summaryrefslogtreecommitdiffstats
path: root/src/ask-password
diff options
context:
space:
mode:
Diffstat (limited to 'src/ask-password')
-rw-r--r--src/ask-password/ask-password.c263
-rw-r--r--src/ask-password/meson.build9
2 files changed, 272 insertions, 0 deletions
diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c
new file mode 100644
index 0000000..bf4c93e
--- /dev/null
+++ b/src/ask-password/ask-password.c
@@ -0,0 +1,263 @@
+/* SPDX-License-Identifier: LGPL-2.1-or-later */
+
+#include <errno.h>
+#include <getopt.h>
+#include <stddef.h>
+#include <unistd.h>
+
+#include "ask-password-api.h"
+#include "build.h"
+#include "constants.h"
+#include "log.h"
+#include "macro.h"
+#include "main-func.h"
+#include "parse-argument.h"
+#include "pretty-print.h"
+#include "strv.h"
+#include "terminal-util.h"
+
+static const char *arg_icon = NULL;
+static const char *arg_id = NULL; /* identifier for 'ask-password' protocol */
+static const char *arg_key_name = NULL; /* name in kernel keyring */
+static const char *arg_credential_name = NULL; /* name in $CREDENTIALS_DIRECTORY directory */
+static char *arg_message = NULL;
+static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC;
+static bool arg_multiple = false;
+static bool arg_no_output = false;
+static AskPasswordFlags arg_flags = ASK_PASSWORD_PUSH_CACHE;
+static bool arg_newline = true;
+
+STATIC_DESTRUCTOR_REGISTER(arg_message, freep);
+
+static int help(void) {
+ _cleanup_free_ char *link = NULL;
+ int r;
+
+ r = terminal_urlify_man("systemd-ask-password", "1", &link);
+ if (r < 0)
+ return log_oom();
+
+ printf("%1$s [OPTIONS...] MESSAGE\n\n"
+ "%3$sQuery the user for a system passphrase, via the TTY or a UI agent.%4$s\n\n"
+ " -h --help Show this help\n"
+ " --icon=NAME Icon name\n"
+ " --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n"
+ " --keyname=NAME Kernel key name for caching passwords (e.g. \"cryptsetup\")\n"
+ " --credential=NAME\n"
+ " Credential name for ImportCredential=, LoadCredential= or\n"
+ " SetCredential= credentials\n"
+ " --timeout=SEC Timeout in seconds\n"
+ " --echo=yes|no|masked\n"
+ " Control whether to show password while typing (echo)\n"
+ " -e --echo Equivalent to --echo=yes\n"
+ " --emoji=yes|no|auto\n"
+ " Show a lock and key emoji\n"
+ " --no-tty Ask question via agent even on TTY\n"
+ " --accept-cached Accept cached passwords\n"
+ " --multiple List multiple passwords if available\n"
+ " --no-output Do not print password to standard output\n"
+ " -n Do not suffix password written to standard output with\n"
+ " newline\n"
+ "\nSee the %2$s for details.\n",
+ program_invocation_short_name,
+ link,
+ ansi_highlight(),
+ ansi_normal());
+
+ return 0;
+}
+
+static int parse_argv(int argc, char *argv[]) {
+
+ enum {
+ ARG_ICON = 0x100,
+ ARG_TIMEOUT,
+ ARG_EMOJI,
+ ARG_NO_TTY,
+ ARG_ACCEPT_CACHED,
+ ARG_MULTIPLE,
+ ARG_ID,
+ ARG_KEYNAME,
+ ARG_NO_OUTPUT,
+ ARG_VERSION,
+ ARG_CREDENTIAL,
+ };
+
+ static const struct option options[] = {
+ { "help", no_argument, NULL, 'h' },
+ { "version", no_argument, NULL, ARG_VERSION },
+ { "icon", required_argument, NULL, ARG_ICON },
+ { "timeout", required_argument, NULL, ARG_TIMEOUT },
+ { "echo", optional_argument, NULL, 'e' },
+ { "emoji", required_argument, NULL, ARG_EMOJI },
+ { "no-tty", no_argument, NULL, ARG_NO_TTY },
+ { "accept-cached", no_argument, NULL, ARG_ACCEPT_CACHED },
+ { "multiple", no_argument, NULL, ARG_MULTIPLE },
+ { "id", required_argument, NULL, ARG_ID },
+ { "keyname", required_argument, NULL, ARG_KEYNAME },
+ { "no-output", no_argument, NULL, ARG_NO_OUTPUT },
+ { "credential", required_argument, NULL, ARG_CREDENTIAL },
+ {}
+ };
+
+ const char *emoji = NULL;
+ int c, r;
+
+ assert(argc >= 0);
+ assert(argv);
+
