File NM-cli-dont-echo-password-on-terminal.patch of Package NetworkManager.12250
Index: NetworkManager-1.0.12/clients/cli/common.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/common.c
+++ NetworkManager-1.0.12/clients/cli/common.c
@@ -29,6 +29,7 @@
#include <readline/readline.h>
#include <readline/history.h>
+#include <termios.h>
#include "nm-glib-compat.h"
@@ -1009,6 +1010,7 @@ get_secrets_from_user (const char *reque
const char *msg,
NMConnection *connection,
gboolean ask,
+ gboolean echo_on,
GHashTable *pwds_hash,
GPtrArray *secrets)
{
@@ -1039,7 +1041,7 @@ get_secrets_from_user (const char *reque
}
}
g_print ("%s\n", msg);
- pwd = nmc_readline ("%s (%s): ", secret->name, secret->prop_name);
+ pwd = nmc_readline_echo (echo_on, "%s (%s): ", secret->name, secret->prop_name);
if (!pwd)
pwd = g_strdup ("");
} else {
@@ -1099,7 +1101,7 @@ nmc_secrets_requested (NMSecretAgentSimp
}
success = get_secrets_from_user (request_id, title, msg, connection, nmc->in_editor || nmc->ask,
- nmc->pwds_hash, secrets);
+ nmc->show_secrets, nmc->pwds_hash, secrets);
if (success)
nm_secret_agent_simple_response (agent, request_id, secrets);
else {
@@ -1152,29 +1154,10 @@ nmc_set_in_readline (gboolean in_readlin
/* Global variable defined in nmcli.c */
extern NmCli nm_cli;
-/**
- * nmc_readline:
- * @prompt_fmt: prompt to print (telling user what to enter). It is standard
- * printf() format string
- * @...: a list of arguments according to the @prompt_fmt format string
- *
- * Wrapper around libreadline's readline() function.
- * If user pressed Ctrl-C, readline() is called again (if not in editor and
- * line is empty, nmcli will quit).
- * If user pressed Ctrl-D on empty line, nmcli will quit.
- *
- * Returns: the user provided string. In case the user entered empty string,
- * this function returns NULL.
- */
-char *
-nmc_readline (const char *prompt_fmt, ...)
+static char *
+nmc_readline_helper (const char *prompt)
{
- va_list args;
- char *prompt, *str;
-
- va_start (args, prompt_fmt);
- prompt = g_strdup_vprintf (prompt_fmt, args);
- va_end (args);
+ char *str;
readline_mark:
/* We are in readline -> Ctrl-C should not quit nmcli */
@@ -1215,7 +1198,6 @@ readline_mark:
sleep (3);
}
}
- g_free (prompt);
/* Return NULL, not empty string */
if (str && *str == '\0') {
@@ -1226,6 +1208,73 @@ readline_mark:
}
/**
+ * nmc_readline:
+ * @prompt_fmt: prompt to print (telling user what to enter). It is standard
+ * printf() format string
+ * @...: a list of arguments according to the @prompt_fmt format string
+ *
+ * Wrapper around libreadline's readline() function.
+ * If user pressed Ctrl-C, readline() is called again (if not in editor and
+ * line is empty, nmcli will quit).
+ * If user pressed Ctrl-D on empty line, nmcli will quit.
+ *
+ * Returns: the user provided string. In case the user entered empty string,
+ * this function returns NULL.
+ */
+char *
+nmc_readline (const char *prompt_fmt, ...)
+{
+ va_list args;
+ char *prompt, *str;
+
+ va_start (args, prompt_fmt);
+ prompt = g_strdup_vprintf (prompt_fmt, args);
+ va_end (args);
+
+ str = nmc_readline_helper (prompt);
+
+ g_free (prompt);
+
+ return str;
+}
+
+/**
+ * nmc_readline_echo:
+ *
+ * The same as nmc_readline() except it can disable echoing of input characters if @echo_on is %FALSE.
+ * nmc_readline(TRUE, ...) == nmc_readline(...)
