From 64845bdc829d6a6179d0762b7e97ef23828562a3 Mon Sep 17 00:00:00 2001
From: David Sommerseth <davids@redhat.com>
Date: Fri, 3 Oct 2014 15:53:45 +0200
Subject: [PATCH] ask-password: Add --echo to enable echoing the user input
Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames. Masking usernames with * seems just silly.
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
v3 - Renamed 'do_echo' variables and argument to 'echo'. Also
modified the ask_password_{tty,agent,auto} API instead of
additional wrapper functions.
[zj: undo changes to ask_password_auto, since no callers were using
the new argument.]
---
man/systemd-ask-password.xml | 11 +++++++++++
src/ask-password/ask-password.c | 12 ++++++++++--
src/firstboot/firstboot.c | 4 ++--
src/shared/ask-password-api.c | 10 +++++++---
src/shared/ask-password-api.h | 4 ++--
src/tty-ask-password-agent/tty-ask-password-agent.c | 5 +++--
6 files changed, 35 insertions(+), 11 deletions(-)
diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml
index ce0ac3d1a2..448df62100 100644
--- a/man/systemd-ask-password.xml
+++ b/man/systemd-ask-password.xml
@@ -127,6 +127,17 @@
</varlistentry>
<varlistentry>
+ <term><option>--echo</option></term>
+
+ <listitem><para>Echo the user input
+ instead of masking it. This is useful
+ when using
+ <filename>systemd-ask-password</filename>
+ to query for usernames.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><option>--no-tty</option></term>
<listitem><para>Never ask for password
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 5c37cffc22..1ce8776d8a 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -45,6 +45,7 @@
static const char *arg_icon = NULL;
static const char *arg_id = NULL;
static const char *arg_message = NULL;
+static bool arg_echo = false;
static bool arg_use_tty = true;
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
static bool arg_accept_cached = false;
@@ -56,6 +57,7 @@ static void help(void) {
" -h --help Show this help\n"
" --icon=NAME Icon name\n"
" --timeout=SEC Timeout in sec\n"
+ " --echo Do not mask input (useful for usernames)\n"
" --no-tty Ask question via agent even on TTY\n"
" --accept-cached Accept cached passwords\n"
" --multiple List multiple passwords if available\n"
@@ -68,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) {
enum {
ARG_ICON = 0x100,
ARG_TIMEOUT,
+ ARG_ECHO,
ARG_NO_TTY,
ARG_ACCEPT_CACHED,
ARG_MULTIPLE,
@@ -78,6 +81,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "help", no_argument, NULL, 'h' },
{ "icon", required_argument, NULL, ARG_ICON },
{ "timeout", required_argument, NULL, ARG_TIMEOUT },
+ { "echo", no_argument, NULL, ARG_ECHO },
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
@@ -109,6 +113,10 @@ static int parse_argv(int argc, char *argv[]) {
}
break;
+ case ARG_ECHO:
+ arg_echo = true;
+ break;
+
case ARG_NO_TTY:
arg_use_tty = false;
break;
@@ -160,7 +168,7 @@ int main(int argc, char *argv[]) {
if (arg_use_tty && isatty(STDIN_FILENO)) {
char *password = NULL;
- if ((r = ask_password_tty(arg_message, timeout, NULL, &password)) >= 0) {
+ if ((r = ask_password_tty(arg_message, timeout, arg_echo, NULL, &password)) >= 0) {
puts(password);
free(password);
}
@@ -168,7 +176,7 @@ int main(int argc, char *argv[]) {
} else {
char **l;
- if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
+ if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_echo, arg_accept_cached, &l)) >= 0) {
char **p;
STRV_FOREACH(p, l) {
diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index f586c2ef7f..6b0d2fc86a 100644
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -491,7 +491,7 @@ static int prompt_root_password(void) {
for (;;) {
_cleanup_free_ char *a = NULL, *b = NULL;
- r = ask_password_tty(msg1, 0, NULL, &a);
+ r = ask_password_tty(msg1, 0, false, NULL, &a);
if (r < 0) {
log_error("Failed to query root password: %s", strerror(-r));
return r;
@@ -502,7 +502,7 @@ static int prompt_root_password(void) {
break;
}
- r = ask_password_tty(msg2, 0, NULL, &b);
+ r = ask_password_tty(msg2, 0, false, NULL, &b);
if (r < 0) {
log_error("Failed to query root password: %s", strerror(-r));
clear_string(a);
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 8d03f4ad09..94a27f9010 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -52,6 +52,7 @@ static void backspace_chars(int ttyfd, size_t p) {
int ask_password_tty(
const char *message,
usec_t until,
+ bool echo,
const char *flag_file,
char **_passphrase) {
@@ -218,7 +219,7 @@ int ask_password_tty(
passphrase[p++] = c;
if (!silent_mode && ttyfd >= 0)
- loop_write(ttyfd, "*", 1, false);
+ loop_write(ttyfd, echo ? &c : "*", 1, false);
dirty = true;
}
@@ -300,6 +301,7 @@ int ask_password_agent(
const char *icon,
const char *id,
usec_t until,
+ bool echo,
bool accept_cached,
char ***_passphrases) {
@@ -362,10 +364,12 @@ int ask_password_agent(
"PID="PID_FMT"\n"
"Socket=%s\n"
"AcceptCached=%i\n"
+ "Echo=%i\n"
"NotAfter="USEC_FMT"\n",
getpid(),
socket_name,
accept_cached ? 1 : 0,
+ echo ? 1 : 0,
until);
if (message)
@@ -550,7 +554,7 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
int r;
char *s = NULL, **l = NULL;
- r = ask_password_tty(message, until, NULL, &s);
+ r = ask_password_tty(message, until, false, NULL, &s);
if (r < 0)
return r;
@@ -561,5 +565,5 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
*_passphrases = l;
return r;
} else
- return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
+ return ask_password_agent(message, icon, id, until, false, accept_cached, _passphrases);
}
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 3839a2df0f..704ee6e1b4 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -23,10 +23,10 @@
#include "util.h"
-int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
+int ask_password_tty(const char *message, usec_t until, bool echo, const char *flag_file, char **_passphrase);
int ask_password_agent(const char *message, const char *icon, const char *id,
- usec_t until, bool accept_cached, char ***_passphrases);
+ usec_t until, bool echo, bool accept_cached, char ***_passphrases);
int ask_password_auto(const char *message, const char *icon, const char *id,
usec_t until, bool accept_cached, char ***_passphrases);
diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e7cbde285c..e6dc84b440 100644
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -214,7 +214,7 @@ static int parse_password(const char *filename, char **wall) {
_cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL;
uint64_t not_after = 0;
unsigned pid = 0;
- bool accept_cached = false;
+ bool accept_cached = false, echo = false;
const ConfigTableItem items[] = {
{ "Ask", "Socket", config_parse_string, 0, &socket_name },
@@ -222,6 +222,7 @@ static int parse_password(const char *filename, char **wall) {
{ "Ask", "Message", config_parse_string, 0, &message },
{ "Ask", "PID", config_parse_unsigned, 0, &pid },
{ "Ask", "AcceptCached", config_parse_bool, 0, &accept_cached },
+ { "Ask", "Echo", config_parse_bool, 0, &echo },
{}
};
@@ -314,7 +315,7 @@ static int parse_password(const char *filename, char **wall) {
return tty_fd;
}
- r = ask_password_tty(message, not_after, filename, &password);
+ r = ask_password_tty(message, not_after, echo, filename, &password);
if (arg_console) {
safe_close(tty_fd);