diff options
| author | Jhon Honce <jhonce@redhat.com> | 2020-06-02 11:46:24 -0700 |
|---|---|---|
| committer | Jhon Honce <jhonce@redhat.com> | 2020-06-03 09:54:39 -0700 |
| commit | cbca6253282cc76be74b3005da80b63de94a8180 (patch) | |
| tree | 54e8e7c0bab5d6a6fe0ca2e10757e9c7dfedffb4 /pkg/bindings/bindings.go | |
| parent | 9bd48a64bbe63c0b8da4dfd3841f4d822fa1d5fb (diff) | |
| download | podman-cbca6253282cc76be74b3005da80b63de94a8180.tar.gz podman-cbca6253282cc76be74b3005da80b63de94a8180.tar.bz2 podman-cbca6253282cc76be74b3005da80b63de94a8180.zip | |
V2 Add support for ssh authentication methods
* podman --remote ssh://<user>:<password>@<host>:<port><path>
* podman --remote ssh://<user>:<password>@<host>:<port><path> \
--identity <path> --passphrase <phrase>
* ssh-add <key>
podman --remote ssh://<user>@<host><path>
* Fix `podman help` to run even if podman missing components
* Prompt for passphrase on stdin IFF key is protected and passphrase
not given via any other configuration
* cobra flags do not support optional value flags therefore refactored
--remote to be a boolean and --url will now contain the URI to Podman
service
Signed-off-by: Jhon Honce <jhonce@redhat.com>
Diffstat (limited to 'pkg/bindings/bindings.go')
| -rw-r--r-- | pkg/bindings/bindings.go | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/pkg/bindings/bindings.go b/pkg/bindings/bindings.go index 7e2a444bd..da47ea713 100644 --- a/pkg/bindings/bindings.go +++ b/pkg/bindings/bindings.go @@ -9,7 +9,13 @@ package bindings import ( + "errors" + "fmt" + "io" + "os" + "github.com/blang/semver" + "golang.org/x/crypto/ssh/terminal" ) var ( @@ -25,3 +31,40 @@ var ( // _*YES*- podman will fail to run if this value is wrong APIVersion = semver.MustParse("1.0.0") ) + +// readPassword prompts for a secret and returns value input by user from stdin +// Unlike terminal.ReadPassword(), $(echo $SECRET | podman...) is supported. +// Additionally, all input after `<secret>/n` is queued to podman command. +func readPassword(prompt string) (pw []byte, err error) { + fd := int(os.Stdin.Fd()) + if terminal.IsTerminal(fd) { + fmt.Fprint(os.Stderr, prompt) + pw, err = terminal.ReadPassword(fd) + fmt.Fprintln(os.Stderr) + return + } + + var b [1]byte + for { + n, err := os.Stdin.Read(b[:]) + // terminal.ReadPassword discards any '\r', so we do the same + if n > 0 && b[0] != '\r' { + if b[0] == '\n' { + return pw, nil + } + pw = append(pw, b[0]) + // limit size, so that a wrong input won't fill up the memory + if len(pw) > 1024 { + err = errors.New("password too long, 1024 byte limit") + } + } + if err != nil { + // terminal.ReadPassword accepts EOF-terminated passwords + // if non-empty, so we do the same + if err == io.EOF && len(pw) > 0 { + err = nil + } + return pw, err + } + } +} |