[systemd-devel] [PATCH] ask-password: Add --echo to enable echoing the user input

David Sommerseth davids at redhat.com
Fri Oct 3 06:53:45 PDT 2014


Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames.  Masking usernames with * seems just silly.

 v2 - Don't mess with termios flags, instead print the input
      instead of an asterix.  Resolves issues with backspace
      and TAB input.

 v3 - Renamed 'do_echo' variables and argument to 'echo'.  Also
      modified the ask_password_{tty,agent,auto} API instead of
      additional wrapper functions.
---
 man/systemd-ask-password.xml                        |  9 +++++++++
 src/ask-password/ask-password.c                     | 12 ++++++++++--
 src/cryptsetup/cryptsetup.c                         |  4 ++--
 src/firstboot/firstboot.c                           |  4 ++--
 src/shared/ask-password-api.c                       | 12 ++++++++----
 src/shared/ask-password-api.h                       |  6 +++---
 src/tty-ask-password-agent/tty-ask-password-agent.c |  5 +++--
 7 files changed, 37 insertions(+), 15 deletions(-)

diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml
index ce0ac3d..bfe646f 100644
--- a/man/systemd-ask-password.xml
+++ b/man/systemd-ask-password.xml
@@ -127,6 +127,15 @@
                         </varlistentry>
 
                         <varlistentry>
+                                <term><option>--echo</option></term>
+
+                                <listitem><para>Echo the user input
+                                instead of masking it.  This is useful
+                                when using systemd-ask-password to
+                                query for usernames.</para></listitem>
+                        </varlistentry>
+
+                        <varlistentry>
                                 <term><option>--no-tty</option></term>
 
                                 <listitem><para>Never ask for password
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 5c37cff..54acace 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -45,6 +45,7 @@
 static const char *arg_icon = NULL;
 static const char *arg_id = NULL;
 static const char *arg_message = NULL;
+static bool arg_echo = false;
 static bool arg_use_tty = true;
 static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
 static bool arg_accept_cached = false;
@@ -56,6 +57,7 @@ static void help(void) {
                "  -h --help          Show this help\n"
                "     --icon=NAME     Icon name\n"
                "     --timeout=SEC   Timeout in sec\n"
+               "     --echo          Do not mask the user input. Used when asking for usernames\n"
                "     --no-tty        Ask question via agent even on TTY\n"
                "     --accept-cached Accept cached passwords\n"
                "     --multiple      List multiple passwords if available\n"
@@ -68,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) {
         enum {
                 ARG_ICON = 0x100,
                 ARG_TIMEOUT,
+                ARG_ECHO,
                 ARG_NO_TTY,
                 ARG_ACCEPT_CACHED,
                 ARG_MULTIPLE,
@@ -78,6 +81,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "help",          no_argument,       NULL, 'h'               },
                 { "icon",          required_argument, NULL, ARG_ICON          },
                 { "timeout",       required_argument, NULL, ARG_TIMEOUT       },
+                { "echo",          no_argument,       NULL, ARG_ECHO          },
                 { "no-tty",        no_argument,       NULL, ARG_NO_TTY        },
                 { "accept-cached", no_argument,       NULL, ARG_ACCEPT_CACHED },
                 { "multiple",      no_argument,       NULL, ARG_MULTIPLE      },
@@ -109,6 +113,10 @@ static int parse_argv(int argc, char *argv[]) {
                         }
                         break;
 
+                case ARG_ECHO:
+                        arg_echo = true;
+                        break;
+
                 case ARG_NO_TTY:
                         arg_use_tty = false;
                         break;
@@ -160,7 +168,7 @@ int main(int argc, char *argv[]) {
         if (arg_use_tty && isatty(STDIN_FILENO)) {
                 char *password = NULL;
 
-                if ((r = ask_password_tty(arg_message, timeout, NULL, &password)) >= 0) {
+                if ((r = ask_password_tty(arg_message, timeout, arg_echo, NULL, &password)) >= 0) {
                         puts(password);
                         free(password);
                 }
@@ -168,7 +176,7 @@ int main(int argc, char *argv[]) {
         } else {
                 char **l;
 
-                if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
+                if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_echo, arg_accept_cached, &l)) >= 0) {
                         char **p;
 
                         STRV_FOREACH(p, l) {
diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index 94570eb..ed4866e 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -279,7 +279,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
 
         id = strappenda("cryptsetup:", escaped_name);
 
-        r = ask_password_auto(text, "drive-harddisk", id, until, accept_cached, passwords);
+        r = ask_password_auto(text, "drive-harddisk", id, until, false, accept_cached, passwords);
         if (r < 0) {
                 log_error("Failed to query password: %s", strerror(-r));
                 return r;
@@ -295,7 +295,7 @@ static int get_password(const char *name, usec_t until, bool accept_cached, char
 
                 id = strappenda("cryptsetup-verification:", escaped_name);
 
