Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
NetworkManager.12250
NM-cli-dont-echo-password-on-terminal.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File NM-cli-dont-echo-password-on-terminal.patch of Package NetworkManager.12250
Index: NetworkManager-1.0.12/clients/cli/common.c =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/common.c +++ NetworkManager-1.0.12/clients/cli/common.c @@ -29,6 +29,7 @@ #include <readline/readline.h> #include <readline/history.h> +#include <termios.h> #include "nm-glib-compat.h" @@ -1009,6 +1010,7 @@ get_secrets_from_user (const char *reque const char *msg, NMConnection *connection, gboolean ask, + gboolean echo_on, GHashTable *pwds_hash, GPtrArray *secrets) { @@ -1039,7 +1041,7 @@ get_secrets_from_user (const char *reque } } g_print ("%s\n", msg); - pwd = nmc_readline ("%s (%s): ", secret->name, secret->prop_name); + pwd = nmc_readline_echo (echo_on, "%s (%s): ", secret->name, secret->prop_name); if (!pwd) pwd = g_strdup (""); } else { @@ -1099,7 +1101,7 @@ nmc_secrets_requested (NMSecretAgentSimp } success = get_secrets_from_user (request_id, title, msg, connection, nmc->in_editor || nmc->ask, - nmc->pwds_hash, secrets); + nmc->show_secrets, nmc->pwds_hash, secrets); if (success) nm_secret_agent_simple_response (agent, request_id, secrets); else { @@ -1152,29 +1154,10 @@ nmc_set_in_readline (gboolean in_readlin /* Global variable defined in nmcli.c */ extern NmCli nm_cli; -/** - * nmc_readline: - * @prompt_fmt: prompt to print (telling user what to enter). It is standard - * printf() format string - * @...: a list of arguments according to the @prompt_fmt format string - * - * Wrapper around libreadline's readline() function. - * If user pressed Ctrl-C, readline() is called again (if not in editor and - * line is empty, nmcli will quit). - * If user pressed Ctrl-D on empty line, nmcli will quit. - * - * Returns: the user provided string. In case the user entered empty string, - * this function returns NULL. - */ -char * -nmc_readline (const char *prompt_fmt, ...) +static char * +nmc_readline_helper (const char *prompt) { - va_list args; - char *prompt, *str; - - va_start (args, prompt_fmt); - prompt = g_strdup_vprintf (prompt_fmt, args); - va_end (args); + char *str; readline_mark: /* We are in readline -> Ctrl-C should not quit nmcli */ @@ -1215,7 +1198,6 @@ readline_mark: sleep (3); } } - g_free (prompt); /* Return NULL, not empty string */ if (str && *str == '\0') { @@ -1226,6 +1208,73 @@ readline_mark: } /** + * nmc_readline: + * @prompt_fmt: prompt to print (telling user what to enter). It is standard + * printf() format string + * @...: a list of arguments according to the @prompt_fmt format string + * + * Wrapper around libreadline's readline() function. + * If user pressed Ctrl-C, readline() is called again (if not in editor and + * line is empty, nmcli will quit). + * If user pressed Ctrl-D on empty line, nmcli will quit. + * + * Returns: the user provided string. In case the user entered empty string, + * this function returns NULL. + */ +char * +nmc_readline (const char *prompt_fmt, ...) +{ + va_list args; + char *prompt, *str; + + va_start (args, prompt_fmt); + prompt = g_strdup_vprintf (prompt_fmt, args); + va_end (args); + + str = nmc_readline_helper (prompt); + + g_free (prompt); + + return str; +} + +/** + * nmc_readline_echo: + * + * The same as nmc_readline() except it can disable echoing of input characters if @echo_on is %FALSE. + * nmc_readline(TRUE, ...) == nmc_readline(...) + */ +char * +nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...) +{ + va_list args; + char *prompt, *str; + struct termios termios_orig, termios_new; + + va_start (args, prompt_fmt); + prompt = g_strdup_vprintf (prompt_fmt, args); + va_end (args); + + /* Disable echoing characters */ + if (!echo_on) { + tcgetattr (STDIN_FILENO, &termios_orig); + termios_new = termios_orig; + termios_new.c_lflag &= ~(ECHO); + tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new); + } + + str = nmc_readline_helper (prompt); + + g_free (prompt); + + /* Restore original terminal settings */ + if (!echo_on) + tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig); + + return str; +} + +/** * nmc_rl_gen_func_basic: * @text: text to complete * @state: readline state; says whether start from scratch (state == 0) Index: NetworkManager-1.0.12/clients/cli/common.h =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/common.h +++ NetworkManager-1.0.12/clients/cli/common.h @@ -59,6 +59,7 @@ void nmc_secrets_requested (NMSecretAgen void nmc_cleanup_readline (void); char *nmc_readline (const char *prompt_fmt, ...) G_GNUC_PRINTF (1, 2); +char *nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...) G_GNUC_PRINTF (2, 3); char *nmc_rl_gen_func_basic (const char *text, int state, const char **words); gboolean nmc_get_in_readline (void); void nmc_set_in_readline (gboolean in_readline); Index: NetworkManager-1.0.12/clients/cli/polkit-agent.c =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/polkit-agent.c +++ NetworkManager-1.0.12/clients/cli/polkit-agent.c @@ -25,7 +25,6 @@ #include <string.h> #include <sys/types.h> #include <unistd.h> -#include <termios.h> #include <glib.h> #include <glib/gi18n-lib.h> @@ -44,18 +43,10 @@ polkit_request (const char *request, gpointer user_data) { char *response, *tmp, *p; - struct termios termios_orig, termios_new; g_print ("%s\n", message); g_print ("(action_id: %s)\n", action_id); - if (!echo_on) { - tcgetattr (STDIN_FILENO, &termios_orig); - termios_new = termios_orig; - termios_new.c_lflag &= ~(ECHO); - tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new); - } - /* Ask user for polkit authorization password */ if (user) { /* chop of ": " if present */ @@ -63,16 +54,12 @@ polkit_request (const char *request, p = strrchr (tmp, ':'); if (p && !strcmp (p, ": ")) *p = '\0'; - response = nmc_readline ("%s (%s): ", tmp, user); + response = nmc_readline_echo (echo_on, "%s (%s): ", tmp, user); g_free (tmp); } else - response = nmc_readline ("%s", request); + response = nmc_readline_echo (echo_on, "%s", request); g_print ("\n"); - /* Restore original terminal settings */ - if (!echo_on) - tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig); - return response; } Index: NetworkManager-1.0.12/clients/cli/devices.c =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/devices.c +++ NetworkManager-1.0.12/clients/cli/devices.c @@ -2566,7 +2566,7 @@ do_device_wifi_connect_network (NmCli *n if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) { /* Ask for missing password when one is expected and '--ask' is used */ if (!password && nmc->ask) - password = passwd_ask = nmc_readline (_("Password: ")); + password = passwd_ask = nmc_readline_echo (nmc->show_secrets, _("Password: ")); if (password) { if (!connection) Index: NetworkManager-1.0.12/clients/cli/connections.c =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/connections.c +++ NetworkManager-1.0.12/clients/cli/connections.c @@ -252,7 +252,7 @@ usage (void) { g_printerr (_("Usage: nmcli connection { COMMAND | help }\n\n" "COMMAND := { show | up | down | add | modify | edit | delete | reload | load }\n\n" - " show [--active] [[--show-secrets] [id | uuid | path | apath] <ID>] ...\n\n" + " show [--active] [id | uuid | path | apath] <ID> ...\n\n" #if WITH_WIMAX " up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [nsp <name>] [passwd-file <file with passwords>]\n\n" #else @@ -280,13 +280,13 @@ usage_connection_show (void) "profiles are listed. When --active option is specified, only the active\n" "profiles are shown.\n" "\n" - "ARGUMENTS := [--active] [--show-secrets] [id | uuid | path | apath] <ID> ...\n" + "ARGUMENTS := [--active] [id | uuid | path | apath] <ID> ...\n" "\n" "Show details for specified connections. By default, both static configuration\n" "and active connection data are displayed. It is possible to filter the output\n" "using global '--fields' option. Refer to the manual page for more information.\n" "When --active option is specified, only the active profiles are taken into\n" - "account. --show-secrets option will reveal associated secrets as well.\n")); + "account. Use global --show-secrets option to reveal associated secrets as well.\n")); } static void @@ -1434,7 +1434,7 @@ do_connections_show (NmCli *nmc, gboolea if (acon) con = NM_CONNECTION (nm_active_connection_get_connection (acon)); } - + if (!con && !acon) { g_string_printf (nmc->return_text, _("Error: %s - no such connection profile."), *argv); nmc->return_value = NMC_RESULT_ERROR_NOT_FOUND; @@ -1483,7 +1483,7 @@ do_connections_show (NmCli *nmc, gboolea } } new_line = TRUE; - + /* Take next argument. * But for pos != NULL we have more connections of the same name, * so process the same argument again. @@ -3393,7 +3393,7 @@ do_questionnaire_wimax (char **mac) } static void -do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac) +do_questionnaire_pppoe (gboolean echo, char **password, char **service, char **mtu, char **mac) { gboolean once_more; GError *error = NULL; @@ -3403,7 +3403,7 @@ do_questionnaire_pppoe (char **password, return; if (!