+ /* Note the asymmetry: the long option --echo= allows an optional argument, the short option does
+ * not. */
+
+ /* Resetting to 0 forces the invocation of an internal initialization routine of getopt_long()
+ * that checks for GNU extensions in optstring ('-' or '+' at the beginning). */
+ optind = 0;
+ while ((c = getopt_long(argc, argv, "+hen", options, NULL)) >= 0)
+
+ switch (c) {
+
+ case 'h':
+ return help();
+
+ case ARG_VERSION:
+ return version();
+
+ case ARG_ICON:
+ arg_icon = optarg;
+ break;
+
+ case ARG_TIMEOUT:
+ r = parse_sec(optarg, &arg_timeout);
+ if (r < 0)
+ return log_error_errno(r, "Failed to parse --timeout= parameter: %s", optarg);
+
+ break;
+
+ case 'e':
+ if (!optarg) {
+ /* Short option -e is used, or no argument to long option --echo= */
+ arg_flags |= ASK_PASSWORD_ECHO;
+ arg_flags &= ~ASK_PASSWORD_SILENT;
+ } else if (isempty(optarg) || streq(optarg, "masked"))
+ /* Empty argument or explicit string "masked" for default behaviour. */
+ arg_flags &= ~(ASK_PASSWORD_ECHO|ASK_PASSWORD_SILENT);
+ else {
+ r = parse_boolean_argument("--echo=", optarg, NULL);
+ if (r < 0)
+ return r;
+
+ SET_FLAG(arg_flags, ASK_PASSWORD_ECHO, r);
+ SET_FLAG(arg_flags, ASK_PASSWORD_SILENT, !r);
+ }
+ break;
+
+ case ARG_EMOJI:
+ emoji = optarg;
+ break;
+
+ case ARG_NO_TTY:
+ arg_flags |= ASK_PASSWORD_NO_TTY;
+ break;
+
+ case ARG_ACCEPT_CACHED:
+ arg_flags |= ASK_PASSWORD_ACCEPT_CACHED;
+ break;
+
+ case ARG_MULTIPLE:
+ arg_multiple = true;
+ break;
+
+ case ARG_ID:
+ arg_id = optarg;
+ break;
+
+ case ARG_KEYNAME:
+ arg_key_name = optarg;
+ break;
+
+ case ARG_NO_OUTPUT:
+ arg_no_output = true;
+ break;
+
+ case ARG_CREDENTIAL:
+ arg_credential_name = optarg;
+ break;
+
+ case 'n':
+ arg_newline = false;
+ break;
+
+ case '?':
+ return -EINVAL;
+
+ default:
+ assert_not_reached();
+ }
+
+ if (isempty(emoji) || streq(emoji, "auto"))
+ SET_FLAG(arg_flags, ASK_PASSWORD_HIDE_EMOJI, FLAGS_SET(arg_flags, ASK_PASSWORD_ECHO));
+ else {
+ r = parse_boolean_argument("--emoji=", emoji, NULL);
+ if (r < 0)
+ return r;
+
+ SET_FLAG(arg_flags, ASK_PASSWORD_HIDE_EMOJI, !r);
+ }
+
+ if (argc > optind) {
+ arg_message = strv_join(argv + optind, " ");
+ if (!arg_message)
+ return log_oom();
+ } else if (FLAGS_SET(arg_flags, ASK_PASSWORD_ECHO)) {
+ /* By default ask_password_auto() will query with the string "Password: ", which is not right
+ * when full echo is on, since then it's unlikely a password. Let's hence default to a less
+ * confusing string in that case. */
+
+ arg_message = strdup("Input:");
+ if (!arg_message)
+ return log_oom();
+ }
+
+ return 1;
+}
+
+static int run(int argc, char *argv[]) {
+ _cleanup_strv_free_erase_ char **l = NULL;
+ usec_t timeout;
+ int r;
+
+ log_show_color(true);
+ log_parse_environment();
+ log_open();
+
+ r = parse_argv(argc, argv);
+ if (r <= 0)
+ return r;
+
+ if (arg_timeout > 0)
+ timeout = usec_add(now(CLOCK_MONOTONIC), arg_timeout);
+ else
+ timeout = 0;
+
+ r = ask_password_auto(arg_message, arg_icon, arg_id, arg_key_name, arg_credential_name ?: "password", timeout, arg_flags, &l);
+ if (r < 0)
+ return log_error_errno(r, "Failed to query password: %m");
+
+ STRV_FOREACH(p, l) {
+ if (!arg_no_output) {
+ if (arg_newline)
+ puts(*p);
+ else
+ fputs(*p, stdout);
+ }
+
+ fflush(stdout);
+
+ if (!arg_multiple)
+ break;
+ }
+
+ return 0;
+}
+
+DEFINE_MAIN_FUNCTION(run);
diff --git a/src/ask-password/meson.build b/src/ask-password/meson.build
new file mode 100644
index 0000000..3197112
--- /dev/null
+++ b/src/ask-password/meson.build
@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+executables += [
+ executable_template + {
+ 'name' : 'systemd-ask-password',
+ 'public' : true,
+ 'sources' : files('ask-password.c'),
+ },
+]