-                r = ask_password_auto(text, "drive-harddisk", id, until, false, &passwords2);
+                r = ask_password_auto(text, "drive-harddisk", id, until, false, false, &passwords2);
                 if (r < 0) {
                         log_error("Failed to query verification password: %s", strerror(-r));
                         return r;
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index f586c2e..6b0d2fc 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -491,7 +491,7 @@ static int prompt_root_password(void) {
         for (;;) {
                 _cleanup_free_ char *a = NULL, *b = NULL;
 
-                r = ask_password_tty(msg1, 0, NULL, &a);
+                r = ask_password_tty(msg1, 0, false, NULL, &a);
                 if (r < 0) {
                         log_error("Failed to query root password: %s", strerror(-r));
                         return r;
@@ -502,7 +502,7 @@ static int prompt_root_password(void) {
                         break;
                 }
 
-                r = ask_password_tty(msg2, 0, NULL, &b);
+                r = ask_password_tty(msg2, 0, false, NULL, &b);
                 if (r < 0) {
                         log_error("Failed to query root password: %s", strerror(-r));
                         clear_string(a);
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 8d03f4a..123f8d9 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -52,6 +52,7 @@ static void backspace_chars(int ttyfd, size_t p) {
 int ask_password_tty(
                 const char *message,
                 usec_t until,
+                bool echo,
                 const char *flag_file,
                 char **_passphrase) {
 
@@ -218,7 +219,7 @@ int ask_password_tty(
                         passphrase[p++] = c;
 
                         if (!silent_mode && ttyfd >= 0)
-                                loop_write(ttyfd, "*", 1, false);
+                                loop_write(ttyfd, (echo ? passphrase+(p-1) : "*"), 1, false);
 
                         dirty = true;
                 }
@@ -300,6 +301,7 @@ int ask_password_agent(
                 const char *icon,
                 const char *id,
                 usec_t until,
+                bool echo,
                 bool accept_cached,
                 char ***_passphrases) {
 
@@ -362,10 +364,12 @@ int ask_password_agent(
                 "PID="PID_FMT"\n"
                 "Socket=%s\n"
                 "AcceptCached=%i\n"
+                "Echo=%i\n"
                 "NotAfter="USEC_FMT"\n",
                 getpid(),
                 socket_name,
                 accept_cached ? 1 : 0,
+                echo ? 1 : 0,
                 until);
 
         if (message)
@@ -542,7 +546,7 @@ finish:
 }
 
 int ask_password_auto(const char *message, const char *icon, const char *id,
-                      usec_t until, bool accept_cached, char ***_passphrases) {
+                      usec_t until, bool echo, bool accept_cached, char ***_passphrases) {
         assert(message);
         assert(_passphrases);
 
@@ -550,7 +554,7 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
                 int r;
                 char *s = NULL, **l = NULL;
 
-                r = ask_password_tty(message, until, NULL, &s);
+                r = ask_password_tty(message, until, false, NULL, &s);
                 if (r < 0)
                         return r;
 
@@ -561,5 +565,5 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
                 *_passphrases = l;
                 return r;
         } else
-                return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
+                return ask_password_agent(message, icon, id, until, echo, accept_cached, _passphrases);
 }
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 3839a2d..3541253 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -23,10 +23,10 @@
 
 #include "util.h"
 
-int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
+int ask_password_tty(const char *message, usec_t until, bool echo, const char *flag_file, char **_passphrase);
 
 int ask_password_agent(const char *message, const char *icon, const char *id,
-                       usec_t until, bool accept_cached, char ***_passphrases);
+                       usec_t until, bool echo, bool accept_cached, char ***_passphrases);
 
 int ask_password_auto(const char *message, const char *icon, const char *id,
-                      usec_t until, bool accept_cached, char ***_passphrases);
+                      usec_t until, bool echo, bool accept_cached, char ***_passphrases);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e7cbde2..e6dc84b 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -214,7 +214,7 @@ static int parse_password(const char *filename, char **wall) {
         _cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL;
         uint64_t not_after = 0;
         unsigned pid = 0;
-        bool accept_cached = false;
+        bool accept_cached = false, echo = false;
 
         const ConfigTableItem items[] = {
                 { "Ask", "Socket",       config_parse_string,   0, &socket_name   },
@@ -222,6 +222,7 @@ static int parse_password(const char *filename, char **wall) {
                 { "Ask", "Message",      config_parse_string,   0, &message       },
                 { "Ask", "PID",          config_parse_unsigned, 0, &pid           },
                 { "Ask", "AcceptCached", config_parse_bool,     0, &accept_cached },
+                { "Ask", "Echo",         config_parse_bool,     0, &echo          },
                 {}
         };
 
@@ -314,7 +315,7 @@ static int parse_password(const char *filename, char **wall) {
                                         return tty_fd;
                         }
 
-                        r = ask_password_tty(message, not_after, filename, &password);
+                        r = ask_password_tty(message, not_after, echo, filename, &password);
 
                         if (arg_console) {
                                 safe_close(tty_fd);
-- 
1.8.3.1



More information about the systemd-devel mailing list