Patchwork D10708: util: avoid echoing the password to the console on Windows py3 (issue6446)

login
register
mail settings
Submitter phabricator
Date May 12, 2021, 4:44 p.m.
Message ID <differential-rev-PHID-DREV-sm3nw6g5unpytcjmlj7m-req@mercurial-scm.org>
Download mbox | patch
Permalink /patch/49027/
State Superseded
Headers show

Comments

phabricator - May 12, 2021, 4:44 p.m.
mharbison72 created this revision.
Herald added a reviewer: hg-reviewers.
Herald added a subscriber: mercurial-patches.

REVISION SUMMARY
  The `getpass.getpass()` implementation on Windows first checks if `sys.stdin`
  and `sys.__stdin__` are the same object.  It's not on py3 because the former is
  replaced in dispatch.py with something that doesn't normalize '\n' to '\r\n'.
  When they aren't the same object, it simply calls `sys.stdin.readline()` instead
  of the mscvrt functions that read the input characters before they are echoed.
  
  This simply copies the `getpass.win_getpass()` implementation without the stdin
  check, and byteifies around the edges.  I'm not sure if there's a reasonable
  replacement for the check that we could implement.  When echoing input into the
  hg command, the `ui.interactive()` check causes `ui.getpass()` to bail before
  getting here.  If the proper config switches are used to bypass that and call
  this, the process stalls until '\n' is input into the console.  So there could
  be a deadlock here when run by another command if the wrong config settings are
  applied.

REPOSITORY
  rHG Mercurial

BRANCH
  stable

REVISION DETAIL
  https://phab.mercurial-scm.org/D10708

AFFECTED FILES
  mercurial/posix.py
  mercurial/ui.py
  mercurial/util.py
  mercurial/windows.py

CHANGE DETAILS




To: mharbison72, #hg-reviewers
Cc: mercurial-patches, mercurial-devel

Patch

diff --git a/mercurial/windows.py b/mercurial/windows.py
--- a/mercurial/windows.py
+++ b/mercurial/windows.py
@@ -194,6 +194,28 @@ 
         return False
 
 
+def get_password():
+    """Prompt for password with echo off, using Windows getch().
+
+    This shouldn't be called directly- use ``ui.getpass()`` instead, which
+    checks if the session is interactive first.
+    """
+    pw = ""
+    while True:
+        c = msvcrt.getwch()
+        if c == '\r' or c == '\n':
+            break
+        if c == '\003':
+            raise KeyboardInterrupt
+        if c == '\b':
+            pw = pw[:-1]
+        else:
+            pw = pw + c
+    msvcrt.putwch('\r')
+    msvcrt.putwch('\n')
+    return encoding.strtolocal(pw)
+
+
 class winstdout(object):
     """Some files on Windows misbehave.
 
diff --git a/mercurial/util.py b/mercurial/util.py
--- a/mercurial/util.py
+++ b/mercurial/util.py
@@ -106,6 +106,7 @@ 
 expandglobs = platform.expandglobs
 getfsmountpoint = platform.getfsmountpoint
 getfstype = platform.getfstype
+get_password = platform.get_password
 groupmembers = platform.groupmembers
 groupname = platform.groupname
 isexec = platform.isexec
diff --git a/mercurial/ui.py b/mercurial/ui.py
--- a/mercurial/ui.py
+++ b/mercurial/ui.py
@@ -11,7 +11,6 @@ 
 import contextlib
 import datetime
 import errno
-import getpass
 import inspect
 import os
 import re
@@ -1779,7 +1778,7 @@ 
                         raise EOFError
                     return l.rstrip(b'\n')
                 else:
-                    return encoding.strtolocal(getpass.getpass(''))
+                    return util.get_password()
         except EOFError:
             raise error.ResponseExpected()
 
diff --git a/mercurial/posix.py b/mercurial/posix.py
--- a/mercurial/posix.py
+++ b/mercurial/posix.py
@@ -381,6 +381,10 @@ 
     return getattr(osutil, 'getfstype', lambda x: None)(dirpath)
 
 
+def get_password():
+    return encoding.strtolocal(getpass.getpass(''))
+
+
 def setbinary(fd):
     pass