Add restore handler for password input

grisu48 · grisu48 · commit 578814036d92 · 2023-08-02T17:33:47.000+02:00
This commit restores the terminal state in case the program is
interrupted while being in password read mode. This ensures the terminal
remains usable, also if the password input is being cancelled.

Signed-off-by: Felix Niederwanger &lt;felix.niederwanger@suse.com&gt;
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
@@ -10,13 +10,13 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
 	"github.com/sirupsen/logrus"
-	terminal "golang.org/x/term"
 )
 
 // ErrNewCredentialsInvalid means that the new user-provided credentials are
@@ -269,7 +269,7 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (user
 	}
 	if password == "" {
 		fmt.Fprint(opts.Stdout, "Password: ")
-		pass, err := terminal.ReadPassword(int(os.Stdin.Fd()))
+		pass, err := util.ReadPassphraseInCLIParsingPhase(int(os.Stdin.Fd()))
 		if err != nil {
 			return "", "", fmt.Errorf("reading password: %w", err)
 		}
diff --git a/pkg/util/util_supported.go b/pkg/util/util_supported.go
@@ -7,13 +7,15 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/signal"
 	"path/filepath"
 	"sync"
 	"syscall"
 
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
+	terminal "golang.org/x/term"
 )
 
 var (
@@ -89,3 +91,29 @@ func GetRuntimeDir() (string, error) {
 	}
 	return rootlessRuntimeDir, nil
 }
+
+// ReadPassphraseInCLIParsingPhase reads a password from the terminal. On interruption signal, it will restore the terminal and terminate
+func ReadPassphraseInCLIParsingPhase(fd int) ([]byte, error) {
+	// Store and restore the terminal status on interruptions to
+	// avoid that the terminal remains in the password state
+	// This is necessary as for https://github.com/golang/go/issues/31180
+
+	/* Re-emit the interrupt signal, but restore the terminal in-between*/
+	oldState, _ := terminal.GetState(fd)
+	interruptChannel := make(chan os.Signal, 1)
+	signal.Notify(interruptChannel, syscall.SIGINT, syscall.SIGTERM)
+	defer func() {
+		signal.Stop(interruptChannel)
+		close(interruptChannel)
+	}()
+	go func() {
+		for range interruptChannel {
+			if oldState != nil {
+				terminal.Restore(fd, oldState)
+			}
+			signal.Reset(os.Interrupt)
+			os.Exit(1)
+		}
+	}()
+	return terminal.ReadPassword(fd)
+}
diff --git a/pkg/util/util_windows.go b/pkg/util/util_windows.go
@@ -5,9 +5,21 @@ package util
 
 import (
 	"errors"
+
+	terminal "golang.org/x/term"
 )
 
 // getRuntimeDir returns the runtime directory
 func GetRuntimeDir() (string, error) {
 	return "", errors.New("this function is not implemented for windows")
 }
+
+// ReadPassphraseInCLIParsingPhase reads a password from the terminal.
+func ReadPassphraseInCLIParsingPhase(fd int) ([]byte, error) {
+	oldState, _ := terminal.GetState(fd)
+	buf, err := terminal.ReadPassword(fd)
+	if oldState != nil {
+		terminal.Restore(fd, oldState)
+	}
+	return buf, err
+}
