1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8 #include "ask-password-api.h"
12 #include "main-func.h"
13 #include "parse-argument.h"
14 #include "pretty-print.h"
16 #include "terminal-util.h"
18 static const char *arg_icon
= NULL
;
19 static const char *arg_id
= NULL
; /* identifier for 'ask-password' protocol */
20 static const char *arg_key_name
= NULL
; /* name in kernel keyring */
21 static const char *arg_credential_name
= NULL
; /* name in $CREDENTIALS_DIRECTORY directory */
22 static char *arg_message
= NULL
;
23 static usec_t arg_timeout
= DEFAULT_TIMEOUT_USEC
;
24 static bool arg_multiple
= false;
25 static bool arg_no_output
= false;
26 static AskPasswordFlags arg_flags
= ASK_PASSWORD_PUSH_CACHE
;
27 static bool arg_newline
= true;
29 STATIC_DESTRUCTOR_REGISTER(arg_message
, freep
);
31 static int help(void) {
32 _cleanup_free_
char *link
= NULL
;
35 r
= terminal_urlify_man("systemd-ask-password", "1", &link
);
39 printf("%1$s [OPTIONS...] MESSAGE\n\n"
40 "%3$sQuery the user for a system passphrase, via the TTY or an UI agent.%4$s\n\n"
41 " -h --help Show this help\n"
42 " --icon=NAME Icon name\n"
43 " --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n"
44 " --keyname=NAME Kernel key name for caching passwords (e.g. \"cryptsetup\")\n"
45 " --credential=NAME\n"
46 " Credential name for LoadCredential=/SetCredential=\n"
48 " --timeout=SEC Timeout in seconds\n"
49 " --echo=yes|no|masked\n"
50 " Control whether to show password while typing (echo)\n"
51 " -e --echo Equivalent to --echo=yes\n"
52 " --emoji=yes|no|auto\n"
53 " Show a lock and key emoji\n"
54 " --no-tty Ask question via agent even on TTY\n"
55 " --accept-cached Accept cached passwords\n"
56 " --multiple List multiple passwords if available\n"
57 " --no-output Do not print password to standard output\n"
58 " -n Do not suffix password written to standard output with\n"
60 "\nSee the %2$s for details.\n",
61 program_invocation_short_name
,
69 static int parse_argv(int argc
, char *argv
[]) {
85 static const struct option options
[] = {
86 { "help", no_argument
, NULL
, 'h' },
87 { "version", no_argument
, NULL
, ARG_VERSION
},
88 { "icon", required_argument
, NULL
, ARG_ICON
},
89 { "timeout", required_argument
, NULL
, ARG_TIMEOUT
},
90 { "echo", optional_argument
, NULL
, 'e' },
91 { "emoji", required_argument
, NULL
, ARG_EMOJI
},
92 { "no-tty", no_argument
, NULL
, ARG_NO_TTY
},
93 { "accept-cached", no_argument
, NULL
, ARG_ACCEPT_CACHED
},
94 { "multiple", no_argument
, NULL
, ARG_MULTIPLE
},
95 { "id", required_argument
, NULL
, ARG_ID
},
96 { "keyname", required_argument
, NULL
, ARG_KEYNAME
},
97 { "no-output", no_argument
, NULL
, ARG_NO_OUTPUT
},
98 { "credential", required_argument
, NULL
, ARG_CREDENTIAL
},
102 const char *emoji
= NULL
;
108 /* Note the asymmetry: the long option --echo= allows an optional argument, the short option does
110 while ((c
= getopt_long(argc
, argv
, "+hen", options
, NULL
)) >= 0)
125 r
= parse_sec(optarg
, &arg_timeout
);
127 return log_error_errno(r
, "Failed to parse --timeout= parameter: %s", optarg
);
133 /* Short option -e is used, or no argument to long option --echo= */
134 arg_flags
|= ASK_PASSWORD_ECHO
;
135 arg_flags
&= ~ASK_PASSWORD_SILENT
;
136 } else if (isempty(optarg
) || streq(optarg
, "masked"))
137 /* Empty argument or explicit string "masked" for default behaviour. */
138 arg_flags
&= ~(ASK_PASSWORD_ECHO
|ASK_PASSWORD_SILENT
);
142 r
= parse_boolean_argument("--echo=", optarg
, &b
);
146 SET_FLAG(arg_flags
, ASK_PASSWORD_ECHO
, b
);
147 SET_FLAG(arg_flags
, ASK_PASSWORD_SILENT
, !b
);
156 arg_flags
|= ASK_PASSWORD_NO_TTY
;
159 case ARG_ACCEPT_CACHED
:
160 arg_flags
|= ASK_PASSWORD_ACCEPT_CACHED
;
172 arg_key_name
= optarg
;
176 arg_no_output
= true;
180 arg_credential_name
= optarg
;
191 assert_not_reached();
194 if (isempty(emoji
) || streq(emoji
, "auto"))
195 SET_FLAG(arg_flags
, ASK_PASSWORD_HIDE_EMOJI
, FLAGS_SET(arg_flags
, ASK_PASSWORD_ECHO
));
199 r
= parse_boolean_argument("--emoji=", emoji
, &b
);
203 SET_FLAG(arg_flags
, ASK_PASSWORD_HIDE_EMOJI
, !b
);
207 arg_message
= strv_join(argv
+ optind
, " ");
210 } else if (FLAGS_SET(arg_flags
, ASK_PASSWORD_ECHO
)) {
211 /* By default ask_password_auto() will query with the string "Password: ", which is not right
212 * when full echo is on, since then it's unlikely a password. Let's hence default to a less
213 * confusing string in that case. */
215 arg_message
= strdup("Input:");
223 static int run(int argc
, char *argv
[]) {
224 _cleanup_strv_free_erase_
char **l
= NULL
;
228 log_show_color(true);
229 log_parse_environment();
232 r
= parse_argv(argc
, argv
);
237 timeout
= usec_add(now(CLOCK_MONOTONIC
), arg_timeout
);
241 r
= ask_password_auto(arg_message
, arg_icon
, arg_id
, arg_key_name
, arg_credential_name
?: "password", timeout
, arg_flags
, &l
);
243 return log_error_errno(r
, "Failed to query password: %m");
246 if (!arg_no_output
) {
262 DEFINE_MAIN_FUNCTION(run
);