ask-password: add option --no-output to not print password to stdout

systemd-ask-password can store passwords in kernel keyring. However it uses to print the passwords to standard output nevertheless. Depending on where systemd-ask-password is called passwords may end on display or in log, leaking sensitive information. This allows to make systemd-ask-password quiet, effectively disabling printing passwords to standard output.
author: Christian Hesse <mail@eworm.de> 2016-02-29 21:04:02 +0100
committer: Christian Hesse <mail@eworm.de> 2016-03-01 19:02:11 +0100
commit: a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc (patch)
tree: ffd0eeaac43d8d383dc5ca509f838a9931a97ba8 /src/ask-password
parent: 114761866a5e9376277daf847663d23361ffe0c0 (diff)
download: systemd-a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc.tar.gz
1 files changed, 10 insertions, 1 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index adc9286612..6d53dd982c 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -34,6 +34,7 @@ static const char *arg_keyname = NULL;
 static char *arg_message = NULL;
 static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
 static bool arg_multiple = false;
+static bool arg_no_output = false;
 static AskPasswordFlags arg_flags = ASK_PASSWORD_PUSH_CACHE;
 
 static void help(void) {
@@ -48,6 +49,7 @@ static void help(void) {
                "     --no-tty         Ask question via agent even on TTY\n"
                "     --accept-cached  Accept cached passwords\n"
                "     --multiple       List multiple passwords if available\n"
+               "     --no-output      Do not print password to standard output\n"
                , program_invocation_short_name);
 }
 
@@ -62,6 +64,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_MULTIPLE,
                 ARG_ID,
                 ARG_KEYNAME,
+                ARG_NO_OUTPUT,
         };
 
         static const struct option options[] = {
@@ -74,6 +77,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "multiple",      no_argument,       NULL, ARG_MULTIPLE      },
                 { "id",            required_argument, NULL, ARG_ID            },
                 { "keyname",       required_argument, NULL, ARG_KEYNAME       },
+                { "no-output",     no_argument,       NULL, ARG_NO_OUTPUT     },
                 {}
         };
 
@@ -125,6 +129,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_keyname = optarg;
                         break;
 
+                case ARG_NO_OUTPUT:
+                        arg_no_output = true;
+                        break;
+
                 case '?':
                         return -EINVAL;
 
@@ -166,7 +174,8 @@ int main(int argc, char *argv[]) {
         }
 
         STRV_FOREACH(p, l) {
-                puts(*p);
+                if (!arg_no_output)
+                        puts(*p);
 
                 if (!arg_multiple)
                         break;
author	Christian Hesse <mail@eworm.de>	2016-02-29 21:04:02 +0100
committer	Christian Hesse <mail@eworm.de>	2016-03-01 19:02:11 +0100
commit	a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc (patch)
tree	ffd0eeaac43d8d383dc5ca509f838a9931a97ba8 /src/ask-password
parent	114761866a5e9376277daf847663d23361ffe0c0 (diff)
download	systemd-a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc.tar.gz