ask-password: Add --echo to enable echoing the user input

Programs such as OpenVPN may use ask-password for not only retrieving
passwords, but also usernames.  Masking usernames with * seems just silly.

 v2 - Don't mess with termios flags, instead print the input
      instead of an asterix.  Resolves issues with backspace
      and TAB input.

 v3 - Renamed 'do_echo' variables and argument to 'echo'.  Also
      modified the ask_password_{tty,agent,auto} API instead of
      additional wrapper functions.

[zj: undo changes to ask_password_auto, since no callers were using
     the new argument.]

diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml
index ce0ac3d1a213b7e8bdd95c4ea1bbdd99cbd7dfd8..448df621005bb7693a422549b1dcf28fa673f40c 100644 (file)
--- a/man/systemd-ask-password.xml
+++ b/man/systemd-ask-password.xml
@@ -126,6 +126,17 @@
                                 </para></listitem>
                         </varlistentry>
 
+                        <varlistentry>
+                                <term><option>--echo</option></term>
+
+                                <listitem><para>Echo the user input
+                                instead of masking it. This is useful
+                                when using
+                                <filename>systemd-ask-password</filename>
+                                to query for usernames.
+                                </para></listitem>
+                        </varlistentry>
+
                         <varlistentry>
                                 <term><option>--no-tty</option></term>
 

diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 5c37cffc22a322efd8c7f047b835deebbccb92b5..1ce8776d8a0766ae2721e9c97a6b7f3419c3c1cb 100644 (file)
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -45,6 +45,7 @@
 static const char *arg_icon = NULL;
 static const char *arg_id = NULL;
 static const char *arg_message = NULL;
+static bool arg_echo = false;
 static bool arg_use_tty = true;
 static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
 static bool arg_accept_cached = false;
@@ -56,6 +57,7 @@ static void help(void) {
                "  -h --help          Show this help\n"
                "     --icon=NAME     Icon name\n"
                "     --timeout=SEC   Timeout in sec\n"
+               "     --echo          Do not mask input (useful for usernames)\n"
                "     --no-tty        Ask question via agent even on TTY\n"
                "     --accept-cached Accept cached passwords\n"
                "     --multiple      List multiple passwords if available\n"
@@ -68,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) {
         enum {
                 ARG_ICON = 0x100,
                 ARG_TIMEOUT,
+                ARG_ECHO,
                 ARG_NO_TTY,
                 ARG_ACCEPT_CACHED,
                 ARG_MULTIPLE,
@@ -78,6 +81,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "help",          no_argument,       NULL, 'h'               },
                 { "icon",          required_argument, NULL, ARG_ICON          },
                 { "timeout",       required_argument, NULL, ARG_TIMEOUT       },
+                { "echo",          no_argument,       NULL, ARG_ECHO          },
                 { "no-tty",        no_argument,       NULL, ARG_NO_TTY        },
                 { "accept-cached", no_argument,       NULL, ARG_ACCEPT_CACHED },
                 { "multiple",      no_argument,       NULL, ARG_MULTIPLE      },
@@ -109,6 +113,10 @@ static int parse_argv(int argc, char *argv[]) {
                         }
                         break;
 
+                case ARG_ECHO:
+                        arg_echo = true;
+                        break;
+
                 case ARG_NO_TTY:
                         arg_use_tty = false;
                         break;
@@ -160,7 +168,7 @@ int main(int argc, char *argv[]) {
         if (arg_use_tty && isatty(STDIN_FILENO)) {
                 char *password = NULL;
 
-                if ((r = ask_password_tty(arg_message, timeout, NULL, &password)) >= 0) {
+                if ((r = ask_password_tty(arg_message, timeout, arg_echo, NULL, &password)) >= 0) {
                         puts(password);
                         free(password);
                 }
@@ -168,7 +176,7 @@ int main(int argc, char *argv[]) {
         } else {
                 char **l;
 
-                if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_accept_cached, &l)) >= 0) {
+                if ((r = ask_password_agent(arg_message, arg_icon, arg_id, timeout, arg_echo, arg_accept_cached, &l)) >= 0) {
                         char **p;
 
                         STRV_FOREACH(p, l) {

diff --git a/src/firstboot/firstboot.c b/src/firstboot/firstboot.c
index f586c2ef7fca900354f662606aba830e8973f76b..6b0d2fc86af960ad0196515084ab72f2cb058e14 100644 (file)
--- a/src/firstboot/firstboot.c
+++ b/src/firstboot/firstboot.c
@@ -491,7 +491,7 @@ static int prompt_root_password(void) {
         for (;;) {
                 _cleanup_free_ char *a = NULL, *b = NULL;
 
