Fossil Forum

getpass() and stdin
Login

getpass() and stdin

Chronological

getpass() and stdin

(1) By senyai on 2022-11-14 08:06:32 [source]

Hi!

Currently getpass() function opens /dev/tty which is not always available and it causes some troubles, for example, we can't pass password securely in vscode extension. As I can see python falls back to stdin which is what fossil should do too. Should I make a patch?

(2) By Florian Balmer (florian.balmer) on 2022-11-14 10:40:00 in reply to 1 [link] [source]

Tricky topic (at least on Windows), reference to an old discussion:

https://www.mail-archive.com/fossil-users@lists.fossil-scm.org/msg25237.html

(3) By Florian Balmer (florian.balmer) on 2023-03-14 19:01:58 in reply to 2 [link] [source]

I was reminded to test this on Windows and Ubuntu, and found that reading passwords from the VSCode terminal works fine on either platform: the fossil test-prompt-password command displays * placeholders for typed characters on Windows, and nothing on Ubuntu -- the same way the native terminals do.

The original post probably referred to *nix since it mentioned /dev/tty, but the situation that the password is displayed in clear while typing can also happen on Windows: with the previous technique to connect from the shell to the child by pipes1 instead of pseudo consoles (introduced by Windows 10), the password indeed becomes visible. The $CONIN and $CONOUT devices (the equivalents to /dev/tty) are only available to processes connected to a real or a pseudo console, so Fossil would have to create a new console window for discrete passsword entry, in this case.

  1. ^ For example MinTTY launched with the --pcon off arguments, or the output window of the SciTE text editor.

(4) By senyai on 2023-04-03 07:21:32 in reply to 3 [link] [source]

All I want is fossil test-prompt-password ':' 0 <<< HELLO to read the password. Or I want to use FOSSIL_PWREADER program like GIT_ASKPASS, but it's currently inside #if 0, so I don't know what to do.

(5) By Florian Balmer (florian.balmer) on 2023-04-03 10:50:50 in reply to 4 [link] [source]

Due to an implementation detail that Fossil assumes STDIN is a pipe if STDERR is also a pipe, the following work on Windows:

> echo PASSWORD| fossil test-prompt-password "" 0 2>&1 | more
[PASSWORD]

> echo PASSWORD| fossil test-prompt-password "" 0 2>dummy.log
[PASSWORD]

I'm not sure if this is by intent, as discussed in detail on the old mailing list thread linked above, but it works: make sure STDERR is a pipe or a file, and Fossil will read the password from STDIN.

Not sure how to achieve this on *nix, where getpass(3) always seems to read from /dev/tty, and will probably fail if /dev/tty is not available (instead of falling back to STDIN).

I'm sure the Fossil developers would consider any patches you have for this (both for Windows and *nix).