+ */
+char *
+nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...)
+{
+ va_list args;
+ char *prompt, *str;
+ struct termios termios_orig, termios_new;
+
+ va_start (args, prompt_fmt);
+ prompt = g_strdup_vprintf (prompt_fmt, args);
+ va_end (args);
+
+ /* Disable echoing characters */
+ if (!echo_on) {
+ tcgetattr (STDIN_FILENO, &termios_orig);
+ termios_new = termios_orig;
+ termios_new.c_lflag &= ~(ECHO);
+ tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
+ }
+
+ str = nmc_readline_helper (prompt);
+
+ g_free (prompt);
+
+ /* Restore original terminal settings */
+ if (!echo_on)
+ tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
+
+ return str;
+}
+
+/**
* nmc_rl_gen_func_basic:
* @text: text to complete
* @state: readline state; says whether start from scratch (state == 0)
Index: NetworkManager-1.0.12/clients/cli/common.h
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/common.h
+++ NetworkManager-1.0.12/clients/cli/common.h
@@ -59,6 +59,7 @@ void nmc_secrets_requested (NMSecretAgen
void nmc_cleanup_readline (void);
char *nmc_readline (const char *prompt_fmt, ...) G_GNUC_PRINTF (1, 2);
+char *nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...) G_GNUC_PRINTF (2, 3);
char *nmc_rl_gen_func_basic (const char *text, int state, const char **words);
gboolean nmc_get_in_readline (void);
void nmc_set_in_readline (gboolean in_readline);
Index: NetworkManager-1.0.12/clients/cli/polkit-agent.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/polkit-agent.c
+++ NetworkManager-1.0.12/clients/cli/polkit-agent.c
@@ -25,7 +25,6 @@
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
-#include <termios.h>
#include <glib.h>
#include <glib/gi18n-lib.h>
@@ -44,18 +43,10 @@ polkit_request (const char *request,
gpointer user_data)
{
char *response, *tmp, *p;
- struct termios termios_orig, termios_new;
g_print ("%s\n", message);
g_print ("(action_id: %s)\n", action_id);
- if (!echo_on) {
- tcgetattr (STDIN_FILENO, &termios_orig);
- termios_new = termios_orig;
- termios_new.c_lflag &= ~(ECHO);
- tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
- }
-
/* Ask user for polkit authorization password */
if (user) {
/* chop of ": " if present */
@@ -63,16 +54,12 @@ polkit_request (const char *request,
p = strrchr (tmp, ':');
if (p && !strcmp (p, ": "))
*p = '\0';
- response = nmc_readline ("%s (%s): ", tmp, user);
+ response = nmc_readline_echo (echo_on, "%s (%s): ", tmp, user);
g_free (tmp);
} else
- response = nmc_readline ("%s", request);
+ response = nmc_readline_echo (echo_on, "%s", request);
g_print ("\n");
- /* Restore original terminal settings */
- if (!echo_on)
- tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
-
return response;
}
Index: NetworkManager-1.0.12/clients/cli/devices.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/devices.c
+++ NetworkManager-1.0.12/clients/cli/devices.c
@@ -2566,7 +2566,7 @@ do_device_wifi_connect_network (NmCli *n
if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) {
/* Ask for missing password when one is expected and '--ask' is used */
if (!password && nmc->ask)
- password = passwd_ask = nmc_readline (_("Password: "));
+ password = passwd_ask = nmc_readline_echo (nmc->show_secrets, _("Password: "));
if (password) {
if (!connection)
Index: NetworkManager-1.0.12/clients/cli/connections.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/connections.c
+++ NetworkManager-1.0.12/clients/cli/connections.c
@@ -252,7 +252,7 @@ usage (void)
{
g_printerr (_("Usage: nmcli connection { COMMAND | help }\n\n"
