CLICKHOUSE-4493 Ask client password on tty (#5092)

* CLICKHOUSE-4493 Ask client password on tty

* wip

* clang-format

* O_NOCTTY

* remove O_NOCTTY

* fix

* static

* readpassphrase

* freebsd fix

* fix

* Better

* fix style

* Update ConnectionParameters.cpp

* fixes

* fix

* fix

dbms/programs/client/CMakeLists.txt

@@ -1,6 +1,19 @@
-set(CLICKHOUSE_CLIENT_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/Client.cpp)
+set(CLICKHOUSE_CLIENT_SOURCES
+    ${CMAKE_CURRENT_SOURCE_DIR}/Client.cpp
+    ${CMAKE_CURRENT_SOURCE_DIR}/ConnectionParameters.cpp
+)
+
 set(CLICKHOUSE_CLIENT_LINK PRIVATE clickhouse_common_config clickhouse_functions clickhouse_aggregate_functions clickhouse_common_io ${LINE_EDITING_LIBS} ${Boost_PROGRAM_OPTIONS_LIBRARY})
-set(CLICKHOUSE_CLIENT_INCLUDE SYSTEM PRIVATE ${READLINE_INCLUDE_DIR})
+set(CLICKHOUSE_CLIENT_INCLUDE SYSTEM PRIVATE ${READLINE_INCLUDE_DIR} PRIVATE ${CMAKE_CURRENT_BINARY_DIR}/include)
+
+include(CheckSymbolExists)
+check_symbol_exists(readpassphrase readpassphrase.h HAVE_READPASSPHRASE)
+configure_file(config_client.h.in ${CMAKE_CURRENT_BINARY_DIR}/include/config_client.h)
+
+if(NOT HAVE_READPASSPHRASE)
+    add_subdirectory(readpassphrase)
+    list(APPEND CLICKHOUSE_CLIENT_LINK PRIVATE readpassphrase)
+endif()
 
 clickhouse_program_add(client)
 

dbms/programs/client/ConnectionParameters.cpp

@@ -0,0 +1,63 @@
+#include "ConnectionParameters.h"
+#include <fstream>
+#include <iostream>
+#include <Core/Defines.h>
+#include <Core/Protocol.h>
+#include <Core/Types.h>
+#include <IO/ConnectionTimeouts.h>
+#include <Poco/Util/AbstractConfiguration.h>
+#include <Common/Exception.h>
+#include <common/setTerminalEcho.h>
+#include <ext/scope_guard.h>
+#include <readpassphrase.h>
+
+namespace DB
+{
+
+namespace ErrorCodes
+{
+    extern const int BAD_ARGUMENTS;
+}
+
+ConnectionParameters::ConnectionParameters(const Poco::Util::AbstractConfiguration & config)
+{
+    bool is_secure = config.getBool("secure", false);
+    security = is_secure ? Protocol::Secure::Enable : Protocol::Secure::Disable;
+
+    host = config.getString("host", "localhost");
+    port = config.getInt(
+        "port", config.getInt(is_secure ? "tcp_port_secure" : "tcp_port", is_secure ? DBMS_DEFAULT_SECURE_PORT : DBMS_DEFAULT_PORT));
+
+    default_database = config.getString("database", "");
+    /// changed the default value to "default" to fix the issue when the user in the prompt is blank
+    user = config.getString("user", "default");
+    bool password_prompt = false;
+    if (config.getBool("ask-password", false))
+    {
+        if (config.has("password"))
+            throw Exception("Specified both --password and --ask-password. Remove one of them", ErrorCodes::BAD_ARGUMENTS);
+        password_prompt = true;
+    }
+    else
+    {
+        password = config.getString("password", "");
+        /// if the value of --password is omitted, the password will be set implicitly to "\n"
+        if (password == "\n")
+            password_prompt = true;
+    }
+    if (password_prompt)
+    {
+        std::string prompt{"Password for user (" + user + "): "};
+        char buf[1000] = {};
+        if (auto result = readpassphrase(prompt.c_str(), buf, sizeof(buf), 0))
+            password = result;
+    }
+    compression = config.getBool("compression", true) ? Protocol::Compression::Enable : Protocol::Compression::Disable;
+
+    timeouts = ConnectionTimeouts(
+        Poco::Timespan(config.getInt("connect_timeout", DBMS_DEFAULT_CONNECT_TIMEOUT_SEC), 0),
+        Poco::Timespan(config.getInt("send_timeout", DBMS_DEFAULT_SEND_TIMEOUT_SEC), 0),
+        Poco::Timespan(config.getInt("receive_timeout", DBMS_DEFAULT_RECEIVE_TIMEOUT_SEC), 0),
+        Poco::Timespan(config.getInt("tcp_keep_alive_timeout", 0), 0));
+}
+}

dbms/programs/client/ConnectionParameters.h

@@ -1,90 +1,30 @@
 #pragma once
 
-#include <iostream>
-
-#include <Core/Types.h>
+#include <string>
 #include <Core/Protocol.h>
-#include <Core/Defines.h>
-#include <Common/Exception.h>
 #include <IO/ConnectionTimeouts.h>
 
-#include <common/setTerminalEcho.h>
-#include <ext/scope_guard.h>
-
-#include <Poco/Util/AbstractConfiguration.h>
-
+namespace Poco::Util
+{
+class AbstractConfiguration;
+}
 
 namespace DB
 {
-
-namespace ErrorCodes
-{
-    extern const int BAD_ARGUMENTS;
-}
-
 struct ConnectionParameters
 {
-    String host;
+    std::string host;
     UInt16 port{};
-    String default_database;
-    String user;
-    String password;
+    std::string default_database;
+    std::string user;
+    std::string password;
     Protocol::Secure security = Protocol::Secure::Disable;
     Protocol::Compression compression = Protocol::Compression::Enable;
     ConnectionTimeouts timeouts;
 
     ConnectionParameters() {}
 
-    ConnectionParameters(const Poco::Util::AbstractConfiguration & config)
-    {
-        bool is_secure = config.getBool("secure", false);
-        security = is_secure
-            ? Protocol::Secure::Enable
-            : Protocol::Secure::Disable;
-
-        host = config.getString("host", "localhost");
-        port = config.getInt("port",
-            config.getInt(is_secure ? "tcp_port_secure" : "tcp_port",
-                is_secure ? DBMS_DEFAULT_SECURE_PORT : DBMS_DEFAULT_PORT));
-
-        default_database = config.getString("database", "");
-        /// changed the default value to "default" to fix the issue when the user in the prompt is blank
-        user = config.getString("user", "default");
-        bool password_prompt = false;
-        if (config.getBool("ask-password", false))
-        {
-            if (config.has("password"))
-                throw Exception("Specified both --password and --ask-password. Remove one of them", ErrorCodes::BAD_ARGUMENTS);
-            password_prompt = true;
-        }
-        else
-        {
-            password = config.getString("password", "");
-            /// if the value of --password is omitted, the password will be set implicitly to "\n"
-            if (password == "\n")
-                password_prompt = true;
-        }
-        if (password_prompt)
-        {
-            std::cout << "Password for user (" << user << "): ";
-            setTerminalEcho(false);
-
-            SCOPE_EXIT({
-                setTerminalEcho(true);
-            });
-            std::getline(std::cin, password);
-            std::cout << std::endl;
-        }
-        compression = config.getBool("compression", true)
-            ? Protocol::Compression::Enable
-            : Protocol::Compression::Disable;
-
-        timeouts = ConnectionTimeouts(
-            Poco::Timespan(config.getInt("connect_timeout", DBMS_DEFAULT_CONNECT_TIMEOUT_SEC), 0),
-            Poco::Timespan(config.getInt("send_timeout", DBMS_DEFAULT_SEND_TIMEOUT_SEC), 0),
-            Poco::Timespan(config.getInt("receive_timeout", DBMS_DEFAULT_RECEIVE_TIMEOUT_SEC), 0),
-            Poco::Timespan(config.getInt("tcp_keep_alive_timeout", 0), 0));
-    }
+    ConnectionParameters(const Poco::Util::AbstractConfiguration & config);
 };
 
 }

dbms/programs/client/config_client.h.in

@@ -0,0 +1,3 @@
+#pragma once
+
+#cmakedefine HAVE_READPASSPHRASE

dbms/programs/client/readpassphrase/CMakeLists.txt

@@ -0,0 +1,10 @@
+
+# wget https://raw.githubusercontent.com/openssh/openssh-portable/master/openbsd-compat/readpassphrase.c
+# wget https://raw.githubusercontent.com/openssh/openssh-portable/master/openbsd-compat/readpassphrase.h
+
+set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-result -Wno-reserved-id-macro")
+
+configure_file(includes.h.in ${CMAKE_CURRENT_BINARY_DIR}/include/includes.h)
+add_library(readpassphrase ${CMAKE_CURRENT_SOURCE_DIR}/readpassphrase.c)
+# . to allow #include <readpassphrase.h>
+target_include_directories(readpassphrase PUBLIC . ${CMAKE_CURRENT_BINARY_DIR}/include ${CMAKE_CURRENT_BINARY_DIR}/../include)

dbms/programs/client/readpassphrase/includes.h.in

@@ -0,0 +1,9 @@
+#pragma once
+
+#cmakedefine HAVE_READPASSPHRASE
+
+#if !defined(HAVE_READPASSPHRASE)
+#    ifndef _PATH_TTY
+#        define _PATH_TTY "/dev/tty"
+#    endif
+#endif

dbms/programs/client/readpassphrase/readpassphrase.c

@@ -0,0 +1,211 @@
+/*	$OpenBSD: readpassphrase.c,v 1.26 2016/10/18 12:47:18 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000-2002, 2007, 2010
+ *	Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
+
+#include "includes.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#include <termios.h>
+#include <signal.h>
+#include <ctype.h>
+#include <fcntl.h>
+#include <readpassphrase.h>
+#include <errno.h>
+#include <string.h>
+#include <unistd.h>
+
+#ifndef TCSASOFT
+/* If we don't have TCSASOFT define it so that ORing it it below is a no-op. */
+# define TCSASOFT 0
+#endif
+
+/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
+#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
+#  define _POSIX_VDISABLE       VDISABLE
+#endif
+
+static volatile sig_atomic_t signo[_NSIG];
+
+static void handler(int);
+
+char *
+readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
+{
+	ssize_t nr;
+	int input, output, save_errno, i, need_restart;
+	char ch, *p, *end;
+	struct termios term, oterm;
+	struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
+	struct sigaction savetstp, savettin, savettou, savepipe;
+
+	/* I suppose we could alloc on demand in this case (XXX). */
+	if (bufsiz == 0) {
+		errno = EINVAL;
+		return(NULL);
+	}
+
+restart:
+	for (i = 0; i < _NSIG; i++)
+		signo[i] = 0;
+	nr = -1;
+	save_errno = 0;
+	need_restart = 0;
+	/*
+	 * Read and write to /dev/tty if available.  If not, read from
+	 * stdin and write to stderr unless a tty is required.
+	 */
+	if ((flags & RPP_STDIN) ||
+	    (input = output = open(_PATH_TTY, O_RDWR)) == -1) {
+		if (flags & RPP_REQUIRE_TTY) {
+			errno = ENOTTY;
+			return(NULL);
+		}
+		input = STDIN_FILENO;
+		output = STDERR_FILENO;
+	}
+
+	/*
+	 * Turn off echo if possible.
+	 * If we are using a tty but are not the foreground pgrp this will
+	 * generate SIGTTOU, so do it *before* installing the signal handlers.
+	 */
+	if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
+		memcpy(&term, &oterm, sizeof(term));
+		if (!(flags & RPP_ECHO_ON))
+			term.c_lflag &= ~(ECHO | ECHONL);
+#ifdef VSTATUS
+		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
+#endif
+		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+	} else {
+		memset(&term, 0, sizeof(term));
+		term.c_lflag |= ECHO;
+		memset(&oterm, 0, sizeof(oterm));
+		oterm.c_lflag |= ECHO;
+	}
+
+	/*
+	 * Catch signals that would otherwise cause the user to end
+	 * up with echo turned off in the shell.  Don't worry about
+	 * things like SIGXCPU and SIGVTALRM for now.
+	 */
+	sigemptyset(&sa.sa_mask);
+	sa.sa_flags = 0;		/* don't restart system calls */
+	sa.sa_handler = handler;
