Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

--password-stdin flag in podman login #2320

Merged
merged 1 commit into from
Feb 14, 2019
Merged

--password-stdin flag in podman login #2320

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 7 additions & 6 deletions cmd/podman/cliconfig/config.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -172,12 +172,13 @@ type LoadValues struct {

type LoginValues struct {
PodmanCommand
Password string
Username string
Authfile string
CertDir string
GetLogin bool
TlsVerify bool
Password string
StdinPassword bool
Username string
Authfile string
CertDir string
GetLogin bool
TlsVerify bool
}

type LogoutValues struct {
Expand Down
23 changes: 21 additions & 2 deletions cmd/podman/login.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ func init() {
flags.StringVarP(&loginCommand.Password, "password", "p", "", "Password for registry")
flags.BoolVar(&loginCommand.TlsVerify, "tls-verify", true, "Require HTTPS and verify certificates when contacting registries (default: true)")
flags.StringVarP(&loginCommand.Username, "username", "u", "", "Username for registry")
flags.BoolVar(&loginCommand.StdinPassword, "password-stdin", false, "Take the password from stdin")

rootCmd.AddCommand(loginCommand.Command)
}
Expand Down Expand Up @@ -90,8 +91,26 @@ func loginCmd(c *cliconfig.LoginValues) error {
}

ctx := getContext()

password := c.Password

if c.Flag("password-stdin").Changed {
var stdinPasswordStrBuilder strings.Builder
if c.Password != "" {
return errors.Errorf("Can't specify both --password-stdin and --password")
}
if c.Username == "" {
return errors.Errorf("Must provide --username with --password-stdin")
}
scanner := bufio.NewScanner(os.Stdin)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a more secure version of this? I'm thinking we probably want a version that replaces what's being typed with * so we don't display passwords as they're being typed in

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this enable

echo MYPASSWORD | podman login --passwd-stdin

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rhatdan Yes, it enables that

for scanner.Scan() {
fmt.Fprint(&stdinPasswordStrBuilder, scanner.Text())
}
password = stdinPasswordStrBuilder.String()
}
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is there any cli validation that should occur between this flag and the password flag? exclusive?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please explain, what you re worried about?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We have --password and --password-stdin - they should be mutually exclusive.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

They are now.


// If no username and no password is specified, try to use existing ones.
if c.Username == "" && c.Password == "" {
if c.Username == "" && password == "" {
fmt.Println("Authenticating with existing credentials...")
if err := docker.CheckAuth(ctx, sc, userFromAuthFile, passFromAuthFile, server); err == nil {
fmt.Println("Existing credentials are valid. Already logged in to", server)
Expand All @@ -100,7 +119,7 @@ func loginCmd(c *cliconfig.LoginValues) error {
fmt.Println("Existing credentials are invalid, please enter valid username and password")
}

username, password, err := getUserAndPass(c.Username, c.Password, userFromAuthFile)
username, password, err := getUserAndPass(c.Username, password, userFromAuthFile)
if err != nil {
return errors.Wrapf(err, "error getting username and password")
}
Expand Down
1 change: 1 addition & 0 deletions completions/bash/podman
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2319,6 +2319,7 @@ _podman_login() {
local boolean_options="
--help
-h
--password-stdin
"
_complete_ "$options_with_args" "$boolean_options"
}
Expand Down
14 changes: 14 additions & 0 deletions docs/podman-login.1.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,10 @@ flag. The default path used is **${XDG\_RUNTIME_DIR}/containers/auth.json**.

Password for registry

**--password-stdin**

Take the password from stdin

**--username, -u**

Username for registry
Expand Down Expand Up @@ -86,6 +90,16 @@ $ podman login --cert-dir /etc/containers/certs.d/ -u foo -p bar localhost:5000
Login Succeeded!
```

```
$ podman login -u testuser --password-stdin < testpassword.txt docker.io
Login Succeeded!
```

```
$ echo $testpassword | podman login -u testuser --password-stdin docker.io
Login Succeeded!
```

## SEE ALSO
podman(1), podman-logout(1), crio(8)

Expand Down