gh-138577: Fix keyboard shortcuts in getpass with echo_char

Doc/library/getpass.rst

@@ -43,13 +43,18 @@ The :mod:`getpass` module provides two functions:
       On Unix systems, when *echo_char* is set, the terminal will be
       configured to operate in
       :manpage:`noncanonical mode <termios(3)#Canonical_and_noncanonical_mode>`.
-      In particular, this means that line editing shortcuts such as
-      :kbd:`Ctrl+U` will not work and may insert unexpected characters into
-      the input.
+      Common terminal control characters like :kbd:`Ctrl+U` (kill line),
+      :kbd:`Ctrl+W` (erase word), and :kbd:`Ctrl+V` (literal next) are
+      supported by reading the terminal's configured control character
+      mappings.
 
    .. versionchanged:: 3.14
       Added the *echo_char* parameter for keyboard feedback.
 
+   .. versionchanged:: 3.15
+      When using *echo_char* on Unix, keyboard shortcuts are now properly
+      handled using the terminal's control character configuration.
+
 .. exception:: GetPassWarning
 
    A :exc:`UserWarning` subclass issued when password input may be echoed.

Lib/getpass.py

@@ -73,15 +73,27 @@ def unix_getpass(prompt='Password: ', stream=None, *, echo_char=None):
                 old = termios.tcgetattr(fd)     # a copy to save
                 new = old[:]
                 new[3] &= ~termios.ECHO  # 3 == 'lflags'
+                # Extract control characters before changing terminal mode
+                term_ctrl_chars = None
                 if echo_char:
                     new[3] &= ~termios.ICANON
+                    # Get control characters from terminal settings
+                    # Index 6 is cc (control characters array)
+                    cc = old[6]
+                    term_ctrl_chars = {
+                        'ERASE': cc[termios.VERASE] if termios.VERASE < len(cc) else b'\x7f',
+                        'KILL': cc[termios.VKILL] if termios.VKILL < len(cc) else b'\x15',
+                        'WERASE': cc[termios.VWERASE] if termios.VWERASE < len(cc) else b'\x17',
+                        'LNEXT': cc[termios.VLNEXT] if termios.VLNEXT < len(cc) else b'\x16',
+                    }
                 tcsetattr_flags = termios.TCSAFLUSH
                 if hasattr(termios, 'TCSASOFT'):
                     tcsetattr_flags |= termios.TCSASOFT
                 try:
                     termios.tcsetattr(fd, tcsetattr_flags, new)
                     passwd = _raw_input(prompt, stream, input=input,
-                                        echo_char=echo_char)
+                                        echo_char=echo_char,
+                                        term_ctrl_chars=term_ctrl_chars)
 
                 finally:
                     termios.tcsetattr(fd, tcsetattr_flags, old)
@@ -159,7 +171,8 @@ def _check_echo_char(echo_char):
                          f"character, got: {echo_char!r}")
 
 
-def _raw_input(prompt="", stream=None, input=None, echo_char=None):
+def _raw_input(prompt="", stream=None, input=None, echo_char=None,
+               term_ctrl_chars=None):
     # This doesn't save the string in the GNU readline history.
     if not stream:
         stream = sys.stderr
@@ -177,7 +190,8 @@ def _raw_input(prompt="", stream=None, input=None, echo_char=None):
         stream.flush()
     # NOTE: The Python C API calls flockfile() (and unlock) during readline.
     if echo_char:
-        return _readline_with_echo_char(stream, input, echo_char)
+        return _readline_with_echo_char(stream, input, echo_char,
+                                        term_ctrl_chars)
     line = input.readline()
     if not line:
         raise EOFError
@@ -186,27 +200,78 @@ def _raw_input(prompt="", stream=None, input=None, echo_char=None):
     return line
 
