summaryrefslogtreecommitdiffstats
path: root/src/ask-password (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tree-wide: Use log_setup() everywhereDaan De Meyer2024-04-251-3/+1
| | | | | Otherwise the default log target is the console and we won't use the journal socket even if it is available.
* ask-password: minor shorteningZbigniew Jędrzejewski-Szmek2024-04-071-4/+1
|
* ask-password: rework how we pass request meta info when asking passwordsLennart Poettering2024-02-201-1/+9
| | | | | | | | | | | Rather than adding more and more parameters to ask_password_auto(), let's pass a structure of the fields that often are constant anyway. This way, callers can fill in what they need, and we take the filled structure which we can pass around internally as one. This is in particular preparation for adding one more field in one of the next commits.
* meson: move declarations of ask-password and friendsYu Watanabe2023-08-011-0/+9
|
* treewide: fix "an" before consonant U soundsJoerg Behrmann2023-07-061-1/+1
| | | | | | The article "a" goes before consonant sounds and "an" goes before vowel sounds. This commit changes an to a for UKI, UDP, UTF-8, URL, UUID, U-Label, UI and USB, since they start with the sound /ˌjuː/.
* creds: Add ImportCredential=Daan De Meyer2023-06-081-2/+2
| | | | | | ImportCredential= takes a credential name and searches for a matching credential in all the credential stores we know about it. It supports globs which are expanded so that all matching credentials are loaded.
* Merge pull request #26887 from yuwata/proc-cmdline-filter-argumentsZbigniew Jędrzejewski-Szmek2023-04-071-0/+4
|\ | | | | proc-cmdline: filter PID1 arguments on container
| * tree-wide: reset optind to 0 when GNU extensions in optstring are usedYu Watanabe2023-03-291-0/+4
| | | | | | | | | | | | | | | | | | | | Otherwise, if getopt() and friends are used before parse_argv(), then the GNU extensions may be ignored. This should not change any behavior at least now, as we usually use getopt_long() only once per invocation. But in the next commit, getopt_long() will be used for other arrays, hence this change will become necessary.
* | various: simplify calls to parse_boolean_argument()Zbigniew Jędrzejewski-Szmek2023-04-051-9/+5
|/ | | | | parse_boolean_argument() returns the same information via both the output argument and normal return.
* Rename def.h to constants.hZbigniew Jędrzejewski-Szmek2022-11-081-1/+1
| | | | | | The name "def.h" originates from before the rule of "no needless abbreviations" was established. Let's rename the file to clarify that it contains a collection of various semi-related constants.
* basic: move version() to build.h+cZbigniew Jędrzejewski-Szmek2022-11-081-0/+1
|
* strv: make iterator in STRV_FOREACH() declaread in the loopYu Watanabe2022-03-191-1/+0
| | | | This also avoids multiple evaluations in STRV_FOREACH_BACKWARDS()
* Drop the text argument from assert_not_reached()Zbigniew Jędrzejewski-Szmek2021-08-031-1/+1
| | | | | | | | | | | | | | | | | In general we almost never hit those asserts in production code, so users see them very rarely, if ever. But either way, we just need something that users can pass to the developers. We have quite a few of those asserts, and some have fairly nice messages, but many are like "WTF?" or "???" or "unexpected something". The error that is printed includes the file location, and function name. In almost all functions there's at most one assert, so the function name alone is enough to identify the failure for a developer. So we don't get much extra from the message, and we might just as well drop them. Dropping them makes our code a tiny bit smaller, and most importantly, improves development experience by making it easy to insert such an assert in the code without thinking how to phrase the argument.
* ask-password: add "-n" switch for disabling trailing newlineLennart Poettering2021-06-241-3/+16
| | | | This is similar to the "-n" switch of the "echo" command.
* ask-password: once we hit the message argument, don't process switches anymoreLennart Poettering2021-06-031-1/+1
| | | | | Let's not mangle the message part unnecessarily, that'd be confusing and unexpected.
* ask-password: default to a different prompt than "Password:" if the echo is onLennart Poettering2021-06-031-0/+8
|
* ask-password: make password echo fully configurableLennart Poettering2021-06-031-12/+31
| | | | | | This adds --visible=yes|no|asterisk which allow controlling the echo of the password prompt in detail. The existing --echo switch is then made an alias for --visible=yes (and a shortcut -e added for it too).
* ask-password: allow to control lock and key emojiChristian Hesse2021-05-311-0/+22
| | | | | | | | Giving --echo to systemd-ask-password allows to echo the user input. There's nothing secret, so do not show a lock and key emoji by default. The behavior can be controlled with --emoji=yes|no|auto. The default is auto, which defaults to yes, unless --echo is given.