*password) - *password = nmc_readline (_("Password [none]: ")); + *password = nmc_readline_echo (echo, _("Password [none]: ")); if (!*service) *service = nmc_readline (_("Service [none]: ")); @@ -3432,7 +3432,7 @@ do_questionnaire_pppoe (char **password, } static void -do_questionnaire_mobile (char **user, char **password) +do_questionnaire_mobile (gboolean echo, char **user, char **password) { /* Ask for optional 'gsm' or 'cdma' arguments. */ if (!want_provide_opt_args (_("mobile broadband"), 2)) @@ -3441,7 +3441,7 @@ do_questionnaire_mobile (char **user, ch if (!*user) *user = nmc_readline (_("Username [none]: ")); if (!*password) - *password = nmc_readline (_("Password [none]: ")); + *password = nmc_readline_echo (echo, _("Password [none]: ")); } #define WORD_PANU "panu" @@ -3904,7 +3904,7 @@ do_questionnaire_olpc (char **channel, c #define PROMPT_ADSL_ENCAP "(" NM_SETTING_ADSL_ENCAPSULATION_VCMUX "/" NM_SETTING_ADSL_ENCAPSULATION_LLC ") [none]: " static void -do_questionnaire_adsl (char **password, char **encapsulation) +do_questionnaire_adsl (gboolean echo, char **password, char **encapsulation) { gboolean once_more; GError *error = NULL; @@ -3914,7 +3914,7 @@ do_questionnaire_adsl (char **password, return; if (!*password) - *password = nmc_readline (_("Password [none]: ")); + *password = nmc_readline_echo (echo, _("Password [none]: ")); if (!*encapsulation) { do { @@ -4059,6 +4059,7 @@ complete_connection_by_type (NMConnectio const char *con_type, const GPtrArray *all_connections, gboolean ask, + gboolean show_secrets, int argc, char **argv, GError **error) @@ -4376,7 +4377,7 @@ cleanup_wimax: mtu = g_strdup (mtu_c); mac = g_strdup (mac_c); if (ask) - do_questionnaire_pppoe (&password, &service, &mtu, &mac); + do_questionnaire_pppoe (show_secrets, &password, &service, &mtu, &mac); if (!check_and_convert_mtu (mtu, &mtu_int, error)) goto cleanup_pppoe; @@ -4446,7 +4447,7 @@ cleanup_pppoe: user = g_strdup (user_c); password = g_strdup (password_c); if (ask) - do_questionnaire_mobile (&user, &password); + do_questionnaire_mobile (show_secrets, &user, &password); if (is_gsm) { g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_GSM_SETTING_NAME, NULL); @@ -5335,7 +5336,7 @@ cleanup_olpc: password = g_strdup (password_c); encapsulation = g_strdup (encapsulation_c); if (ask) - do_questionnaire_adsl (&password, &encapsulation); + do_questionnaire_adsl (show_secrets, &password, &encapsulation); if (!check_adsl_encapsulation (&encapsulation, error)) goto cleanup_adsl; @@ -5854,6 +5855,7 @@ do_connection_add (NmCli *nmc, int argc, setting_name, nmc->connections, nmc->ask, + nmc->show_secrets, argc, argv, &error)) { @@ -9272,11 +9274,14 @@ do_connections (NmCli *nmc, int argc, ch active = TRUE; next_arg (&argc, &argv); } + /* --show-secrets is deprecated in favour of global --show-secrets */ + /* Keep it here for backwards compatibility */ if (!show_secrets && nmc_arg_is_option (*argv, "show-secrets")) { show_secrets = TRUE; next_arg (&argc, &argv); } } + show_secrets = nmc->show_secrets || show_secrets; nmc->return_value = do_connections_show (nmc, active, show_secrets, argc, argv); } else if (matches(*argv, "up") == 0) { nmc->return_value = do_connection_up (nmc, argc-1, argv+1); Index: NetworkManager-1.0.12/clients/cli/nmcli.c =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/nmcli.c +++ NetworkManager-1.0.12/clients/cli/nmcli.c @@ -93,6 +93,7 @@ usage (const char *prog_name) " -e[scape] yes|no escape columns separators in values\n" " -n[ocheck] don't check nmcli and NetworkManager versions\n" " -a[sk] ask for missing parameters\n" + " -s[how-secrets] allow displaying passwords\n" " -w[ait] <seconds> set timeout waiting for finishing operations\n" " -v[ersion] show program version\n" " -h[elp] print this help\n" @@ -108,7 +109,7 @@ usage (const char *prog_name) prog_name); } -static NMCResultCode +static NMCResultCode do_help (NmCli *nmc, int argc, char **argv) { usage ("nmcli"); @@ -238,6 +239,8 @@ parse_command_line (NmCli *nmc, int argc nmc->nocheck_ver = TRUE; } else if (matches (opt, "-ask") == 0) { nmc->ask = TRUE; + } else if (matches (opt, "-show-secrets") == 0) { + nmc->show_secrets = TRUE; } else if (matches (opt, "-wait") == 0) { unsigned long timeout; next_arg (&argc, &argv); @@ -526,6 +529,7 @@ nmc_init (NmCli *nmc) memset (&nmc->print_fields, '\0', sizeof (NmcPrintFields)); nmc->nocheck_ver = FALSE; nmc->ask = FALSE; + nmc->show_secrets = FALSE; nmc->in_editor = FALSE; nmc->editor_status_line = FALSE; nmc->editor_save_confirmation = TRUE; @@ -590,7 +594,7 @@ main (int argc, char *argv[]) #if !GLIB_CHECK_VERSION (2, 35, 0) g_type_init (); #endif - + /* Save terminal settings */ tcgetattr (STDIN_FILENO, &termios_orig); Index: NetworkManager-1.0.12/clients/cli/nmcli.h =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/nmcli.h +++ NetworkManager-1.0.12/clients/cli/nmcli.h @@ -137,6 +137,7 @@ typedef struct _NmCli { NmcPrintFields print_fields; /* Structure with field indices to print */ gboolean nocheck_ver; /* Don't check nmcli and NM versions: option '--nocheck' */ gboolean ask; /* Ask for missing parameters: option '--ask' */ + gboolean show_secrets; /* Whether to display secrets (both input and output): option '--show-secrets' */ gboolean in_editor; /* Whether running the editor - nmcli con edit' */ gboolean editor_status_line; /* Whether to display status line in connection editor */ gboolean editor_save_confirmation; /* Whether to ask for confirmation on saving connections with 'autoconnect=yes' */ Index: NetworkManager-1.0.12/clients/cli/nmcli-completion =================================================================== --- NetworkManager-1.0.12.orig/clients/cli/nmcli-completion +++ NetworkManager-1.0.12/clients/cli/nmcli-completion @@ -712,7 +712,7 @@ _nmcli() local COMMAND_CONNECTION_ACTIVE="" HELP_ONLY_AS_FIRST= - local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask wait version help) + local LONG_OPTIONS=(terse pretty mode fields escape nocheck ask show-secrets wait version help) _nmcli_compl_OPTIONS i=$? @@ -807,11 +807,11 @@ _nmcli() case "$command" in s|sh|sho|show) if [[ ${#words[@]} -eq 3 ]]; then - _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active show-secrets + _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active elif [[ ${#words[@]} -gt 3 ]]; then _nmcli_array_delete_at words 0 1 - LONG_OPTIONS=(help active show-secrets) + LONG_OPTIONS=(help active) HELP_ONLY_AS_FIRST=1 _nmcli_compl_OPTIONS i=$? Index: NetworkManager-1.0.12/man/nmcli.1.in =================================================================== --- NetworkManager-1.0.12.orig/man/nmcli.1.in +++ NetworkManager-1.0.12/man/nmcli.1.in @@ -53,6 +53,8 @@ nmcli \- command\(hyline tool for contro .br \fB\-a\fR[\fIsk\fR] .br +\fB\-s\fR[\fIhow-secrets\fR] +.br \fB\-w\fR[\fIait\fR] <seconds> .br \fB\-v\fR[\fIersion\fR] @@ -134,6 +136,11 @@ arguments, so do not use this option for This option controls, for example, whether you will be prompted for a password if it is required for connecting to a network. .TP +.B \-s, \-\-show-secrets +When using this option \fInmcli\fP will display passwords and secrets that might +be present in an output of an operation. This option also influences echoing +passwords typed by user as an input. +.TP .B \-w, \-\-wait <seconds> This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP to finish operations. It is especially useful for commands that may take a longer time to @@ -289,12 +296,12 @@ active if a device is using that connect profiles are listed. When --active option is specified, only the active profiles are shown. .TP -.B show [--active] [--show-secrets] [ id | uuid | path | apath ] <ID> ... +.B show [--active] [ id | uuid | path | apath ] <ID> ... .br Show details for specified connections. By default, both static configuration and active connection data are displayed. When --active option is specified, -only the active profiles are taken into account. When --show-secrets option is -specified, secrets associated with the profile will be revealed too. +only the active profiles are taken into account. Use global --show-secrets option +to display secrets associated with the profile. \fIid\fP, \fIuuid\fP, \fIpath\fP and \fIapath\fP keywords can be used if \fI<ID>\fP is ambiguous. .RS @@ -941,7 +948,7 @@ shows all connection profile names and t .IP shows details for "My default em1" connection profile. -.IP "\fB\f(CWnmcli connection show --show-secrets \(dq\&My Home WiFi\(dq\&\fP\fP" +.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP" .IP shows details for "My Home WiFi" connection profile with all passwords. Without \fI--show-secrets\fP option, secrets would not be displayed.
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor