merge: nmcli: don't show password by default, add --show-secrets (rh #759116)

https://bugzilla.gnome.org/show_bug.cgi?id=759116
2015-12-07 14:25:37 +01:00
parent d5a8401686 629de4e689
commit c52b2044cd
9 changed files with 129 additions and 77 deletions
--- a/clients/cli/common.c
+++ b/clients/cli/common.c
@@ -930,6 +930,7 @@ get_secrets_from_user (const char *request_id,
                       const char *title,
                       const char *msg,
                       gboolean ask,
                       gboolean echo_on,
                       GHashTable *pwds_hash,
                       GPtrArray *secrets)
 {
@@ -951,7 +952,7 @@ get_secrets_from_user (const char *request_id,
 					rl_startup_hook = nmc_rl_set_deftext;
 					nmc_rl_pre_input_deftext = g_strdup (secret->value);
 				}
-				pwd = nmc_readline ("%s (%s): ", secret->name, secret->prop_name);
+				pwd = nmc_readline_echo (echo_on, "%s (%s): ", secret->name, secret->prop_name);
 				if (!pwd)
 					pwd = g_strdup ("");
 			} else {
@@ -998,7 +999,7 @@ nmc_secrets_requested (NMSecretAgentSimple *agent,
 		nmc_terminal_erase_line ();
 	success = get_secrets_from_user (request_id, title, msg, nmc->in_editor || nmc->ask,
-	                                 nmc->pwds_hash, secrets);
+	                                 nmc->show_secrets, nmc->pwds_hash, secrets);
 	if (success)
 		nm_secret_agent_simple_response (agent, request_id, secrets);
 	else {
@@ -1074,30 +1075,12 @@ nmc_set_in_readline (gboolean in_readline)
 /* Global variable defined in nmcli.c */
 extern NmCli nm_cli;
 /**
 * nmc_readline:
 * @prompt_fmt: prompt to print (telling user what to enter). It is standard
 *   printf() format string
 * @...: a list of arguments according to the @prompt_fmt format string
 *
 * Wrapper around libreadline's readline() function.
 * If user pressed Ctrl-C, readline() is called again (if not in editor and
 * line is empty, nmcli will quit).
 * If user pressed Ctrl-D on empty line, nmcli will quit.
 *
 * Returns: the user provided string. In case the user entered empty string,
 * this function returns NULL.
 */
 char *
 nmc_readline (const char *prompt_fmt, ...)
 {
 	va_list args;
 	char *prompt, *str;
 	int b;
-	va_start (args, prompt_fmt);
+static char *
-	prompt = g_strdup_vprintf (prompt_fmt, args);
+nmc_readline_helper (const char *prompt)
-	va_end (args);
+{
 	char *str;
 	int b;
 readline_mark:
 	/* We are in readline -> Ctrl-C should not quit nmcli */
@@ -1145,7 +1128,6 @@ readline_mark:
 				sleep (3);
 		}
 	}
 	g_free (prompt);
 	/* Return NULL, not empty string */
 	if (str && *str == '\0') {
@@ -1155,6 +1137,73 @@ readline_mark:
 	return str;
 }
 /**
 * nmc_readline:
 * @prompt_fmt: prompt to print (telling user what to enter). It is standard
 *   printf() format string
 * @...: a list of arguments according to the @prompt_fmt format string
 *
 * Wrapper around libreadline's readline() function.
 * If user pressed Ctrl-C, readline() is called again (if not in editor and
 * line is empty, nmcli will quit).
 * If user pressed Ctrl-D on empty line, nmcli will quit.
 *
 * Returns: the user provided string. In case the user entered empty string,
 * this function returns NULL.
 */
 char *
 nmc_readline (const char *prompt_fmt, ...)
 {
 	va_list args;
 	char *prompt, *str;
 	va_start (args, prompt_fmt);
 	prompt = g_strdup_vprintf (prompt_fmt, args);
 	va_end (args);
 	str = nmc_readline_helper (prompt);
 	g_free (prompt);
 	return str;
 }
 /**
 * nmc_readline_echo:
 *
 * The same as nmc_readline() except it can disable echoing of input characters if @echo_on is %FALSE.
 * nmc_readline(TRUE, ...) == nmc_readline(...)
 */
 char *
 nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...)