"COMMAND := { show | up | down | add | modify | edit | delete | reload | load }\n\n"
- " show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...\n\n"
+ " show [--active] [id | uuid | path | apath] <ID> ...\n\n"
#if WITH_WIMAX
" up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [nsp <name>] [passwd-file <file with passwords>]\n\n"
#else
@@ -280,13 +280,13 @@ usage_connection_show (void)
"profiles are listed. When --active option is specified, only the active\n"
"profiles are shown.\n"
"\n"
- "ARGUMENTS := [--active] [--show-secrets] [id | uuid | path | apath] <ID> ...\n"
+ "ARGUMENTS := [--active] [id | uuid | path | apath] <ID> ...\n"
"\n"
"Show details for specified connections. By default, both static configuration\n"
"and active connection data are displayed. It is possible to filter the output\n"
"using global '--fields' option. Refer to the manual page for more information.\n"
"When --active option is specified, only the active profiles are taken into\n"
- "account. --show-secrets option will reveal associated secrets as well.\n"));
+ "account. Use global --show-secrets option to reveal associated secrets as well.\n"));
}
static void
@@ -1434,7 +1434,7 @@ do_connections_show (NmCli *nmc, gboolea
if (acon)
con = NM_CONNECTION (nm_active_connection_get_connection (acon));
}
-
+
if (!con && !acon) {
g_string_printf (nmc->return_text, _("Error: %s - no such connection profile."), *argv);
nmc->return_value = NMC_RESULT_ERROR_NOT_FOUND;
@@ -1483,7 +1483,7 @@ do_connections_show (NmCli *nmc, gboolea
}
}
new_line = TRUE;
-
+
/* Take next argument.
* But for pos != NULL we have more connections of the same name,
* so process the same argument again.
@@ -3393,7 +3393,7 @@ do_questionnaire_wimax (char **mac)
}
static void
-do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac)
+do_questionnaire_pppoe (gboolean echo, char **password, char **service, char **mtu, char **mac)
{
gboolean once_more;
GError *error = NULL;
@@ -3403,7 +3403,7 @@ do_questionnaire_pppoe (char **password,
return;
if (!*password)
- *password = nmc_readline (_("Password [none]: "));
+ *password = nmc_readline_echo (echo, _("Password [none]: "));
if (!*service)
*service = nmc_readline (_("Service [none]: "));
@@ -3432,7 +3432,7 @@ do_questionnaire_pppoe (char **password,
}
static void
-do_questionnaire_mobile (char **user, char **password)
+do_questionnaire_mobile (gboolean echo, char **user, char **password)
{
/* Ask for optional 'gsm' or 'cdma' arguments. */
if (!want_provide_opt_args (_("mobile broadband"), 2))
@@ -3441,7 +3441,7 @@ do_questionnaire_mobile (char **user, ch
if (!*user)
*user = nmc_readline (_("Username [none]: "));
if (!*password)
- *password = nmc_readline (_("Password [none]: "));
+ *password = nmc_readline_echo (echo, _("Password [none]: "));
}
#define WORD_PANU "panu"
@@ -3904,7 +3904,7 @@ do_questionnaire_olpc (char **channel, c
#define PROMPT_ADSL_ENCAP "(" NM_SETTING_ADSL_ENCAPSULATION_VCMUX "/" NM_SETTING_ADSL_ENCAPSULATION_LLC ") [none]: "
static void
-do_questionnaire_adsl (char **password, char **encapsulation)
+do_questionnaire_adsl (gboolean echo, char **password, char **encapsulation)
{
gboolean once_more;
GError *error = NULL;
@@ -3914,7 +3914,7 @@ do_questionnaire_adsl (char **password,
return;
if (!*password)
- *password = nmc_readline (_("Password [none]: "));
+ *password = nmc_readline_echo (echo, _("Password [none]: "));
if (!*encapsulation) {
do {
@@ -4059,6 +4059,7 @@ complete_connection_by_type (NMConnectio
const char *con_type,
const GPtrArray *all_connections,
gboolean ask,
+ gboolean show_secrets,
