File NM-cli-dont-echo-password-on-terminal.patch of Package NetworkManager.12250

Index: NetworkManager-1.0.12/clients/cli/common.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/common.c
+++ NetworkManager-1.0.12/clients/cli/common.c
@@ -29,6 +29,7 @@
 
 #include <readline/readline.h>
 #include <readline/history.h>
+#include <termios.h>
 
 #include "nm-glib-compat.h"
 
@@ -1009,6 +1010,7 @@ get_secrets_from_user (const char *reque
                        const char *msg,
                        NMConnection *connection,
                        gboolean ask,
+                       gboolean echo_on,
                        GHashTable *pwds_hash,
                        GPtrArray *secrets)
 {
@@ -1039,7 +1041,7 @@ get_secrets_from_user (const char *reque
 					}
 				}
 				g_print ("%s\n", msg);
-				pwd = nmc_readline ("%s (%s): ", secret->name, secret->prop_name);
+				pwd = nmc_readline_echo (echo_on, "%s (%s): ", secret->name, secret->prop_name);
 				if (!pwd)
 					pwd = g_strdup ("");
 			} else {
@@ -1099,7 +1101,7 @@ nmc_secrets_requested (NMSecretAgentSimp
 	}
 
 	success = get_secrets_from_user (request_id, title, msg, connection, nmc->in_editor || nmc->ask,
-	                                 nmc->pwds_hash, secrets);
+	                                 nmc->show_secrets, nmc->pwds_hash, secrets);
 	if (success)
 		nm_secret_agent_simple_response (agent, request_id, secrets);
 	else {
@@ -1152,29 +1154,10 @@ nmc_set_in_readline (gboolean in_readlin
 /* Global variable defined in nmcli.c */
 extern NmCli nm_cli;
 
-/**
- * nmc_readline:
- * @prompt_fmt: prompt to print (telling user what to enter). It is standard
- *   printf() format string
- * @...: a list of arguments according to the @prompt_fmt format string
- *
- * Wrapper around libreadline's readline() function.
- * If user pressed Ctrl-C, readline() is called again (if not in editor and
- * line is empty, nmcli will quit).
- * If user pressed Ctrl-D on empty line, nmcli will quit.
- *
- * Returns: the user provided string. In case the user entered empty string,
- * this function returns NULL.
- */
-char *
-nmc_readline (const char *prompt_fmt, ...)
+static char *
+nmc_readline_helper (const char *prompt)
 {
-	va_list args;
-	char *prompt, *str;
-
-	va_start (args, prompt_fmt);
-	prompt = g_strdup_vprintf (prompt_fmt, args);
-	va_end (args);
+	char *str;
 
 readline_mark:
 	/* We are in readline -> Ctrl-C should not quit nmcli */
@@ -1215,7 +1198,6 @@ readline_mark:
 				sleep (3);
 		}
 	}
-	g_free (prompt);
 
 	/* Return NULL, not empty string */
 	if (str && *str == '\0') {
@@ -1226,6 +1208,73 @@ readline_mark:
 }
 
 /**
+ * nmc_readline:
+ * @prompt_fmt: prompt to print (telling user what to enter). It is standard
+ *   printf() format string
+ * @...: a list of arguments according to the @prompt_fmt format string
+ *
+ * Wrapper around libreadline's readline() function.
+ * If user pressed Ctrl-C, readline() is called again (if not in editor and
+ * line is empty, nmcli will quit).
+ * If user pressed Ctrl-D on empty line, nmcli will quit.
+ *
+ * Returns: the user provided string. In case the user entered empty string,
+ * this function returns NULL.
+ */
+char *
+nmc_readline (const char *prompt_fmt, ...)
+{
+   va_list args;
+   char *prompt, *str;
+
+   va_start (args, prompt_fmt);
+   prompt = g_strdup_vprintf (prompt_fmt, args);
+   va_end (args);
+
+   str = nmc_readline_helper (prompt);
+
+   g_free (prompt);
+
+   return str;
+}
+
+/**
+ * nmc_readline_echo:
+ *
+ * The same as nmc_readline() except it can disable echoing of input characters if @echo_on is %FALSE.
+ * nmc_readline(TRUE, ...) == nmc_readline(...)
+ */
+char *
+nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...)
+{
+   va_list args;
+   char *prompt, *str;
+   struct termios termios_orig, termios_new;
+
+   va_start (args, prompt_fmt);
+   prompt = g_strdup_vprintf (prompt_fmt, args);
+   va_end (args);
+
+   /* Disable echoing characters */
+   if (!echo_on) {
+       tcgetattr (STDIN_FILENO, &termios_orig);
+       termios_new = termios_orig;
+       termios_new.c_lflag &= ~(ECHO);
+       tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
+   }
+
+   str = nmc_readline_helper (prompt);
+
+   g_free (prompt);
+
+   /* Restore original terminal settings */
+   if (!echo_on)
+       tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
+
+   return str;
+}
+
+/**
  * nmc_rl_gen_func_basic:
  * @text: text to complete
  * @state: readline state; says whether start from scratch (state == 0)
Index: NetworkManager-1.0.12/clients/cli/common.h
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/common.h
+++ NetworkManager-1.0.12/clients/cli/common.h
@@ -59,6 +59,7 @@ void nmc_secrets_requested (NMSecretAgen
 
