NAME

nbdkit_read_password - read passwords and other secrets for nbdkit

SYNOPSIS

 #include <nbdkit-plugin.h>

 int nbdkit_read_password (const char *value, char **password);

DESCRIPTION

The nbdkit_read_password utility function can be used to read passwords from config parameters.

The password result string is allocated by malloc, and so you may need to free it.

Example

 char *password = NULL;

 static int
 myplugin_config (const char *key, const char *value)
 {
   ..
   if (strcmp (key, "password") == 0) {
     free (password);
     if (nbdkit_read_password (value, &password) == -1)
       return -1;
   }
   ..
 }

Password formats

This function recognizes several password formats. A password may be used directly on the command line, eg:

 nbdkit myplugin password=mostsecret

But more securely this function can also read a password interactively:

 nbdkit myplugin password=-

or from a file:

 nbdkit myplugin password=+/tmp/secret

or from a file descriptor inherited by nbdkit:

 nbdkit myplugin password=-99

Notes on reading passwords

If the password begins with a - or + character then it must be passed in a file.

password=- can only be used when stdin is a terminal.

password=-FD cannot be used with stdin, stdout or stderr (ie. -0, -1 or -2). The reason is that after reading the password the file descriptor is closed, which causes bad stuff to happen.

RETURN VALUE

The function returns 0 on success.

If there is an error it calls nbdkit_error(3) and returns -1.

LANGUAGE BINDINGS

In nbdkit-ocaml-plugin(3):

 NBDKit.read_password : string -> string

In nbdkit-python-plugin(3):

 import nbdkit
 password = nbdkit.parse_size(value)

HISTORY

nbdkit_read_password was added in nbdkit 1.12.

SEE ALSO

nbdkit(1), nbdkit_stdio_safe(3), nbdkit-plugin(3), nbdkit-filter(3), nbdkit-luks-filter(1).

AUTHORS

Richard W.M. Jones

COPYRIGHT

Copyright Red Hat

LICENSE

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

THIS SOFTWARE IS PROVIDED BY RED HAT AND CONTRIBUTORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RED HAT OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.