Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
server: Disallow password=- from non-tty and fix error message (RHBZ#…
…1842440). This command fails with an incorrect error message: $ nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' </dev/null password: nbdkit: error: could not read password from stdin: Inappropriate ioctl for device The error (ENOTTY Inappropriate ioctl for device) is actually a leftover errno from the previous isatty call. Since stdin is /dev/null, isatty returns 0 and sets errno = ENOTTY. The reason why this error turns up in the error message is because getline(3) can return -1 either for an error or for EOF. In the EOF case it does not set errno so we get the previous errno value which happens to be the one from isatty. Also: $ echo -n '' | nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' password: nbdkit: error: could not read password from stdin: Inappropriate ioctl for device $ echo -n '1' | nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' password: [password is read OK] All of this raises the question of what password=- actually means. It's documented as "read a password interactively", with the word "interactively" appearing in the documentation at least as far back as nbdkit 1.2. Also since at least 1.2 we have allowed passwords to be read from files (password=+FILENAME), and since 1.16 you can read passwords from arbitrary file descriptors (password=-FD). Another justification for the interactive-only nature of password=- is that it prints a “password: ” prompt. It doesn't try to suppress this prompt if stdin is not a tty. So I believe it is fair to ban password=- unless the input is a tty. This commit also fixes the error message by handling the case where getline returns -1 without setting errno. Additionally we have to deal with possible undefined behaviour in this case (see https://stackoverflow.com/a/47067633). After this change: $ ./nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' password: <--- press return key [zero length password is read] $ ./nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' password: <--- press ^D [zero length password is read] $ echo -n '' | ./nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' nbdkit: error: stdin is not a tty, cannot read password interactively $ echo -n '1' | ./nbdkit ssh host=localhost /nosuchfile password=- --run 'qemu-img info $nbd' nbdkit: error: stdin is not a tty, cannot read password interactively Thanks: Ming Xie, Pino Toscano, Eric Blake.
- Loading branch information