 {
 	va_list args;
 	char *prompt, *str;
 	struct termios termios_orig, termios_new;
 	va_start (args, prompt_fmt);
 	prompt = g_strdup_vprintf (prompt_fmt, args);
 	va_end (args);
 	/* Disable echoing characters */
 	if (!echo_on) {
 		tcgetattr (STDIN_FILENO, &termios_orig);
 		termios_new = termios_orig;
 		termios_new.c_lflag &= ~(ECHO);
 		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
 	}
 	str = nmc_readline_helper (prompt);
 	g_free (prompt);
 	/* Restore original terminal settings */
 	if (!echo_on)
 		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
 	return str;
 }
 /**
 * nmc_rl_gen_func_basic:
 * @text: text to complete
--- a/clients/cli/common.h
+++ b/clients/cli/common.h
@@ -62,6 +62,7 @@ char *nmc_unique_connection_name (const GPtrArray *connections,
 void nmc_cleanup_readline (void);
 char *nmc_readline (const char *prompt_fmt, ...) G_GNUC_PRINTF (1, 2);
 char *nmc_readline_echo (gboolean echo_on, const char *prompt_fmt, ...) G_GNUC_PRINTF (2, 3);
 char *nmc_rl_gen_func_basic (const char *text, int state, const char **words);
 gboolean nmc_get_in_readline (void);
 void nmc_set_in_readline (gboolean in_readline);
--- a/clients/cli/connections.c
+++ b/clients/cli/connections.c
@@ -265,7 +265,7 @@ usage (void)
 	g_printerr (_("Usage: nmcli connection { COMMAND | help }\n\n"
 	              "COMMAND := { show | up | down | add | modify | edit | delete | monitor | reload | load }\n\n"
 	              "  show [--active] [--order <order spec>]\n"
-	              "  show [--active] [--show-secrets] [id | uuid | path | apath] <ID> ...\n\n"
+	              "  show [--active] [id | uuid | path | apath] <ID> ...\n\n"
 	              "  up [[id | uuid | path] <ID>] [ifname <ifname>] [ap <BSSID>] [passwd-file <file with passwords>]\n\n"
 	              "  down [id | uuid | path | apath] <ID> ...\n\n"
 	              "  add COMMON_OPTIONS TYPE_SPECIFIC_OPTIONS SLAVE_OPTIONS IP_OPTIONS [-- ([+|-]<setting>.<property> <value>)+]\n\n"
@@ -293,13 +293,13 @@ usage_connection_show (void)
 	              "profiles are listed. When --active option is specified, only the active\n"
 	              "profiles are shown. --order allows custom connection ordering (see manual page).\n"
 	              "\n"
-	              "ARGUMENTS := [--active] [--show-secrets] [id | uuid | path | apath] <ID> ...\n"
+	              "ARGUMENTS := [--active] [id | uuid | path | apath] <ID> ...\n"
 	              "\n"
 	              "Show details for specified connections. By default, both static configuration\n"
 	              "and active connection data are displayed. It is possible to filter the output\n"
 	              "using global '--fields' option. Refer to the manual page for more information.\n"
 	              "When --active option is specified, only the active profiles are taken into\n"
-	              "account. --show-secrets option will reveal associated secrets as well.\n"));
+	              "account. Use global --show-secrets option to reveal associated secrets as well.\n"));
 }
 static void
@@ -3656,7 +3656,7 @@ do_questionnaire_wimax (char **mac)
 }
 static void
-do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac)
+do_questionnaire_pppoe (gboolean echo, char **password, char **service, char **mtu, char **mac)
 {
 	gboolean once_more;
 	GError *error = NULL;
@@ -3666,7 +3666,7 @@ do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac)
 		return;
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 	if (!*service)
 		*service = nmc_readline (_("Service [none]: "));
@@ -3695,7 +3695,7 @@ do_questionnaire_pppoe (char **password, char **service, char **mtu, char **mac)
 }
 static void
-do_questionnaire_mobile (char **user, char **password)
+do_questionnaire_mobile (gboolean echo, char **user, char **password)
 {
 	/* Ask for optional 'gsm' or 'cdma' arguments. */
 	if (!want_provide_opt_args (_("mobile broadband"), 2))
@@ -3704,7 +3704,7 @@ do_questionnaire_mobile (char **user, char **password)
 	if (!*user)
 		*user = nmc_readline (_("Username [none]: "));
