1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
8 #include "ask-password-api.h"
10 #include "constants.h"
13 #include "main-func.h"
14 #include "parse-argument.h"
15 #include "pretty-print.h"
17 #include "terminal-util.h"
19 static const char *arg_icon
= NULL
;
20 static const char *arg_id
= NULL
; /* identifier for 'ask-password' protocol */
21 static const char *arg_key_name
= NULL
; /* name in kernel keyring */
22 static const char *arg_credential_name
= NULL
; /* name in $CREDENTIALS_DIRECTORY directory */
23 static char *arg_message
= NULL
;
24 static usec_t arg_timeout
= DEFAULT_TIMEOUT_USEC
;
25 static bool arg_multiple
= false;
26 static bool arg_no_output
= false;
27 static AskPasswordFlags arg_flags
= ASK_PASSWORD_PUSH_CACHE
;
28 static bool arg_newline
= true;
30 STATIC_DESTRUCTOR_REGISTER(arg_message
, freep
);
32 static int help(void) {
33 _cleanup_free_
char *link
= NULL
;
36 r
= terminal_urlify_man("systemd-ask-password", "1", &link
);
40 printf("%1$s [OPTIONS...] MESSAGE\n\n"
41 "%3$sQuery the user for a system passphrase, via the TTY or an UI agent.%4$s\n\n"
42 " -h --help Show this help\n"
43 " --icon=NAME Icon name\n"
44 " --id=ID Query identifier (e.g. \"cryptsetup:/dev/sda5\")\n"
45 " --keyname=NAME Kernel key name for caching passwords (e.g. \"cryptsetup\")\n"
46 " --credential=NAME\n"
47 " Credential name for LoadCredential=/SetCredential=\n"
49 " --timeout=SEC Timeout in seconds\n"
50 " --echo=yes|no|masked\n"
51 " Control whether to show password while typing (echo)\n"
52 " -e --echo Equivalent to --echo=yes\n"
53 " --emoji=yes|no|auto\n"
54 " Show a lock and key emoji\n"
55 " --no-tty Ask question via agent even on TTY\n"
56 " --accept-cached Accept cached passwords\n"
57 " --multiple List multiple passwords if available\n"
58 " --no-output Do not print password to standard output\n"
59 " -n Do not suffix password written to standard output with\n"
61 "\nSee the %2$s for details.\n",
62 program_invocation_short_name
,
70 static int parse_argv(int argc
, char *argv
[]) {
86 static const struct option options
[] = {
87 { "help", no_argument
, NULL
, 'h' },
88 { "version", no_argument
, NULL
, ARG_VERSION
},
89 { "icon", required_argument
, NULL
, ARG_ICON
},
90 { "timeout", required_argument
, NULL
, ARG_TIMEOUT
},
91 { "echo", optional_argument
, NULL
, 'e' },
92 { "emoji", required_argument
, NULL
, ARG_EMOJI
},
93 { "no-tty", no_argument
, NULL
, ARG_NO_TTY
},
94 { "accept-cached", no_argument
, NULL
, ARG_ACCEPT_CACHED
},
95 { "multiple", no_argument
, NULL
, ARG_MULTIPLE
},
96 { "id", required_argument
, NULL
, ARG_ID
},
97 { "keyname", required_argument
, NULL
, ARG_KEYNAME
},
98 { "no-output", no_argument
, NULL
, ARG_NO_OUTPUT
},
99 { "credential", required_argument
, NULL
, ARG_CREDENTIAL
},
103 const char *emoji
= NULL
;
109 /* Note the asymmetry: the long option --echo= allows an optional argument, the short option does
111 while ((c
= getopt_long(argc
, argv
, "+hen", options
, NULL
)) >= 0)
126 r
= parse_sec(optarg
, &arg_timeout
);
128 return log_error_errno(r
, "Failed to parse --timeout= parameter: %s", optarg
);
134 /* Short option -e is used, or no argument to long option --echo= */
135 arg_flags
|= ASK_PASSWORD_ECHO
;
136 arg_flags
&= ~ASK_PASSWORD_SILENT
;
137 } else if (isempty(optarg
) || streq(optarg
, "masked"))
138 /* Empty argument or explicit string "masked" for default behaviour. */
139 arg_flags
&= ~(ASK_PASSWORD_ECHO
|ASK_PASSWORD_SILENT
);
143 r
= parse_boolean_argument("--echo=", optarg
, &b
);
147 SET_FLAG(arg_flags
, ASK_PASSWORD_ECHO
, b
);
148 SET_FLAG(arg_flags
, ASK_PASSWORD_SILENT
, !b
);
157 arg_flags
|= ASK_PASSWORD_NO_TTY
;
160 case ARG_ACCEPT_CACHED
:
161 arg_flags
|= ASK_PASSWORD_ACCEPT_CACHED
;
173 arg_key_name
= optarg
;
177 arg_no_output
= true;
181 arg_credential_name
= optarg
;
192 assert_not_reached();
195 if (isempty(emoji
) || streq(emoji
, "auto"))
196 SET_FLAG(arg_flags
, ASK_PASSWORD_HIDE_EMOJI
, FLAGS_SET(arg_flags
, ASK_PASSWORD_ECHO
));
200 r
= parse_boolean_argument("--emoji=", emoji
, &b
);
204 SET_FLAG(arg_flags
, ASK_PASSWORD_HIDE_EMOJI
, !b
);
208 arg_message
= strv_join(argv
+ optind
, " ");
211 } else if (FLAGS_SET(arg_flags
, ASK_PASSWORD_ECHO
)) {
212 /* By default ask_password_auto() will query with the string "Password: ", which is not right
213 * when full echo is on, since then it's unlikely a password. Let's hence default to a less
214 * confusing string in that case. */
216 arg_message
= strdup("Input:");
224 static int run(int argc
, char *argv
[]) {
225 _cleanup_strv_free_erase_
char **l
= NULL
;
229 log_show_color(true);
230 log_parse_environment();
233 r
= parse_argv(argc
, argv
);
238 timeout
= usec_add(now(CLOCK_MONOTONIC
), arg_timeout
);
242 r
= ask_password_auto(arg_message
, arg_icon
, arg_id
, arg_key_name
, arg_credential_name
?: "password", timeout
, arg_flags
, &l
);
244 return log_error_errno(r
, "Failed to query password: %m");
247 if (!arg_no_output
) {
263 DEFINE_MAIN_FUNCTION(run
);