int argc,
char **argv,
GError **error)
@@ -4376,7 +4377,7 @@ cleanup_wimax:
mtu = g_strdup (mtu_c);
mac = g_strdup (mac_c);
if (ask)
- do_questionnaire_pppoe (&password, &service, &mtu, &mac);
+ do_questionnaire_pppoe (show_secrets, &password, &service, &mtu, &mac);
if (!check_and_convert_mtu (mtu, &mtu_int, error))
goto cleanup_pppoe;
@@ -4446,7 +4447,7 @@ cleanup_pppoe:
user = g_strdup (user_c);
password = g_strdup (password_c);
if (ask)
- do_questionnaire_mobile (&user, &password);
+ do_questionnaire_mobile (show_secrets, &user, &password);
if (is_gsm) {
g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_GSM_SETTING_NAME, NULL);
@@ -5335,7 +5336,7 @@ cleanup_olpc:
password = g_strdup (password_c);
encapsulation = g_strdup (encapsulation_c);
if (ask)
- do_questionnaire_adsl (&password, &encapsulation);
+ do_questionnaire_adsl (show_secrets, &password, &encapsulation);
if (!check_adsl_encapsulation (&encapsulation, error))
goto cleanup_adsl;
@@ -5854,6 +5855,7 @@ do_connection_add (NmCli *nmc, int argc,
setting_name,
nmc->connections,
nmc->ask,
+ nmc->show_secrets,
argc,
argv,
&error)) {
@@ -9272,11 +9274,14 @@ do_connections (NmCli *nmc, int argc, ch
active = TRUE;
next_arg (&argc, &argv);
}
+ /* --show-secrets is deprecated in favour of global --show-secrets */
+ /* Keep it here for backwards compatibility */
if (!show_secrets && nmc_arg_is_option (*argv, "show-secrets")) {
show_secrets = TRUE;
next_arg (&argc, &argv);
}
}
+ show_secrets = nmc->show_secrets || show_secrets;
nmc->return_value = do_connections_show (nmc, active, show_secrets, argc, argv);
} else if (matches(*argv, "up") == 0) {
nmc->return_value = do_connection_up (nmc, argc-1, argv+1);
Index: NetworkManager-1.0.12/clients/cli/nmcli.c
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli.c
+++ NetworkManager-1.0.12/clients/cli/nmcli.c
@@ -93,6 +93,7 @@ usage (const char *prog_name)
" -e[scape] yes|no escape columns separators in values\n"
" -n[ocheck] don't check nmcli and NetworkManager versions\n"
" -a[sk] ask for missing parameters\n"
+ " -s[how-secrets] allow displaying passwords\n"
" -w[ait] <seconds> set timeout waiting for finishing operations\n"
" -v[ersion] show program version\n"
" -h[elp] print this help\n"
@@ -108,7 +109,7 @@ usage (const char *prog_name)
prog_name);
}
-static NMCResultCode
+static NMCResultCode
do_help (NmCli *nmc, int argc, char **argv)
{
usage ("nmcli");
@@ -238,6 +239,8 @@ parse_command_line (NmCli *nmc, int argc
nmc->nocheck_ver = TRUE;
} else if (matches (opt, "-ask") == 0) {
nmc->ask = TRUE;
+ } else if (matches (opt, "-show-secrets") == 0) {
+ nmc->show_secrets = TRUE;
} else if (matches (opt, "-wait") == 0) {
unsigned long timeout;
next_arg (&argc, &argv);
@@ -526,6 +529,7 @@ nmc_init (NmCli *nmc)
memset (&nmc->print_fields, '\0', sizeof (NmcPrintFields));
nmc->nocheck_ver = FALSE;
nmc->ask = FALSE;
+ nmc->show_secrets = FALSE;
nmc->in_editor = FALSE;
nmc->editor_status_line = FALSE;
nmc->editor_save_confirmation = TRUE;
@@ -590,7 +594,7 @@ main (int argc, char *argv[])
#if !GLIB_CHECK_VERSION (2, 35, 0)
g_type_init ();
#endif
-
+
/* Save terminal settings */
tcgetattr (STDIN_FILENO, &termios_orig);
Index: NetworkManager-1.0.12/clients/cli/nmcli.h
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli.h
+++ NetworkManager-1.0.12/clients/cli/nmcli.h
@@ -137,6 +137,7 @@ typedef struct _NmCli {
NmcPrintFields print_fields; /* Structure with field indices to print */
gboolean nocheck_ver; /* Don't check nmcli and NM versions: option '--nocheck' */
gboolean ask; /* Ask for missing parameters: option '--ask' */