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 }
 #define WORD_PANU      "panu"
@@ -4181,7 +4181,7 @@ do_questionnaire_olpc (char **channel, char **dhcp_anycast)
 #define PROMPT_ADSL_ENCAP "(" NM_SETTING_ADSL_ENCAPSULATION_VCMUX "/" NM_SETTING_ADSL_ENCAPSULATION_LLC ") [none]: "
 static void
-do_questionnaire_adsl (char **password, char **encapsulation)
+do_questionnaire_adsl (gboolean echo, char **password, char **encapsulation)
 {
 	gboolean once_more;
 	GError *error = NULL;
@@ -4191,7 +4191,7 @@ do_questionnaire_adsl (char **password, char **encapsulation)
 		return;
 	if (!*password)
-		*password = nmc_readline (_("Password [none]: "));
+		*password = nmc_readline_echo (echo, _("Password [none]: "));
 	if (!*encapsulation) {
 		do {
@@ -4650,6 +4650,7 @@ complete_connection_by_type (NMConnection *connection,
                             const char *con_type,
                             const GPtrArray *all_connections,
                             gboolean ask,
                             gboolean show_secrets,
                             int argc,
                             char **argv,
                             GError **error)
@@ -4970,7 +4971,7 @@ cleanup_wimax:
 		mtu = g_strdup (mtu_c);
 		mac = g_strdup (mac_c);
 		if (ask)
-			do_questionnaire_pppoe (&password, &service, &mtu, &mac);
+			do_questionnaire_pppoe (show_secrets, &password, &service, &mtu, &mac);
 		if (!check_and_convert_mtu (mtu, &mtu_int, error))
 			goto cleanup_pppoe;
@@ -5040,7 +5041,7 @@ cleanup_pppoe:
 		user = g_strdup (user_c);
 		password = g_strdup (password_c);
 		if (ask)
-			do_questionnaire_mobile (&user, &password);
+			do_questionnaire_mobile (show_secrets, &user, &password);
 		if (is_gsm) {
 			g_object_set (s_con, NM_SETTING_CONNECTION_TYPE, NM_SETTING_GSM_SETTING_NAME, NULL);
@@ -5760,7 +5761,7 @@ cleanup_olpc:
 		password = g_strdup (password_c);
 		encapsulation = g_strdup (encapsulation_c);
 		if (ask)
-			do_questionnaire_adsl (&password, &encapsulation);
+			do_questionnaire_adsl (show_secrets, &password, &encapsulation);
 		if (!check_adsl_encapsulation (&encapsulation, error))
 			goto cleanup_adsl;
@@ -6620,6 +6621,7 @@ do_connection_add (NmCli *nmc, int argc, char **argv)
 	                                  setting_name,
 	                                  nmc->connections,
 	                                  nmc->ask,
 	                                  nmc->show_secrets,
 	                                  argc,
 	                                  argv,
 	                                  &error)) {
@@ -10487,6 +10489,8 @@ do_connections (NmCli *nmc, int argc, char **argv)
 					active = TRUE;
 					next_arg (&argc, &argv);
 				}
 				/* --show-secrets is deprecated in favour of global --show-secrets */
 				/* Keep it here for backwards compatibility */
 				if (!show_secrets && nmc_arg_is_option (*argv, "show-secrets")) {
 					show_secrets = TRUE;
 					next_arg (&argc, &argv);
@@ -10503,6 +10507,7 @@ do_connections (NmCli *nmc, int argc, char **argv)
 					next_arg (&argc, &argv);
 				}
 			}
 			show_secrets = nmc->show_secrets || show_secrets;
 			nmc->return_value = do_connections_show (nmc, active, show_secrets, order, argc, argv);
 			if (order)
 				g_array_unref (order);
--- a/clients/cli/devices.c
+++ b/clients/cli/devices.c
@@ -293,8 +293,7 @@ usage (void)
 	              "  wifi [list [ifname <ifname>] [bssid <BSSID>]]\n\n"
 	              "  wifi connect <(B)SSID> [password <password>] [wep-key-type key|phrase] [ifname <ifname>]\n"
 	              "                         [bssid <BSSID>] [name <name>] [private yes|no] [hidden yes|no]\n\n"
-	              "  wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>]\n\n"
+	              "  wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]\n\n"
 	              "               [password <password>] [--show-password]\n\n"
 	              "  wifi rescan [ifname <ifname>] [[ssid <SSID to scan>] ...]\n\n"
 	              "  lldp [list [ifname <ifname>]]\n\n"
 	              ));
