diff options
| author | Lennart Poettering <lennart@poettering.net> | 2021-06-03 16:09:43 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-06-03 16:09:43 +0200 |
| commit | 51df483846219c86e1e6c405f295a6b873084e0e (patch) | |
| tree | 88dd1f35c60eef667e11e94ab5050fb27fa6fcfc | |
| parent | 8d8053c2fea8732b91f3eaf95a64e4355b9ed658 (diff) | |
| parent | 4b1c842d95bfd6ab352ade1a4655f9e512f35185 (diff) | |
| download | systemd-51df483846219c86e1e6c405f295a6b873084e0e.tar.gz | |
Merge pull request #19806 from poettering/ask-pw-asterisk
systemd-ask-password: make pw echo fully configurable
| -rw-r--r-- | man/systemd-ask-password.xml | 21 | ||||
| -rw-r--r-- | src/ask-password/ask-password.c | 51 |
2 files changed, 55 insertions, 17 deletions
diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index a92e45058c..0b1137539b 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -157,12 +157,23 @@ </varlistentry> <varlistentry> + <term><option>--echo=yes|no|masked</option></term> + + <listitem><para>Controls whether to echo user input. Takes a boolean or the special string + <literal>masked</literal>, the default being the latter. If enabled the typed characters are echoed + literally, which is useful for prompting for usernames and other non-protected data. If disabled the + typed characters are not echoed in any form, the user will not get feedback on their input. If set to + <literal>masked</literal>, an asterisk (<literal>*</literal>) is echoed for each character + typed. In this mode, if the user hits the tabulator key (<literal>↹</literal>), echo is turned + off. (Alternatively, if the user hits the backspace key (<literal>⌫</literal>) while no data has + been entered otherwise, echo is turned off, too).</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--echo</option></term> + <term><option>-e</option></term> - <listitem><para>Echo the user input instead of masking it. - This is useful when using - <filename>systemd-ask-password</filename> to query for - usernames. </para></listitem> + <listitem><para>Equivalent to <option>--echo=yes</option>, see above.</para></listitem> </varlistentry> <varlistentry> @@ -171,7 +182,7 @@ <listitem><para>Controls whether or not to prefix the query with a lock and key emoji (🔐), if the TTY settings permit this. The default is <literal>auto</literal>, which defaults to <literal>yes</literal>, - unless <option>--echo</option> is given.</para></listitem> + unless <option>--echo=yes</option> is given.</para></listitem> </varlistentry> <varlistentry> diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c index 26cf012f01..6a09a9a35c 100644 --- a/src/ask-password/ask-password.c +++ b/src/ask-password/ask-password.c @@ -45,7 +45,9 @@ static int help(void) { " Credential name for LoadCredential=/SetCredential=\n" " credentials\n" " --timeout=SEC Timeout in seconds\n" - " --echo Do not mask input (useful for usernames)\n" + " --echo=yes|no|masked\n" + " Control whether to show password while typing (echo)\n" + " -e --echo Equivalent to --echo=yes\n" " --emoji=yes|no|auto\n" " Show a lock and key emoji\n" " --no-tty Ask question via agent even on TTY\n" @@ -66,7 +68,6 @@ static int parse_argv(int argc, char *argv[]) { enum { ARG_ICON = 0x100, ARG_TIMEOUT, - ARG_ECHO, ARG_EMOJI, ARG_NO_TTY, ARG_ACCEPT_CACHED, @@ -83,7 +84,7 @@ static int parse_argv(int argc, char *argv[]) { { "version", no_argument, NULL, ARG_VERSION }, { "icon", required_argument, NULL, ARG_ICON }, { "timeout", required_argument, NULL, ARG_TIMEOUT }, - { "echo", no_argument, NULL, ARG_ECHO }, + { "echo", optional_argument, NULL, 'e' }, { "emoji", required_argument, NULL, ARG_EMOJI }, { "no-tty", no_argument, NULL, ARG_NO_TTY }, { "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED }, @@ -96,12 +97,14 @@ static int parse_argv(int argc, char *argv[]) { }; const char *emoji = NULL; - int c; + int c, r; assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) + /* Note the asymmetry: the long option --echo= allows an optional argument, the short option does + * not. */ + while ((c = getopt_long(argc, argv, "+he", options, NULL)) >= 0) switch (c) { @@ -116,14 +119,30 @@ static int parse_argv(int argc, char *argv[]) { break; case ARG_TIMEOUT: - if (parse_sec(optarg, &arg_timeout) < 0) - return log_error_errno(SYNTHETIC_ERRNO(EINVAL), - "Failed to parse --timeout parameter %s", - optarg); + r = parse_sec(optarg, &arg_timeout); + if (r < 0) + return log_error_errno(r, "Failed to parse --timeout= parameter: %s", optarg); + break; - case ARG_ECHO: - arg_flags |= ASK_PASSWORD_ECHO; + case 'e': + if (!optarg) { + /* Short option -e is used, or no argument to long option --echo= */ + arg_flags |= ASK_PASSWORD_ECHO; + arg_flags &= ~ASK_PASSWORD_SILENT; + } else if (isempty(optarg) || streq(optarg, "masked")) + /* Empty argument or explicit string "masked" for default behaviour. */ + arg_flags &= ~(ASK_PASSWORD_ECHO|ASK_PASSWORD_SILENT); + else { + bool b; + + r = parse_boolean_argument("--echo=", optarg, &b); + if (r < 0) + return r; + + SET_FLAG(arg_flags, ASK_PASSWORD_ECHO, b); + SET_FLAG(arg_flags, ASK_PASSWORD_SILENT, !b); + } break; case ARG_EMOJI: @@ -168,12 +187,12 @@ static int parse_argv(int argc, char *argv[]) { if (isempty(emoji) || streq(emoji, "auto")) SET_FLAG(arg_flags, ASK_PASSWORD_HIDE_EMOJI, FLAGS_SET(arg_flags, ASK_PASSWORD_ECHO)); else { - int r; bool b; r = parse_boolean_argument("--emoji=", emoji, &b); if (r < 0) return r; + SET_FLAG(arg_flags, ASK_PASSWORD_HIDE_EMOJI, !b); } @@ -181,6 +200,14 @@ static int parse_argv(int argc, char *argv[]) { arg_message = strv_join(argv + optind, " "); if (!arg_message) return log_oom(); + } else if (FLAGS_SET(arg_flags, ASK_PASSWORD_ECHO)) { + /* By default ask_password_auto() will query with the string "Password: ", which is not right + * when full echo is on, since then it's unlikely a password. Let's hence default to a less + * confusing string in that case. */ + + arg_message = strdup("Input:"); + if (!arg_message) + return log_oom(); } return 1; |