* ask-password: when querying for a password, try to read from credential ↵Lennart Poettering2021-03-261-8/+21
| | | | | | | | | | | | store first This adds generic support for the SetCredential=/LoadCredential= logic to our password querying infrastructure: if a password is requested by a program that has a credential store configured via $CREDENTIALS_DIRECTORY we'll look in it for a password. The "systemd-ask-password" tool is updated with an option to specify the credential to look for.
* tree-wide: use usec_add() and usec_sub_unsigned()Yu Watanabe2021-03-041-1/+1
|
* tree-wide: Drop custom formatting for print() help messagesDaan De Meyer2021-01-311-4/+3
| | | | | | | | | | | | I think this formatting was originally used because it simplified adding new options to the help messages. However, these days, most tools their help message end with "\nSee the %s for details.\n" so the final line almost never has to be edited which eliminates the benefit of the custom formatting used for printf() help messages. Let's make things more consistent and use the same formatting for printf() help messages that we use everywhere else. Prompted by https://github.com/systemd/systemd/pull/18355#discussion_r567241580
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-091-1/+1
|
* Enable log colors for most of tools in /usr/binZbigniew Jędrzejewski-Szmek2019-05-081-0/+1
| | | | | | | | | | When emitting the calendarspec warning we want to see some color. Follow-up for 04220fda5c. Exceptions: - systemctl, because it has a lot hand-crafted coloring - tmpfiles, sysusers, stdio-bridge, etc, because they are also used in services and I'm not sure if this wouldn't mess up something.
* coccinelle: make use of SYNTHETIC_ERRNOZbigniew Jędrzejewski-Szmek2018-11-221-4/+4
| | | | | | | | | | | Ideally, coccinelle would strip unnecessary braces too. But I do not see any option in coccinelle for this, so instead, I edited the patch text using search&replace to remove the braces. Unfortunately this is not fully automatic, in particular it didn't deal well with if-else-if-else blocks and ifdefs, so there is an increased likelikehood be some bugs in such spots. I also removed part of the patch that coccinelle generated for udev, where we returns -1 for failure. This should be fixed independently.
* Split out pretty-print.c and move pager.c and main-func.h to shared/Zbigniew Jędrzejewski-Szmek2018-11-201-1/+1
| | | | | This is high-level functionality, and fits better in shared/ (which is for our executables), than in basic/ (which is also for libraries).
* ask-password: use static destructor and DEFINE_MAIN_FUNCTION() macroYu Watanabe2018-11-201-10/+10
|
* tree-wide: add clickable man page link to all --help textsLennart Poettering2018-08-201-4/+21
| | | | | | | | | | This is a bit like the info link in most of GNU's --help texts, but we don't do info but man pages, and we make them properly clickable on terminal supporting that, because awesome. I think it's generally advisable to link up our (brief) --help texts and our (more comprehensive) man pages a bit, so this should be an easy and straight-forward way to do it.
* tree-wide: remove Lennart's copyright linesLennart Poettering2018-06-141-3/+0
| | | | | | | | | | | These lines are generally out-of-date, incomplete and unnecessary. With SPDX and git repository much more accurate and fine grained information about licensing and authorship is available, hence let's drop the per-file copyright notice. Of course, removing copyright lines of others is problematic, hence this commit only removes my own lines and leaves all others untouched. It might be nicer if sooner or later those could go away too, making git the only and accurate source of authorship information.
* tree-wide: drop 'This file is part of systemd' blurbLennart Poettering2018-06-141-2/+0
| | | | | | | | | | | | | | | | This part of the copyright blurb stems from the GPL use recommendations: https://www.gnu.org/licenses/gpl-howto.en.html The concept appears to originate in times where version control was per file, instead of per tree, and was a way to glue the files together. Ultimately, we nowadays don't live in that world anymore, and this information is entirely useless anyway, as people are very welcome to copy these files into any projects they like, and they shouldn't have to change bits that are part of our copyright header for that. hence, let's just get rid of this old cruft, and shorten our codebase a bit.
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* Add SPDX license identifiers to source files under the LGPLZbigniew Jędrzejewski-Szmek2017-11-191-0/+1
| | | | | This follows what the kernel is doing, c.f. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5fd54ace4721fc5ce2bb5aef6318fcf17f421460.