@@ -414,7 +413,6 @@ usage_device_wifi (void)
 	              "\n"
 	              "ARGUMENTS := wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>]\n"
 	              "                          [band a|bg] [channel <channel>] [password <password>]\n"
 	              "                          [--show-password]\n"
 	              "\n"
 	              "Create a Wi-Fi hotspot. Use 'connection down' or 'device disconnect'\n"
 	              "to stop the hotspot.\n"
@@ -425,7 +423,6 @@ usage_device_wifi (void)
 	              "band - Wi-Fi band to use\n"
 	              "channel - Wi-Fi channel to use\n"
 	              "password - password to use for the hotspot\n"
 	              "--show-password - tell nmcli to print password to stdout\n"
 	              "\n"
 	              "ARGUMENTS := rescan [ifname <ifname>] [[ssid <SSID to scan>] ...]\n"
 	              "\n"
@@ -2762,7 +2759,7 @@ do_device_wifi_connect_network (NmCli *nmc, int argc, char **argv)
 	if (ap_flags & NM_802_11_AP_FLAGS_PRIVACY) {
 		/* Ask for missing password when one is expected and '--ask' is used */
 		if (!password && nmc->ask)
-			password = passwd_ask = nmc_readline (_("Password: "));
+			password = passwd_ask = nmc_readline_echo (nmc->show_secrets, _("Password: "));
 		if (password) {
 			if (!connection)
@@ -3033,6 +3030,8 @@ do_device_wifi_hotspot (NmCli *nmc, int argc, char **argv)
 				goto error;
 			}
 			password = *argv;
 		/* --show-password is deprecated in favour of global --show-secrets option */
 		/* Keep it here for backwards compatibility */
 		} else if (nmc_arg_is_option (*argv, "show-password")) {
 			show_password = TRUE;
 		} else {
@@ -3044,6 +3043,7 @@ do_device_wifi_hotspot (NmCli *nmc, int argc, char **argv)
 		argc--;
 		argv++;
 	}
 	show_password = nmc->show_secrets || show_password;
 	/* Verify band and channel parameters */
 	if (!channel) {
--- a/clients/cli/nmcli-completion
+++ b/clients/cli/nmcli-completion
@@ -184,6 +184,9 @@ _nmcli_compl_OPTIONS()
            ask)
                _nmcli_array_delete_at words 0
                ;;
            show-secrets)
                _nmcli_array_delete_at words 0
                ;;
            order)
                if [[ "${#words[@]}" -eq 2 ]]; then
                   local ord="${words[1]}"
@@ -211,9 +214,6 @@ _nmcli_compl_OPTIONS()
                fi
                _nmcli_array_delete_at words 0 1
                ;;
            show-secrets)
                _nmcli_array_delete_at words 0
                ;;
            active)
                _nmcli_array_delete_at words 0
                ;;
@@ -522,8 +522,7 @@ _nmcli_compl_ARGS()
            hairpin| \
            save| \
            hidden| \
-            private| \
+            private)
            show-password)
                if [[ "${#words[@]}" -eq 2 ]]; then
                    _nmcli_list "yes no"
                    return 0
@@ -792,7 +791,7 @@ _nmcli()
    local COMMAND_CONNECTION_ACTIVE=""
    HELP_ONLY_AS_FIRST=
-    local LONG_OPTIONS=(terse pretty mode fields colors escape nocheck ask wait version help)
+    local LONG_OPTIONS=(terse pretty mode fields colors escape nocheck ask show-secrets wait version help)
    _nmcli_compl_OPTIONS
    i=$?
@@ -887,11 +886,11 @@ _nmcli()
                case "$command" in
                    s|sh|sho|show)
                        if [[ ${#words[@]} -eq 3 ]]; then
-                            _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active show-secrets order
+                            _nmcli_compl_COMMAND_nl "${words[2]}" "$(printf "id\nuuid\npath\napath\n%s" "$(_nmcli_con_show NAME)")" active order
                        elif [[ ${#words[@]} -gt 3 ]]; then
                            _nmcli_array_delete_at words 0 1
-                            LONG_OPTIONS=(help active show-secrets order)
+                            LONG_OPTIONS=(help active order)
                            HELP_ONLY_AS_FIRST=1
                            _nmcli_compl_OPTIONS
                            i=$?