 void nmc_cleanup_readline (void);
 char *nmc_readline (const char *prompt_fmt, ...) G_GNUC_PRINTF (1, 2);
+char *nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...) G_GNUC_PRINTF (2, 3);
 char *nmc_rl_gen_func_basic (const char *text, int state, const char **words);
 gboolean nmc_get_in_readline (void);
 void nmc_set_in_readline (gboolean in_readline);
Index: NetworkManager-1.0.12/clients/cli/polkit-agent.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/polkit-agent.c
+++ NetworkManager-1.0.12/clients/cli/polkit-agent.c
@@ -25,7 +25,6 @@
 #include <string.h>
 #include <sys/types.h>
 #include <unistd.h>
-#include <termios.h>
 
 #include <glib.h>
 #include <glib/gi18n-lib.h>
@@ -44,18 +43,10 @@ polkit_request (const char *request,
 		gpointer user_data)
 {
 	char *response, *tmp, *p;
-	struct termios termios_orig, termios_new;
 
 	g_print ("%s\n", message);
 	g_print ("(action_id: %s)\n", action_id);
 
-	if (!echo_on) {
-		tcgetattr (STDIN_FILENO, &termios_orig);
-		termios_new = termios_orig;
-		termios_new.c_lflag &= ~(ECHO);
-		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
-	}
-
 	/* Ask user for polkit authorization password */
 	if (user) {
 		/* chop of ": " if present */
@@ -63,16 +54,12 @@ polkit_request (const char *request,
 		p = strrchr (tmp, ':');
 		if (p && !strcmp (p, ": "))
 			*p = '\0';
-		response = nmc_readline ("%s (%s): ", tmp, user);
+		response = nmc_readline_echo (echo_on, "%s (%s): ", tmp, user);
 		g_free (tmp);
 	} else
-		response = nmc_readline ("%s", request);
+		response = nmc_readline_echo (echo_on, "%s", request);
 	g_print ("\n");
 
-	/* Restore original terminal settings */
-	if (!echo_on)
-		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
-
 	return response;
 }
 
Index: NetworkManager-1.0.12/clients/cli/devices.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/devices.c
+++ NetworkManager-1.0.12/clients/cli/devices.c
@@ -2566,7 +2566,7 @@ do_device_wifi_connect_network (NmCli *n
 	if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) {
 		/* Ask for missing password when one is expected and '--ask' is used */
 		if (!password && nmc->ask)
-			password = passwd_ask = nmc_readline (_("Password: "));
+			password = passwd_ask = nmc_readline_echo (nmc->show_secrets, _("Password: "));
 