* build-sys: drop automake supportZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | | v2: - also mention m4
* ask-password: add option --no-output to not print password to stdoutChristian Hesse2016-03-011-1/+10
| | | | | | | | | systemd-ask-password can store passwords in kernel keyring. However it uses to print the passwords to standard output nevertheless. Depending on where systemd-ask-password is called passwords may end on display or in log, leaking sensitive information. This allows to make systemd-ask-password quiet, effectively disabling printing passwords to standard output.
* tree-wide: remove Emacs lines from all filesDaniel Mack2016-02-101-2/+0
| | | | | This should be handled fine now by .dir-locals.el, so need to carry that stuff in every file.
* strv: Add _cleanup_strv_free_erase_ and _cleanup_string_free_erase_Zbigniew Jędrzejewski-Szmek2015-10-191-3/+1
|
* tree-wide: whenever we deal with passwords, erase them from memory after useLennart Poettering2015-10-191-0/+2
| | | | A bit snake-oilish, but can't hurt.
* ask-password: add support for caching passwords in the kernel keyringLennart Poettering2015-10-071-45/+40
| | | | | | | | | | | | | This adds support for caching harddisk passwords in the kernel keyring if it is available, thus supporting caching without Plymouth being around. This is also useful for hooking up "gdm-auto-login" with the collected boot-time harddisk password, in order to support gnome keyring passphrase unlocking via the HDD password, if it is the same. Any passwords added to the kernel keyring this way have a timeout of 2.5min at which time they are purged from the kernel.
* ask-password: various modernizationsLennart Poettering2015-10-061-22/+20
| | | | | | | | | | | Primarily clean-up error logging: log either all or no error messages in the various functions. Mostly this means the actual password querying calls no longer will log on their own, but the callers have to do so. Contains various other fixes too, for example ports some code over to use the clean-up macro. Should contain no functional changes.
* tree-wide: don't do assignments within if checksLennart Poettering2015-09-091-2/+6
| | | | | | | | | | | Turn this: if ((r = foo()) < 0) { ... into this: r = foo(); if (r < 0) { ...
* remove unused includesThomas Hindoe Paaboel Andersen2015-02-231-12/+0
| | | | | | This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.
* include <poll.h> instead of <sys/poll.h>Thomas Hindoe Paaboel Andersen2015-02-121-1/+1
| | | | | | include-what-you-use automatically does this and it makes finding unnecessary harder to spot. The only content of poll.h is a include of sys/poll.h so should be harmless.
* ask-password: Add --echo to enable echoing the user inputDavid Sommerseth2014-10-051-2/+10
| | | | | | | | | | | | | | | | Programs such as OpenVPN may use ask-password for not only retrieving passwords, but also usernames. Masking usernames with * seems just silly. v2 - Don't mess with termios flags, instead print the input instead of an asterix. Resolves issues with backspace and TAB input. v3 - Renamed 'do_echo' variables and argument to 'echo'. Also modified the ask_password_{tty,agent,auto} API instead of additional wrapper functions. [zj: undo changes to ask_password_auto, since no callers were using the new argument.]
* Unify parse_argv styleZbigniew Jędrzejewski-Szmek2014-08-041-12/+10
| | | | | | | | | | | | | | | | getopt is usually good at printing out a nice error message when commandline options are invalid. It distinguishes between an unknown option and a known option with a missing arg. It is better to let it do its job and not use opterr=0 unless we actually want to suppress messages. So remove opterr=0 in the few places where it wasn't really useful. When an error in options is encountered, we should not print a lengthy help() and overwhelm the user, when we know precisely what is wrong with the commandline. In addition, since help() prints to stdout, it should not be used except when requested with -h or --help. Also, simplify things here and there.
* Add more password agent informationDavid Härdeman2014-04-241-3/+11
| | | | | | | | | | Add an (optional) "Id" key in the password agent .ask files. The Id is supposed to be a simple string in "<subsystem>:<target>" form which is used to provide more information on what the requested passphrase is to be used for (which e.g. allows an agent to only react to cryptsetup requests). (v2: rebased, fixed indentation, escape name, use strappenda)
* clients: unify how we invoke getopt_long()Lennart Poettering2013-11-061-5/+3
| | | | | Among other things this makes sure we always expose a --version command and show it in the help texts.
* util: rename parse_usec() to parse_sec() sinds the default unit is secondsLennart Poettering2013-04-031-1/+1
| | | | | | | | Internally we store all time values in usec_t, however parse_usec() actually was used mostly to parse values in seconds (unless explicit units were specified to define a different unit). Hence, be clear about this and name the function about what we pass into it, not what we get out of it.
* build-sys: add stub makefiles to all subdirs to ease development with emacsLennart Poettering2012-04-131-0/+1
|
* move all tools to subdirsKay Sievers2012-04-121-0/+184