getpass() and stdin
(1) By senyai on 2022-11-14 08:06:32 [source]
Hi!
Currently getpass() function opens /dev/tty
which is not always available and it causes some troubles, for example, we can't pass password securely in vscode extension. As I can see python falls back to stdin which is what fossil should do too. Should I make a patch?
(2) By Florian Balmer (florian.balmer) on 2022-11-14 10:40:00 in reply to 1 [link] [source]
Tricky topic (at least on Windows), reference to an old discussion:
https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg25237.html
(3) By Florian Balmer (florian.balmer) on 2023-03-14 19:01:58 in reply to 2 [link] [source]
I was reminded to test this on Windows and Ubuntu, and found that reading
passwords from the VSCode terminal works fine on either platform: the
fossil test-prompt-password
command displays *
placeholders for typed
characters on Windows, and nothing on Ubuntu -- the same way the native
terminals do.
The original post probably referred to *nix since it mentioned /dev/tty
, but
the situation that the password is displayed in clear while typing can also
happen on Windows: with the previous technique to connect from the shell to the
child by pipes1 instead of pseudo consoles (introduced by Windows 10), the
password indeed becomes visible. The $CONIN
and $CONOUT
devices (the
equivalents to /dev/tty
) are only available to processes connected to a real
or a pseudo console, so Fossil would have to create a new console window for
discrete passsword entry, in this case.
- ^
For example MinTTY launched with the
--pcon off
arguments, or the output window of the SciTE text editor.
(4) By senyai on 2023-04-03 07:21:32 in reply to 3 [link] [source]
All I want is fossil test-prompt-password ':' 0 <<< HELLO
to read the password. Or I want to use FOSSIL_PWREADER
program like GIT_ASKPASS
, but it's currently inside #if 0
, so I don't know what to do.
(5) By Florian Balmer (florian.balmer) on 2023-04-03 10:50:50 in reply to 4 [link] [source]
Due to an implementation detail that Fossil assumes STDIN is a pipe if STDERR is also a pipe, the following work on Windows:
> echo PASSWORD| fossil test-prompt-password "" 0 2>&1 | more
[PASSWORD]
> echo PASSWORD| fossil test-prompt-password "" 0 2>dummy.log
[PASSWORD]
I'm not sure if this is by intent, as discussed in detail on the old mailing list thread linked above, but it works: make sure STDERR is a pipe or a file, and Fossil will read the password from STDIN.
Not sure how to achieve this on *nix, where getpass(3)
always seems to read
from /dev/tty
, and will probably fail if /dev/tty
is not available (instead
of falling back to STDIN).
I'm sure the Fossil developers would consider any patches you have for this (both for Windows and *nix).