 		if (password) {
 			if (!connection)
Index: NetworkManager-1.0.12/clients/cli/connections.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/connections.c
+++ NetworkManager-1.0.12/clients/cli/connections.c
@@ -252,7 +252,7 @@ usage (void)
 {
 	g_printerr (_("Usage: nmcli connection { COMMAND | help }\n\n"
 	              "COMMAND := { show | up | down | add | modify | edit | delete | reload | load }\n\n"
-	              "  show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...\n\n"
+                  "  show [--active] [id | uuid | path | apath] <ID> ...\n\n"
 #if WITH_WIMAX
 	              "  up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [nsp <name>] [passwd-file <file with passwords>]\n\n"
 #else
@@ -280,13 +280,13 @@ usage_connection_show (void)
 	              "profiles are listed. When --active option is specified, only the active\n"
 	              "profiles are shown.\n"
 	              "\n"
-	              "ARGUMENTS := [--active] [--show-secrets] [id | uuid | path | apath] <ID> ...\n"
+                  "ARGUMENTS := [--active] [id | uuid | path | apath] <ID> ...\n"
 	              "\n"
 	              "Show details for specified connections. By default, both static configuration\n"
 	              "and active connection data are displayed. It is possible to filter the output\n"
 	              "using global '--fields' option. Refer to the manual page for more information.\n"
 	              "When --active option is specified, only the active profiles are taken into\n"
-	              "account. --show-secrets option will reveal associated secrets as well.\n"));
+                  "account. Use global --show-secrets option to reveal associated secrets as well.\n"));
 }
 
 static void
@@ -1434,7 +1434,7 @@ do_connections_show (NmCli *nmc, gboolea
 				if (acon)
 					con = NM_CONNECTION (nm_active_connection_get_connection (acon));
 			}
-			
+
 			if (!con && !acon) {
 				g_string_printf (nmc->return_text, _("Error: %s - no such connection profile."), *argv);
 				nmc->return_value = NMC_RESULT_ERROR_NOT_FOUND;
@@ -1483,7 +1483,7 @@ do_connections_show (NmCli *nmc, gboolea
 				}
 			}
 			new_line = TRUE;
-			
+
 			/* Take next argument.
 			 * But for pos != NULL we have more connections of the same name,
 			 * so process the same argument again.
@@ -3393,7 +3393,7 @@ do_questionnaire_wimax (char **mac)
 }
 
 static void
-do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac)
+do_questionnaire_pppoe (gboolean echo, char **password, char **service, char **mtu, char **mac)
 {
 	gboolean once_more;
 	GError *error = NULL;
@@ -3403,7 +3403,7 @@ do_questionnaire_pppoe (char **password,
 		return;
 
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 	if (!*service)
 		*service = nmc_readline (_("Service [none]: "));
 
@@ -3432,7 +3432,7 @@ do_questionnaire_pppoe (char **password,
 }
 
 static void
-do_questionnaire_mobile (char **user, char **password)
+do_questionnaire_mobile (gboolean echo, char **user, char **password)
 {
 	/* Ask for optional 'gsm' or 'cdma' arguments. */
 	if (!want_provide_opt_args (_("mobile broadband"), 2))
@@ -3441,7 +3441,7 @@ do_questionnaire_mobile (char **user, ch
 	if (!*user)
 		*user = nmc_readline (_("Username [none]: "));
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 }
 
 #define WORD_PANU      "panu"
@@ -3904,7 +3904,7 @@ do_questionnaire_olpc (char **channel, c
 
 #define PROMPT_ADSL_ENCAP "(" NM_SETTING_ADSL_ENCAPSULATION_VCMUX "/" NM_SETTING_ADSL_ENCAPSULATION_LLC ") [none]: "
 static void
-do_questionnaire_adsl (char **password, char **encapsulation)
+do_questionnaire_adsl (gboolean echo, char **password, char **encapsulation)
 {
 	gboolean once_more;
 	GError *error = NULL;
@@ -3914,7 +3914,7 @@ do_questionnaire_adsl (char **password,
 		return;
 
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 
 	if (!*encapsulation) {
 		do {
@@ -4059,6 +4059,7 @@ complete_connection_by_type (NMConnectio
                              const char *con_type,
                              const GPtrArray *all_connections,
                              gboolean ask,
+                             gboolean show_secrets,
                              int argc,
                              char **argv,
                              GError **error)
@@ -4376,7 +4377,7 @@ cleanup_wimax:
 		mtu = g_strdup (mtu_c);
 		mac = g_strdup (mac_c);
 		if (ask)
-			do_questionnaire_pppoe (&password, &service, &mtu, &mac);
+			do_questionnaire_pppoe (show_secrets, &password, &service, &mtu, &mac);
 