@@ -1444,7 +1443,7 @@ _nmcli()
                                    ;;
                                h|ho|hot|hots|hotsp|hotspo|hotspot)
                                    _nmcli_array_delete_at words 0 2
-                                    OPTIONS=(ifname con-name ssid band channel password show-password)
+                                    OPTIONS=(ifname con-name ssid band channel password)
                                    _nmcli_compl_ARGS
                                    ;;
                                r|re|res|resc|resca|rescan)
--- a/clients/cli/nmcli.c
+++ b/clients/cli/nmcli.c
@@ -92,6 +92,7 @@ usage (const char *prog_name)
 	              "  -e[scape] yes|no                           escape columns separators in values\n"
 	              "  -n[ocheck]                                 don't check nmcli and NetworkManager versions\n"
 	              "  -a[sk]                                     ask for missing parameters\n"
 	              "  -s[how-secrets]                            allow displaying passwords\n"
 	              "  -w[ait] <seconds>                          set timeout waiting for finishing operations\n"
 	              "  -v[ersion]                                 show program version\n"
 	              "  -h[elp]                                    print this help\n"
@@ -257,6 +258,8 @@ parse_command_line (NmCli *nmc, int argc, char **argv)
 			nmc->nocheck_ver = TRUE;
 		} else if (matches (opt, "-ask") == 0) {
 			nmc->ask = TRUE;
 		} else if (matches (opt, "-show-secrets") == 0) {
 			nmc->show_secrets = TRUE;
 		} else if (matches (opt, "-wait") == 0) {
 			unsigned long timeout;
 			next_arg (&argc, &argv);
@@ -545,6 +548,7 @@ nmc_init (NmCli *nmc)
 	memset (&nmc->print_fields, '\0', sizeof (NmcPrintFields));
 	nmc->nocheck_ver = FALSE;
 	nmc->ask = FALSE;
 	nmc->show_secrets = FALSE;
 	nmc->use_colors = NMC_USE_COLOR_AUTO;
 	nmc->in_editor = FALSE;
 	nmc->editor_status_line = FALSE;
--- a/clients/cli/nmcli.h
+++ b/clients/cli/nmcli.h
@@ -156,6 +156,7 @@ typedef struct _NmCli {
 	NmcPrintFields print_fields;                      /* Structure with field indices to print */
 	gboolean nocheck_ver;                             /* Don't check nmcli and NM versions: option '--nocheck' */
 	gboolean ask;                                     /* Ask for missing parameters: option '--ask' */
 	gboolean show_secrets;                            /* Whether to display secrets (both input and output): option '--show-secrets' */
 	gboolean in_editor;                               /* Whether running the editor - nmcli con edit' */
 	gboolean editor_status_line;                      /* Whether to display status line in connection editor */
 	gboolean editor_save_confirmation;                /* Whether to ask for confirmation on saving connections with 'autoconnect=yes' */
--- a/clients/cli/polkit-agent.c
+++ b/clients/cli/polkit-agent.c
@@ -25,7 +25,6 @@
 #include <string.h>
 #include <sys/types.h>
 #include <unistd.h>
 #include <termios.h>
 #include "nm-default.h"
 #include "polkit-agent.h"
@@ -42,18 +41,10 @@ polkit_request (const char *request,
 		gpointer user_data)
 {
 	char *response, *tmp, *p;
 	struct termios termios_orig, termios_new;
 	g_print ("%s\n", message);
 	g_print ("(action_id: %s)\n", action_id);
 	if (!echo_on) {
 		tcgetattr (STDIN_FILENO, &termios_orig);
 		termios_new = termios_orig;
 		termios_new.c_lflag &= ~(ECHO);
 		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_new);
 	}
 	/* Ask user for polkit authorization password */
 	if (user) {
 		/* chop of ": " if present */
@@ -61,16 +52,12 @@ polkit_request (const char *request,
 		p = strrchr (tmp, ':');
 		if (p && !strcmp (p, ": "))
 			*p = '\0';
-		response = nmc_readline ("%s (%s): ", tmp, user);
+		response = nmc_readline_echo (echo_on, "%s (%s): ", tmp, user);
 		g_free (tmp);
 	} else
-		response = nmc_readline ("%s", request);
+		response = nmc_readline_echo (echo_on, "%s", request);
 	g_print ("\n");
 	/* Restore original terminal settings */
 	if (!echo_on)
 		tcsetattr (STDIN_FILENO, TCSADRAIN, &termios_orig);
 	return response;
 }
--- a/man/nmcli.1.in
+++ b/man/nmcli.1.in
@@ -55,6 +55,8 @@ nmcli \- command\(hyline tool for controlling NetworkManager
 .br
 \fB\-a\fR[\fIsk\fR]
 .br
 \fB\-s\fR[\fIhow-secrets\fR]
 .br
 \fB\-w\fR[\fIait\fR] <seconds>
 .br
 \fB\-v\fR[\fIersion\fR]
@@ -141,6 +143,11 @@ arguments, so do not use this option for non-interactive purposes like scripts.
