Hi,
I've been playing with the systemd feature enabled in OpenVPN. And I
propose this change to systemd-ask-password to avoid masking usernames.
I tried looking for alternative ways querying for usernames through
systemd without finding a good solution.
This patch has been tested locally on a slightly modified OpenVPN build
which calls systemd-ask-password with --do-echo when it queries the user
for usernames.
If there are better ways how to solve this, please let me know and I'll
go that path instead.
--
kind regards,
David Sommerseth
>From 3d174f1bf39c9690eb602b2dd2c79cf6ae6b0be1 Mon Sep 17 00:00:00 2001
From: David Sommerseth <dav...@redhat.com>
Date: Fri, 12 Sep 2014 11:30:41 +0200
Subject: [PATCH] ask-password: Add --do-echo to enable echoing the user input
OpenVPN may use ask-password for not only retrieving passwords, but
also usernames. Masking usernames with * seems just silly.
This patch adds a new function ask_password_tty_echo() which will
echo the user input. Adding another function was preferred over
adding a flag in ask_password_tty(), to make the functionality
clearer and to avoid breaking programs depending on
ask_password_tty().
v2 - Don't mess with termios flags, instead print the input
instead of an asterix. Resolves issues with backspace
and TAB input.
---
src/ask-password/ask-password.c | 13 ++++++++++++-
src/shared/ask-password-api.c | 20 ++++++++++++++++++--
src/shared/ask-password-api.h | 1 +
3 files changed, 31 insertions(+), 3 deletions(-)
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
index 5c37cff..c77cc66 100644
--- a/src/ask-password/ask-password.c
+++ b/src/ask-password/ask-password.c
@@ -45,6 +45,7 @@
static const char *arg_icon = NULL;
static const char *arg_id = NULL;
static const char *arg_message = NULL;
+static bool arg_do_echo = false;
static bool arg_use_tty = true;
static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
static bool arg_accept_cached = false;
@@ -56,6 +57,7 @@ static void help(void) {
" -h --help Show this help\n"
" --icon=NAME Icon name\n"
" --timeout=SEC Timeout in sec\n"
+ " --do-echo Do not mask the user input. Used when asking for usernames\n"
" --no-tty Ask question via agent even on TTY\n"
" --accept-cached Accept cached passwords\n"
" --multiple List multiple passwords if available\n"
@@ -68,6 +70,7 @@ static int parse_argv(int argc, char *argv[]) {
enum {
ARG_ICON = 0x100,
ARG_TIMEOUT,
+ ARG_DO_ECHO,
ARG_NO_TTY,
ARG_ACCEPT_CACHED,
ARG_MULTIPLE,
@@ -78,6 +81,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "help", no_argument, NULL, 'h' },
{ "icon", required_argument, NULL, ARG_ICON },
{ "timeout", required_argument, NULL, ARG_TIMEOUT },
+ { "do-echo", no_argument, NULL, ARG_DO_ECHO },
{ "no-tty", no_argument, NULL, ARG_NO_TTY },
{ "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
{ "multiple", no_argument, NULL, ARG_MULTIPLE },
@@ -109,6 +113,10 @@ static int parse_argv(int argc, char *argv[]) {
}
break;
+ case ARG_DO_ECHO:
+ arg_do_echo = true;
+ break;
+
case ARG_NO_TTY:
arg_use_tty = false;
break;
@@ -160,7 +168,10 @@ int main(int argc, char *argv[]) {
if (arg_use_tty && isatty(STDIN_FILENO)) {
char *password = NULL;
- if ((r = ask_password_tty(arg_message, timeout, NULL, &password)) >= 0) {
+ r = arg_do_echo ? ask_password_tty_echo(arg_message, timeout, NULL, &password)
+ : ask_password_tty(arg_message, timeout, NULL, &password);
+
+ if (r >= 0) {
puts(password);
free(password);
}
diff --git a/src/shared/ask-password-api.c b/src/shared/ask-password-api.c
index 8d03f4a..283bfc2 100644
--- a/src/shared/ask-password-api.c
+++ b/src/shared/ask-password-api.c
@@ -49,9 +49,10 @@ static void backspace_chars(int ttyfd, size_t p) {
}
}
-int ask_password_tty(
+static int __ask_password_tty(
const char *message,
usec_t until,
+ bool do_echo,
const char *flag_file,
char **_passphrase) {
@@ -218,7 +219,7 @@ int ask_password_tty(
passphrase[p++] = c;
if (!silent_mode && ttyfd >= 0)
- loop_write(ttyfd, "*", 1, false);
+ loop_write(ttyfd, (do_echo ? passphrase+(p-1) : "*"), 1, false);
dirty = true;
}
@@ -242,6 +243,21 @@ finish:
return r;
}
+int ask_password_tty(const char *message,
+ usec_t until,
+ const char *flag_file,
+ char **_passphrase) {
+ return __ask_password_tty(message, until, false, flag_file, _passphrase);
+}
+
+int ask_password_tty_echo(const char *message,
+ usec_t until,
+ const char *flag_file,
+ char **_passphrase) {
+ return __ask_password_tty(message, until, true, flag_file, _passphrase);
+}
+
+
static int create_socket(char **name) {
int fd;
union {
diff --git a/src/shared/ask-password-api.h b/src/shared/ask-password-api.h
index 3839a2d..c3dde63 100644
--- a/src/shared/ask-password-api.h
+++ b/src/shared/ask-password-api.h
@@ -24,6 +24,7 @@
#include "util.h"
int ask_password_tty(const char *message, usec_t until, const char *flag_file, char **_passphrase);
+int ask_password_tty_echo(const char *message, usec_t until, const char *flag_file, char **_passphrase);
int ask_password_agent(const char *message, const char *icon, const char *id,
usec_t until, bool accept_cached, char ***_passphrases);
--
1.8.3.1
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