+ gboolean show_secrets; /* Whether to display secrets (both input and output): option '--show-secrets' */
gboolean in_editor; /* Whether running the editor - nmcli con edit' */
gboolean editor_status_line; /* Whether to display status line in connection editor */
gboolean editor_save_confirmation; /* Whether to ask for confirmation on saving connections with 'autoconnect=yes' */
Index: NetworkManager-1.0.12/clients/cli/nmcli-completion
===================================================================
--- NetworkManager-1.0.12.orig/clients/cli/nmcli-completion
+++ NetworkManager-1.0.12/clients/cli/nmcli-completion
@@ -712,7 +712,7 @@ _nmcli()
local COMMAND_CONNECTION_ACTIVE=""
HELP_ONLY_AS_FIRST=
- local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask wait version help)
+ local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask show-secrets wait version help)
_nmcli_compl_OPTIONS
i=$?
@@ -807,11 +807,11 @@ _nmcli()
case "$command" in
s|sh|sho|show)
if [[ ${#words[@]} -eq 3 ]]; then
- _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active show-secrets
+ _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active
elif [[ ${#words[@]} -gt 3 ]]; then
_nmcli_array_delete_at words 0 1
- LONG_OPTIONS=(help active show-secrets)
+ LONG_OPTIONS=(help active)
HELP_ONLY_AS_FIRST=1
_nmcli_compl_OPTIONS
i=$?
Index: NetworkManager-1.0.12/man/nmcli.1.in
===================================================================
--- NetworkManager-1.0.12.orig/man/nmcli.1.in
+++ NetworkManager-1.0.12/man/nmcli.1.in
@@ -53,6 +53,8 @@ nmcli \- command\(hyline tool for contro
.br
\fB\-a\fR[\fIsk\fR]
.br
+\fB\-s\fR[\fIhow-secrets\fR]
+.br
\fB\-w\fR[\fIait\fR] <seconds>
.br
\fB\-v\fR[\fIersion\fR]
@@ -134,6 +136,11 @@ arguments, so do not use this option for
This option controls, for example, whether you will be prompted for a password
if it is required for connecting to a network.
.TP
+.B \-s, \-\-show-secrets
+When using this option \fInmcli\fP will display passwords and secrets that might
+be present in an output of an operation. This option also influences echoing
+passwords typed by user as an input.
+.TP
.B \-w, \-\-wait <seconds>
This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
to finish operations. It is especially useful for commands that may take a longer time to
@@ -289,12 +296,12 @@ active if a device is using that connect
profiles are listed. When --active option is specified, only the active profiles
are shown.
.TP
-.B show [--active] [--show-secrets] [ id | uuid | path | apath ] <ID> ...
+.B show [--active] [ id | uuid | path | apath ] <ID> ...
.br
Show details for specified connections. By default, both static configuration
and active connection data are displayed. When --active option is specified,
-only the active profiles are taken into account. When --show-secrets option is
-specified, secrets associated with the profile will be revealed too.
+only the active profiles are taken into account. Use global --show-secrets option
+to display secrets associated with the profile.
\fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if
\fI<ID>\fP is ambiguous.
.RS
@@ -941,7 +948,7 @@ shows all connection profile names and t
.IP
shows details for "My default em1" connection profile.
-.IP "\fB\f(CWnmcli connection show --show-secrets \(dq\&My Home WiFi\(dq\&\fP\fP"
+.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP"
.IP
shows details for "My Home WiFi" connection profile with all passwords.
Without \fI--show-secrets\fP option, secrets would not be displayed.
