diff options
author | Christian Hesse <mail@eworm.de> | 2016-02-29 21:04:02 +0100 |
---|---|---|
committer | Christian Hesse <mail@eworm.de> | 2016-03-01 19:02:11 +0100 |
commit | a5a4e3658ddc0c9692057ce5288fa1bb6f53bacc (patch) | |
tree | ffd0eeaac43d8d383dc5ca509f838a9931a97ba8 | |
parent | 114761866a5e9376277daf847663d23361ffe0c0 (diff) |
ask-password: add option --no-output to not print password to stdout
systemd-ask-password can store passwords in kernel keyring. However it
uses to print the passwords to standard output nevertheless. Depending
on where systemd-ask-password is called passwords may end on display
or in log, leaking sensitive information.
This allows to make systemd-ask-password quiet, effectively disabling
printing passwords to standard output.
-rw-r--r-- | man/systemd-ask-password.xml | 9 | ||||
-rw-r--r-- | src/ask-password/ask-password.c | 11 |
2 files changed, 19 insertions, 1 deletions
diff --git a/man/systemd-ask-password.xml b/man/systemd-ask-password.xml index 2a4d24349b..e84a15c554 100644 --- a/man/systemd-ask-password.xml +++ b/man/systemd-ask-password.xml @@ -192,6 +192,15 @@ This will output one password per line.</para></listitem> </varlistentry> + <varlistentry> + <term><option>--no-output</option></term> + + <listitem><para>Do not print passwords to standard output. + This is useful if you want to store a password in kernel + keyring with <option>--keyname</option> but do not want it + to show up on screen or in logs.</para></listitem> + </varlistentry> + <xi:include href="standard-options.xml" xpointer="help" /> </variablelist> diff --git a/src/ask-password/ask-password.c b/src/ask-password/ask-password.c index adc9286612..6d53dd982c 100644 --- a/src/ask-password/ask-password.c +++ b/src/ask-password/ask-password.c @@ -34,6 +34,7 @@ static const char *arg_keyname = NULL; static char *arg_message = NULL; static usec_t arg_timeout = DEFAULT_TIMEOUT_USEC; static bool arg_multiple = false; +static bool arg_no_output = false; static AskPasswordFlags arg_flags = ASK_PASSWORD_PUSH_CACHE; static void help(void) { @@ -48,6 +49,7 @@ static void help(void) { " --no-tty Ask question via agent even on TTY\n" " --accept-cached Accept cached passwords\n" " --multiple List multiple passwords if available\n" + " --no-output Do not print password to standard output\n" , program_invocation_short_name); } @@ -62,6 +64,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_MULTIPLE, ARG_ID, ARG_KEYNAME, + ARG_NO_OUTPUT, }; static const struct option options[] = { @@ -74,6 +77,7 @@ static int parse_argv(int argc, char *argv[]) { { "multiple", no_argument, NULL, ARG_MULTIPLE }, { "id", required_argument, NULL, ARG_ID }, { "keyname", required_argument, NULL, ARG_KEYNAME }, + { "no-output", no_argument, NULL, ARG_NO_OUTPUT }, {} }; @@ -125,6 +129,10 @@ static int parse_argv(int argc, char *argv[]) { arg_keyname = optarg; break; + case ARG_NO_OUTPUT: + arg_no_output = true; + break; + case '?': return -EINVAL; @@ -166,7 +174,8 @@ int main(int argc, char *argv[]) { } STRV_FOREACH(p, l) { - puts(*p); + if (!arg_no_output) + puts(*p); if (!arg_multiple) break; |