 This option controls, for example, whether you will be prompted for a password
 if it is required for connecting to a network.
 .TP
 .B \-s, \-\-show-secrets
 When using this option \fInmcli\fP will display passwords and secrets that might
 be present in an output of an operation. This option also influences echoing
 passwords typed by user as an input.
 .TP
 .B \-w, \-\-wait <seconds>
 This option sets a timeout period for which \fInmcli\fP will wait for \fINetworkManager\fP
 to finish operations. It is especially useful for commands that may take a longer time to
@@ -299,12 +306,12 @@ active if a device is using that connection profile. Without a parameter, all
 profiles are listed. When --active option is specified, only the active profiles
 are shown.
 .TP
-.B show [--active] [--order <order spec>] [--show-secrets] [ id | uuid | path | apath ] <ID> ...
+.B show [--active] [--order <order spec>] [ id | uuid | path | apath ] <ID> ...
 .br
 Show details for specified connections. By default, both static configuration
 and active connection data are displayed.  When --active option is specified,
-only the active profiles are taken into account. When --show-secrets option is
+only the active profiles are taken into account. Use global --show-secrets option
-specified, secrets associated with the profile will be revealed too.
+to display secrets associated with the profile.
 .sp
 Ordering:
 .br
@@ -938,8 +945,7 @@ Otherwise the connection is system\(hywide, which is the default.
 Otherwise the SSID would not be found and the connection attempt would fail.
 .RE
 .TP
-.B wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>]
+.B wifi hotspot [ifname <ifname>] [con-name <name>] [ssid <SSID>] [band a|bg] [channel <channel>] [password <password>]
 .B [password <password>] [--show-password]
 .br
 Create a Wi-Fi hotspot. The command creates a hotspot connection profile according to
 Wi-Fi device capabilities and activates it on the device. The hotspot is secured with WPA
@@ -963,9 +969,9 @@ Parameters of the hotspot can be influenced by the optional parameters:
 \(en password to use for the created hotspot. If not provided,
 nmcli will generate a password. The password is either WPA
 pre-shared key or WEP key.
-.IP \fI--show-password\fP 17
+.PP
-\(en tell nmcli to print the password to stdout. It is useful
+Note that \fI--show-secrets\fP global option can be used to print the hotspot
-when the user did not provide his own password.
+password. It is useful especially when the password was generated.
 .RE
 .TP
 .B wifi rescan [ifname <ifname>] [[ssid <SSID>] ...]
@@ -1108,7 +1114,7 @@ shows all connection profile names and their auto-connect property.
 .IP
 shows details for "My default em1" connection profile.
-.IP "\fB\f(CWnmcli connection show --show-secrets \(dq\&My Home WiFi\(dq\&\fP\fP"
+.IP "\fB\f(CWnmcli --show-secrets connection show \(dq\&My Home WiFi\(dq\&\fP\fP"
 .IP
 shows details for "My Home WiFi" connection profile with all passwords.
 Without \fI--show-secrets\fP option, secrets would not be displayed.
@@ -1162,7 +1168,7 @@ using password "caffeine". This is mainly useful when connecting to "Cafe Hotspo
 the first time. Next time, it is better to use 'nmcli con up id "My cafe"' so that the
 existing connection profile can be used and no additional is created.
-.IP "\fB\f(CWnmcli dev wifi hotspot -s con-name QuickHotspot\fP\fP"
+.IP "\fB\f(CWnmcli -s dev wifi hotspot con-name QuickHotspot\fP\fP"
 .IP
 creates a hotspot profile and connects it. Prints the hotspot password the user should use
 to connect to the hotspot from other devices.