570eb..ed4866e 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -279,7 +279,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
id = strappenda("cryptsetup:", escaped_name);
- r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords);
+ r = ask_password_auto(text, "drive-harddisk", id, until, false, accept_cached, passwords);
if (r < 0) {
log_error("Failed to query password: %s", strerror(-r));
return r;
@@ -295,7 +295,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
id = strappenda("cryptsetup-verification:", escaped_name);
- r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2);
+ r = ask_password_auto(text, "drive-harddisk", id, until, false, false, &passwords2);
if (r < 0) {
log_error("Failed to query verification password: %s", strerror(-r));
return r;
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index f586c2e..6b0d2fc 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -491,7 +491,7 @@ static int prompt_root_password(void) {
for (;;) {
_cleanup_free_ char *a = NULL, *b = NULL;
- r = ask_password_tty(msg1, 0, NULL, &a);
+ r = ask_password_tty(msg1, 0, false, NULL, &a);
if (r < 0) {
log_error("Failed to query root password: %s", strerror(-r));
return r;
@@ -502,7 +502,7 @@ static int prompt_root_password(void) {
break;
}
- r = ask_password_tty(msg2, 0, NULL, &b);
+ r = ask_password_tty(msg2, 0, false, NULL, &b);
if (r < 0) {
log_error("Failed to query root password: %s", strerror(-r));
clear_string(a);
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 8d03f4a..123f8d9 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -52,6 +52,7 @@ static void backspace_chars(int ttyfd, size_t p) {
int ask_password_tty(
const char *message,
usec_t until,
+ bool echo,
const char *flag_file,
char **_passphrase) {
@@ -218,7 +219,7 @@ int ask_password_tty(
passphrase[p++] = c;
if (!silent_mode && ttyfd >= 0)
- loop_write(ttyfd, "*", 1, false);
+ loop_write(ttyfd, (echo ? passphrase+(p-1) : "*"), 1, false);
dirty = true;
}
@@ -300,6 +301,7 @@ int ask_password_agent(
const char *icon,
const char *id,
usec_t until,
+ bool echo,
bool accept_cached,
char ***_passphrases) {
@@ -362,10 +364,12 @@ int ask_password_agent(
"PID="PID_FMT"\n"
"Socket=%s\n"
"AcceptCached=%i\n"
+ "Echo=%i\n"
"NotAfter="USEC_FMT"\n",
getpid(),
socket_name,
accept_cached ? 1 : 0,
+ echo ? 1 : 0,
until);
if (message)
@@ -542,7 +546,7 @@ finish:
}
int ask_password_auto(const char *message, const char *icon, const char *id,
- usec_t until, bool accept_cached, char ***_passphrases) {
+ usec_t until, bool echo, bool accept_cached, char ***_passphrases) {
assert(message);
assert(_passphrases);
@@ -550,7 +554,7 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
int r;
char *s = NULL, **l = NULL;
- r = ask_password_tty(message, until, NULL, &s);
+ r = ask_password_tty(message, until, false, NULL, &s);
if (r < 0)
return r;
@@ -561,5 +565,5 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
*_passphrases = l;
return r;
} else
- return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
+ return ask_password_agent(message, icon, id, until, echo, accept_cached, _passphrases);
}
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 3839a2d..3541253 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -23,10 +23,10 @@
#include "util.h"
-int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
+int ask_password_tty(const char *message, usec_t until, bool echo, const char *flag_file, char **_passphrase);
int ask_password_agent(const char *message, const char *icon, const char *id,
- usec_t until, bool accept_cached, char ***_passphrases);
+ usec_t until, bool echo, bool accept_cached, char ***_passphrases);
int ask_password_auto(const char *message, const char *icon, const char *id,
- usec_t until, bool accept_cached, char ***_passphrases);
+ usec_t until, bool echo, bool accept_cached, char ***_passphrases);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e7cbde2..e6dc84b 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -214,7 +214,7 @@ static int parse_password(const char *filename, char **wall) {
_cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL;
uint64_t not_after = 0;
unsigned pid = 0;
- bool accept_cached = false;
+ bool accept_cached = false, echo = false;
const ConfigTableItem items[] = {
{ "Ask", "Socket", config_parse_string, 0, &socket_name },
@@ -222,6 +222,7 @@ static int parse_password(const char *filename, char **wall) {
{ "Ask", "Message", config_parse_string, 0, &message },
{ "Ask", "PID", config_parse_unsigned, 0, &pid },
{ "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached },
+ { "Ask", "Echo", config_parse_bool, 0, &echo },
{}
};
@@ -314,7 +315,7 @@ static int parse_password(const char *filename, char **wall) {
return tty_fd;
}
- r = ask_password_tty(message, not_after, filename, &password);
+ r = ask_password_tty(message, not_after, echo, filename, &password);
if (arg_console) {
safe_close(tty_fd);
--
1.8.3.1
More information about the systemd-devel
mailing list