Add restore handler for password input

grisu48 · grisu48 · commit b2c848f212f6 · 2023-08-14T17:22:29.000+02:00
This commit restores the terminal state in case the program is
interrupted while being in password read mode. This ensures the terminal
remains usable, also if the password input is being cancelled.

Signed-off-by: phoenix &lt;felix.niederwanger@suse.com&gt;
diff --git a/pkg/auth/auth.go b/pkg/auth/auth.go
@@ -10,13 +10,13 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/containers/common/pkg/util"
 	"github.com/containers/image/v5/docker"
 	"github.com/containers/image/v5/docker/reference"
 	"github.com/containers/image/v5/pkg/docker/config"
 	"github.com/containers/image/v5/pkg/sysregistriesv2"
 	"github.com/containers/image/v5/types"
 	"github.com/sirupsen/logrus"
-	terminal "golang.org/x/term"
 )
 
 // ErrNewCredentialsInvalid means that the new user-provided credentials are
@@ -269,7 +269,7 @@ func getUserAndPass(opts *LoginOptions, password, userFromAuthFile string) (user
 	}
 	if password == "" {
 		fmt.Fprint(opts.Stdout, "Password: ")
-		pass, err := terminal.ReadPassword(int(os.Stdin.Fd()))
+		pass, err := util.ReadPassword(int(os.Stdin.Fd()))
 		if err != nil {
 			return "", "", fmt.Errorf("reading password: %w", err)
 		}
diff --git a/pkg/util/util_supported.go b/pkg/util/util_supported.go
@@ -7,13 +7,15 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"os/signal"
 	"path/filepath"
 	"sync"
 	"syscall"
 
 	"github.com/containers/storage/pkg/homedir"
 	"github.com/containers/storage/pkg/unshare"
 	"github.com/sirupsen/logrus"
+	terminal "golang.org/x/term"
 )
 
 var (
@@ -89,3 +91,45 @@ func GetRuntimeDir() (string, error) {
 	}
 	return rootlessRuntimeDir, nil
 }
+
+// ReadPassword reads a password from the terminal without echo.
+func ReadPassword(fd int) ([]byte, error) {
+	// Store and restore the terminal status on interruptions to
+	// avoid that the terminal remains in the password state
+	// This is necessary as for https://github.com/golang/go/issues/31180
+
+	oldState, err := terminal.GetState(fd)
+	if err != nil {
+		return make([]byte, 0), err
+	}
+
+	type Buffer struct {
+		Buffer []byte
+		Error  error
+	}
+	errorChannel := make(chan Buffer, 1)
+
+	// SIGINT and SIGTERM restore the terminal, otherwise the no-echo mode would remain intact
+	interruptChannel := make(chan os.Signal, 1)
+	signal.Notify(interruptChannel, syscall.SIGINT, syscall.SIGTERM)
+	defer func() {
+		signal.Stop(interruptChannel)
+		close(interruptChannel)
+	}()
+	go func() {
+		for range interruptChannel {
+			if oldState != nil {
+				_ = terminal.Restore(fd, oldState)
+			}
+			errorChannel <- Buffer{Buffer: make([]byte, 0), Error: fmt.Errorf("interrupted")}
+		}
+	}()
+
+	go func() {
+		buf, err := terminal.ReadPassword(fd)
+		errorChannel <- Buffer{Buffer: buf, Error: err}
+	}()
+
+	buf := <-errorChannel
+	return buf.Buffer, buf.Error
+}
diff --git a/pkg/util/util_windows.go b/pkg/util/util_windows.go
@@ -5,9 +5,21 @@ package util
 
 import (
 	"errors"
+
+	terminal "golang.org/x/term"
 )
 
 // getRuntimeDir returns the runtime directory
 func GetRuntimeDir() (string, error) {
 	return "", errors.New("this function is not implemented for windows")
 }
+
+// ReadPassword reads a password from the terminal.
+func ReadPassword(fd int) ([]byte, error) {
+	oldState, _ := terminal.GetState(fd)
+	buf, err := terminal.ReadPassword(fd)
+	if oldState != nil {
+		_ = terminal.Restore(fd, oldState)
+	}
+	return buf, err
+}