 		if (!check_and_convert_mtu (mtu, &mtu_int, error))
 			goto cleanup_pppoe;
@@ -4446,7 +4447,7 @@ cleanup_pppoe:
 		user = g_strdup (user_c);
 		password = g_strdup (password_c);
 		if (ask)
-			do_questionnaire_mobile (&user, &password);
+			do_questionnaire_mobile (show_secrets, &user, &password);
 
 		if (is_gsm) {
 			g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_GSM_SETTING_NAME, NULL);
@@ -5335,7 +5336,7 @@ cleanup_olpc:
 		password = g_strdup (password_c);
 		encapsulation = g_strdup (encapsulation_c);
 		if (ask)
-			do_questionnaire_adsl (&password, &encapsulation);
+			do_questionnaire_adsl (show_secrets, &password, &encapsulation);
 
 		if (!check_adsl_encapsulation (&encapsulation, error))
 			goto cleanup_adsl;
@@ -5854,6 +5855,7 @@ do_connection_add (NmCli *nmc, int argc,
 	                                  setting_name,
 	                                  nmc->connections,
 	                                  nmc->ask,
+                                      nmc->show_secrets,
 	                                  argc,
 	                                  argv,
 	                                  &error)) {
@@ -9272,11 +9274,14 @@ do_connections (NmCli *nmc, int argc, ch
 					active = TRUE;
 					next_arg (&argc, &argv);
 				}
+                /* --show-secrets is deprecated in favour of global --show-secrets */
+                /* Keep it here for backwards compatibility */
 				if (!show_secrets && nmc_arg_is_option (*argv, "show-secrets")) {
 					show_secrets = TRUE;
 					next_arg (&argc, &argv);
 				}
 			}
+            show_secrets = nmc->show_secrets || show_secrets;
 			nmc->return_value = do_connections_show (nmc, active, show_secrets, argc, argv);
 		} else if (matches(*argv, "up") == 0) {
 			nmc->return_value = do_connection_up (nmc, argc-1, argv+1);
Index: NetworkManager-1.0.12/clients/cli/nmcli.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli.c
+++ NetworkManager-1.0.12/clients/cli/nmcli.c
@@ -93,6 +93,7 @@ usage (const char *prog_name)
 	              "  -e[scape] yes|no                           escape columns separators in values\n"
 	              "  -n[ocheck]                                 don't check nmcli and NetworkManager versions\n"
 	              "  -a[sk]                                     ask for missing parameters\n"
+                  "  -s[how-secrets]                            allow displaying passwords\n"
 	              "  -w[ait] <seconds>                          set timeout waiting for finishing operations\n"
 	              "  -v[ersion]                                 show program version\n"
 	              "  -h[elp]                                    print this help\n"
@@ -108,7 +109,7 @@ usage (const char *prog_name)
 	            prog_name);
 }
 
-static NMCResultCode 
+static NMCResultCode
 do_help (NmCli *nmc, int argc, char **argv)
 {
 	usage ("nmcli");
@@ -238,6 +239,8 @@ parse_command_line (NmCli *nmc, int argc
 			nmc->nocheck_ver = TRUE;
 		} else if (matches (opt, "-ask") == 0) {
 			nmc->ask = TRUE;
+        } else if (matches (opt, "-show-secrets") == 0) {
+                       nmc->show_secrets = TRUE;
 		} else if (matches (opt, "-wait") == 0) {
 			unsigned long timeout;
 			next_arg (&argc, &argv);
@@ -526,6 +529,7 @@ nmc_init (NmCli *nmc)
 	memset (&nmc->print_fields, '\0', sizeof (NmcPrintFields));
 	nmc->nocheck_ver = FALSE;
 	nmc->ask = FALSE;
+    nmc->show_secrets = FALSE;
 	nmc->in_editor = FALSE;
 	nmc->editor_status_line = FALSE;
 	nmc->editor_save_confirmation = TRUE;
@@ -590,7 +594,7 @@ main (int argc, char *argv[])
 #if !GLIB_CHECK_VERSION (2, 35, 0)
 	g_type_init ();
 #endif
-	
+
 	/* Save terminal settings */
 	tcgetattr (STDIN_FILENO, &termios_orig);
 