 
-def _readline_with_echo_char(stream, input, echo_char):
+def _readline_with_echo_char(stream, input, echo_char, term_ctrl_chars=None):
     passwd = ""
     eof_pressed = False
+    literal_next = False  # For LNEXT (Ctrl+V)
+
+    # Convert terminal control characters to strings for comparison
+    # Default to standard POSIX values if not provided
+    if term_ctrl_chars:
+        # Control chars from termios are bytes, convert to str
+        erase_char = term_ctrl_chars['ERASE'].decode('latin-1') if isinstance(term_ctrl_chars['ERASE'], bytes) else term_ctrl_chars['ERASE']
+        kill_char = term_ctrl_chars['KILL'].decode('latin-1') if isinstance(term_ctrl_chars['KILL'], bytes) else term_ctrl_chars['KILL']
+        werase_char = term_ctrl_chars['WERASE'].decode('latin-1') if isinstance(term_ctrl_chars['WERASE'], bytes) else term_ctrl_chars['WERASE']
+        lnext_char = term_ctrl_chars['LNEXT'].decode('latin-1') if isinstance(term_ctrl_chars['LNEXT'], bytes) else term_ctrl_chars['LNEXT']
+    else:
+        # Standard POSIX defaults
+        erase_char = '\x7f'  # DEL
+        kill_char = '\x15'   # Ctrl+U
+        werase_char = '\x17' # Ctrl+W
+        lnext_char = '\x16'  # Ctrl+V
+
     while True:
         char = input.read(1)
+
         if char == '\n' or char == '\r':
             break
         elif char == '\x03':
             raise KeyboardInterrupt
-        elif char == '\x7f' or char == '\b':
-            if passwd:
-                stream.write("\b \b")
-                stream.flush()
-            passwd = passwd[:-1]
         elif char == '\x04':
             if eof_pressed:
                 break
             else:
                 eof_pressed = True
         elif char == '\x00':
             continue
+        # Handle LNEXT (Ctrl+V) - insert next character literally
+        elif literal_next:
+            passwd += char
+            stream.write(echo_char)
+            stream.flush()
+            literal_next = False
+            eof_pressed = False
+        elif char == lnext_char:
+            literal_next = True
+            eof_pressed = False
+        # Handle ERASE (Backspace/DEL) - delete one character
+        elif char == erase_char or char == '\b':
+            if passwd:
+                stream.write("\b \b")
+                stream.flush()
+                passwd = passwd[:-1]
+            eof_pressed = False
+        # Handle KILL (Ctrl+U) - erase entire line
+        elif char == kill_char:
+            # Clear all echoed characters
+            while passwd:
+                stream.write("\b \b")
+                passwd = passwd[:-1]
+            stream.flush()
+            eof_pressed = False
+        # Handle WERASE (Ctrl+W) - erase previous word
+        elif char == werase_char:
+            # Delete backwards until we find a space or reach the beginning
+            # First, skip any trailing spaces
+            while passwd and passwd[-1] == ' ':
+                stream.write("\b \b")
+                passwd = passwd[:-1]
+            # Then delete the word
+            while passwd and passwd[-1] != ' ':
+                stream.write("\b \b")
+                passwd = passwd[:-1]
+            stream.flush()
+            eof_pressed = False
         else:
             passwd += char
             stream.write(echo_char)

Lib/test/test_getpass.py

@@ -174,7 +174,8 @@ def test_echo_char_replaces_input_with_asterisks(self):
 
             result = getpass.unix_getpass(echo_char='*')
             mock_input.assert_called_once_with('Password: ', textio(),
-                                               input=textio(), echo_char='*')
+                                               input=textio(), echo_char='*',
+                                               term_ctrl_chars=mock.ANY)
             self.assertEqual(result, mock_result)
 
     def test_raw_input_with_echo_char(self):
@@ -200,6 +201,41 @@ def test_control_chars_with_echo_char(self):
         self.assertEqual(result, expect_result)
         self.assertEqual('Password: *******\x08 \x08', mock_output.getvalue())
 
+    def test_kill_ctrl_u_with_echo_char(self):
+        # Ctrl+U (KILL) should clear the entire line
+        passwd = 'foo\x15bar'  # Type "foo", hit Ctrl+U, type "bar"
+        expect_result = 'bar'
+        mock_input = StringIO(f'{passwd}\n')
+        mock_output = StringIO()
+        result = getpass._raw_input('Password: ', mock_output, mock_input,
+                                    '*')
+        self.assertEqual(result, expect_result)
+        # Should show "***" then clear all 3, then show "***" for "bar"
+        output = mock_output.getvalue()
+        self.assertIn('***', output)
+        # Should have backspaces to clear the "foo" part
+        self.assertIn('\b', output)
+
+    def test_werase_ctrl_w_with_echo_char(self):
+        # Ctrl+W (WERASE) should delete the previous word
+        passwd = 'hello world\x17end'  # Type "hello world", hit Ctrl+W, type "end"
+        expect_result = 'hello end'
+        mock_input = StringIO(f'{passwd}\n')
+        mock_output = StringIO()
+        result = getpass._raw_input('Password: ', mock_output, mock_input,
+                                    '*')
+        self.assertEqual(result, expect_result)
+
+    def test_lnext_ctrl_v_with_echo_char(self):
+        # Ctrl+V (LNEXT) should insert the next character literally
+        passwd = 'test\x16\x15more'  # Type "test", hit Ctrl+V, then Ctrl+U (literal), type "more"
+        expect_result = 'test\x15more'  # Should contain literal Ctrl+U
+        mock_input = StringIO(f'{passwd}\n')
+        mock_output = StringIO()
+        result = getpass._raw_input('Password: ', mock_output, mock_input,
+                                    '*')
+        self.assertEqual(result, expect_result)
+
 
 class GetpassEchoCharTest(unittest.TestCase):
 

Misc/NEWS.d/next/Library/2025-11-15-23-14-30.gh-issue-138577.KbShrt.rst

@@ -0,0 +1,4 @@
+:func:`getpass.getpass` with ``echo_char`` now handles keyboard shortcuts like
+Ctrl+U (kill line), Ctrl+W (erase word), and Ctrl+V (literal next) by reading
+the terminal's control character settings and processing them appropriately in
+non-canonical mode. Patch by Sanyam Khurana.