+	(void)sigaction(SIGALRM, &sa, &savealrm);
+	(void)sigaction(SIGHUP, &sa, &savehup);
+	(void)sigaction(SIGINT, &sa, &saveint);
+	(void)sigaction(SIGPIPE, &sa, &savepipe);
+	(void)sigaction(SIGQUIT, &sa, &savequit);
+	(void)sigaction(SIGTERM, &sa, &saveterm);
+	(void)sigaction(SIGTSTP, &sa, &savetstp);
+	(void)sigaction(SIGTTIN, &sa, &savettin);
+	(void)sigaction(SIGTTOU, &sa, &savettou);
+
+	if (!(flags & RPP_STDIN))
+		(void)write(output, prompt, strlen(prompt));
+	end = buf + bufsiz - 1;
+	p = buf;
+	while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
+		if (p < end) {
+			if ((flags & RPP_SEVENBIT))
+				ch &= 0x7f;
+			if (isalpha((unsigned char)ch)) {
+				if ((flags & RPP_FORCELOWER))
+					ch = (char)tolower((unsigned char)ch);
+				if ((flags & RPP_FORCEUPPER))
+					ch = (char)toupper((unsigned char)ch);
+			}
+			*p++ = ch;
+		}
+	}
+	*p = '\0';
+	save_errno = errno;
+	if (!(term.c_lflag & ECHO))
+		(void)write(output, "\n", 1);
+
+	/* Restore old terminal settings and signals. */
+	if (memcmp(&term, &oterm, sizeof(term)) != 0) {
+		const int sigttou = signo[SIGTTOU];
+
+		/* Ignore SIGTTOU generated when we are not the fg pgrp. */
+		while (tcsetattr(input, TCSAFLUSH|TCSASOFT, &oterm) == -1 &&
+		    errno == EINTR && !signo[SIGTTOU])
+			continue;
+		signo[SIGTTOU] = sigttou;
+	}
+	(void)sigaction(SIGALRM, &savealrm, NULL);
+	(void)sigaction(SIGHUP, &savehup, NULL);
+	(void)sigaction(SIGINT, &saveint, NULL);
+	(void)sigaction(SIGQUIT, &savequit, NULL);
+	(void)sigaction(SIGPIPE, &savepipe, NULL);
+	(void)sigaction(SIGTERM, &saveterm, NULL);
+	(void)sigaction(SIGTSTP, &savetstp, NULL);
+	(void)sigaction(SIGTTIN, &savettin, NULL);
+	(void)sigaction(SIGTTOU, &savettou, NULL);
+	if (input != STDIN_FILENO)
+		(void)close(input);
+
+	/*
+	 * If we were interrupted by a signal, resend it to ourselves
+	 * now that we have restored the signal handlers.
+	 */
+	for (i = 0; i < _NSIG; i++) {
+		if (signo[i]) {
+			kill(getpid(), i);
+			switch (i) {
+			case SIGTSTP:
+			case SIGTTIN:
+			case SIGTTOU:
+				need_restart = 1;
+			}
+		}
+	}
+	if (need_restart)
+		goto restart;
+
+	if (save_errno)
+		errno = save_errno;
+	return(nr == -1 ? NULL : buf);
+}
+//DEF_WEAK(readpassphrase);
+
+#if 0
+char *
+getpass(const char *prompt)
+{
+	static char buf[_PASSWORD_LEN + 1];
+
+	return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+}
+#endif
+
+static void handler(int s)
+{
+
+	signo[s] = 1;
+}
+#endif /* HAVE_READPASSPHRASE */

dbms/programs/client/readpassphrase/readpassphrase.h

@@ -0,0 +1,56 @@
+// /*	$OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $	*/
+
+/*
+ * Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sponsored in part by the Defense Advanced Research Projects
+ * Agency (DARPA) and Air Force Research Laboratory, Air Force
+ * Materiel Command, USAF, under agreement number F39502-99-1-0512.
+ */
+
+/* OPENBSD ORIGINAL: include/readpassphrase.h */
+
+#pragma once
+// #ifndef _READPASSPHRASE_H_
+// #define _READPASSPHRASE_H_
+
+//#include "includes.h"
+#include "config_client.h"
+
+#ifndef HAVE_READPASSPHRASE
+
+#    ifdef __cplusplus
+extern "C" {
+#    endif
+
+
+#    define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
+#    define RPP_ECHO_ON 0x01 /* Leave echo on. */
+#    define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
+#    define RPP_FORCELOWER 0x04 /* Force input to lower case. */
+#    define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
+#    define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
+#    define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
+
+char * readpassphrase(const char *, char *, size_t, int);
+
+#    ifdef __cplusplus
+}
+#    endif
+
+
+#endif /* HAVE_READPASSPHRASE */
+
+// #endif /* !_READPASSPHRASE_H_ */