-                r = ask_password_tty(msg1, 0, NULL, &a);
+                r = ask_password_tty(msg1, 0, false, NULL, &a);
                 if (r < 0) {
                         log_error("Failed to query root password: %s", strerror(-r));
                         return r;
@@ -502,7 +502,7 @@ static int prompt_root_password(void) {
                         break;
                 }
 
-                r = ask_password_tty(msg2, 0, NULL, &b);
+                r = ask_password_tty(msg2, 0, false, NULL, &b);
                 if (r < 0) {
                         log_error("Failed to query root password: %s", strerror(-r));
                         clear_string(a);

diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 8d03f4ad0994f001a5c1a6a246ac01f56e350064..94a27f9010cca4924761187a92d43513e1deee8c 100644 (file)
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -52,6 +52,7 @@ static void backspace_chars(int ttyfd, size_t p) {
 int ask_password_tty(
                 const char *message,
                 usec_t until,
+                bool echo,
                 const char *flag_file,
                 char **_passphrase) {
 
@@ -218,7 +219,7 @@ int ask_password_tty(
                         passphrase[p++] = c;
 
                         if (!silent_mode && ttyfd >= 0)
-                                loop_write(ttyfd, "*", 1, false);
+                                loop_write(ttyfd, echo ? &c : "*", 1, false);
 
                         dirty = true;
                 }
@@ -300,6 +301,7 @@ int ask_password_agent(
                 const char *icon,
                 const char *id,
                 usec_t until,
+                bool echo,
                 bool accept_cached,
                 char ***_passphrases) {
 
@@ -362,10 +364,12 @@ int ask_password_agent(
                 "PID="PID_FMT"\n"
                 "Socket=%s\n"
                 "AcceptCached=%i\n"
+                "Echo=%i\n"
                 "NotAfter="USEC_FMT"\n",
                 getpid(),
                 socket_name,
                 accept_cached ? 1 : 0,
+                echo ? 1 : 0,
                 until);
 
         if (message)
@@ -550,7 +554,7 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
                 int r;
                 char *s = NULL, **l = NULL;
 
-                r = ask_password_tty(message, until, NULL, &s);
+                r = ask_password_tty(message, until, false, NULL, &s);
                 if (r < 0)
                         return r;
 
@@ -561,5 +565,5 @@ int ask_password_auto(const char *message, const char *icon, const char *id,
                 *_passphrases = l;
                 return r;
         } else
-                return ask_password_agent(message, icon, id, until, accept_cached, _passphrases);
+                return ask_password_agent(message, icon, id, until, false, accept_cached, _passphrases);
 }

diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 3839a2df0f5b2f76554c9e760c84e9fd5d1b60fa..704ee6e1b443522a84fdabc6ba92a0237dbc2a17 100644 (file)
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -23,10 +23,10 @@
 
 #include "util.h"
 
-int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
+int ask_password_tty(const char *message, usec_t until, bool echo, const char *flag_file, char **_passphrase);
 
 int ask_password_agent(const char *message, const char *icon, const char *id,
-                       usec_t until, bool accept_cached, char ***_passphrases);
+                       usec_t until, bool echo, bool accept_cached, char ***_passphrases);
 
 int ask_password_auto(const char *message, const char *icon, const char *id,
                       usec_t until, bool accept_cached, char ***_passphrases);

diff --git a/src/tty-ask-password-agent/tty-ask-password-agent.c b/src/tty-ask-password-agent/tty-ask-password-agent.c
index e7cbde285ce89087d011a6b9d336325be76e4e71..e6dc84b440bcded878e3ba75bd0f3bda586a4546 100644 (file)
--- a/src/tty-ask-password-agent/tty-ask-password-agent.c
+++ b/src/tty-ask-password-agent/tty-ask-password-agent.c
@@ -214,7 +214,7 @@ static int parse_password(const char *filename, char **wall) {
         _cleanup_free_ char *socket_name = NULL, *message = NULL, *packet = NULL;
         uint64_t not_after = 0;
         unsigned pid = 0;
-        bool accept_cached = false;
+        bool accept_cached = false, echo = false;
 
         const ConfigTableItem items[] = {
                 { "Ask", "Socket",       config_parse_string,   0, &socket_name   },
@@ -222,6 +222,7 @@ static int parse_password(const char *filename, char **wall) {
                 { "Ask", "Message",      config_parse_string,   0, &message       },
                 { "Ask", "PID",          config_parse_unsigned, 0, &pid           },
                 { "Ask", "AcceptCached", config_parse_bool,     0, &accept_cached },
+                { "Ask", "Echo",         config_parse_bool,     0, &echo          },
                 {}
         };
 
@@ -314,7 +315,7 @@ static int parse_password(const char *filename, char **wall) {
                                         return tty_fd;
                         }
 
-                        r = ask_password_tty(message, not_after, filename, &password);
+                        r = ask_password_tty(message, not_after, echo, filename, &password);
 
                         if (arg_console) {
                                 safe_close(tty_fd);