Index: NetworkManager-1.0.12/clients/cli/nmcli.h
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli.h
+++ NetworkManager-1.0.12/clients/cli/nmcli.h
@@ -137,6 +137,7 @@ typedef struct _NmCli {
 	NmcPrintFields print_fields;                      /* Structure with field indices to print */
 	gboolean nocheck_ver;                             /* Don't check nmcli and NM versions: option '--nocheck' */
 	gboolean ask;                                     /* Ask for missing parameters: option '--ask' */
+    gboolean show_secrets;                            /* Whether to display secrets (both input and output): option '--show-secrets' */
 	gboolean in_editor;                               /* Whether running the editor - nmcli con edit' */
 	gboolean editor_status_line;                      /* Whether to display status line in connection editor */
 	gboolean editor_save_confirmation;                /* Whether to ask for confirmation on saving connections with 'autoconnect=yes' */
Index: NetworkManager-1.0.12/clients/cli/nmcli-completion
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli-completion
+++ NetworkManager-1.0.12/clients/cli/nmcli-completion
@@ -712,7 +712,7 @@ _nmcli()
     local COMMAND_CONNECTION_ACTIVE=""
 
     HELP_ONLY_AS_FIRST=
-    local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask wait version help)
+    local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask show-secrets wait version help)
     _nmcli_compl_OPTIONS
     i=$?
 
@@ -807,11 +807,11 @@ _nmcli()
                 case "$command" in
                     s|sh|sho|show)
                         if [[ ${#words[@]} -eq 3 ]]; then
-                            _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active show-secrets
+                            _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active
                         elif [[ ${#words[@]} -gt 3 ]]; then
                             _nmcli_array_delete_at words 0 1
 
-                            LONG_OPTIONS=(help active show-secrets)
+                            LONG_OPTIONS=(help active)
                             HELP_ONLY_AS_FIRST=1
                             _nmcli_compl_OPTIONS
                             i=$?
Index: NetworkManager-1.0.12/man/nmcli.1.in
===================================================================
--- NetworkManager-1.0.12.orig/man/nmcli.1.in
+++ NetworkManager-1.0.12/man/nmcli.1.in
@@ -53,6 +53,8 @@ nmcli \- command\(hyline tool for contro
 .br
 \fB\-a\fR[\fIsk\fR]
 .br
+\fB\-s\fR[\fIhow-secrets\fR]
+.br
 \fB\-w\fR[\fIait\fR] <seconds>
 .br
 \fB\-v\fR[\fIersion\fR]
@@ -134,6 +136,11 @@ arguments, so do not use this option for
 This option controls, for example, whether you will be prompted for a password
 if it is required for connecting to a network.
 .TP
+.B \-s, \-\-show-secrets
+When using this option \fInmcli\fP will display passwords and secrets that might
+be present in an output of an operation. This option also influences echoing
+passwords typed by user as an input.
+.TP
 .B \-w, \-\-wait <seconds>
 This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
 to finish operations. It is especially useful for commands that may take a longer time to
@@ -289,12 +296,12 @@ active if a device is using that connect
 profiles are listed. When --active option is specified, only the active profiles
 are shown.
 .TP
-.B show [--active] [--show-secrets] [ id | uuid | path | apath ] <ID> ...
+.B show [--active] [ id | uuid | path | apath ] <ID> ...
 .br
 Show details for specified connections. By default, both static configuration
 and active connection data are displayed.  When --active option is specified,
-only the active profiles are taken into account. When --show-secrets option is
-specified, secrets associated with the profile will be revealed too.
+only the active profiles are taken into account. Use global --show-secrets option
+to display secrets associated with the profile.
 \fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if
 \fI<ID>\fP is ambiguous.
 .RS
@@ -941,7 +948,7 @@ shows all connection profile names and t
 .IP
 shows details for "My default em1" connection profile.
 
-.IP "\fB\f(CWnmcli connection show --show-secrets \(dq\&My Home WiFi\(dq\&\fP\fP"
+.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP"
 .IP
 shows details for "My Home WiFi" connection profile with all passwords.
 Without \fI--show-secrets\fP option, secrets would not be displayed.
openSUSE Build Service is sponsored by