Improve api user command

--oneline can now be used to print out only the password hash string.
This can be used to update ApiUser passwords through the API. There is
also now a validation to make use salt does not contain a '$' which
would break verification.
This commit is contained in:
Jean Flach 2017-12-22 13:01:51 +01:00
parent 2e5aedd28a
commit aad44dfbb2
1 changed files with 25 additions and 13 deletions

View File

@ -44,7 +44,8 @@ void ApiUserCommand::InitParameters(boost::program_options::options_description&
visibleDesc.add_options() visibleDesc.add_options()
("user", po::value<std::string>(), "API username") ("user", po::value<std::string>(), "API username")
("passwd", po::value<std::string>(), "Password in clear text") ("passwd", po::value<std::string>(), "Password in clear text")
("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)"); ("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)")
("oneline", "Print only the password hash");
} }
/** /**
@ -54,29 +55,40 @@ void ApiUserCommand::InitParameters(boost::program_options::options_description&
*/ */
int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
{ {
if (!vm.count("user")) { String user, passwd, salt;
if (!vm.count("user") && !vm.count("oneline")) {
Log(LogCritical, "cli", "Username (--user) must be specified."); Log(LogCritical, "cli", "Username (--user) must be specified.");
return 1; return 1;
} } else
user = vm["user"].as<std::string>();
if (!vm.count("passwd")) { if (!vm.count("passwd")) {
Log(LogCritical, "cli", "Password (--passwd) must be specified."); Log(LogCritical, "cli", "Password (--passwd) must be specified.");
return 1; return 1;
} }
String user = vm["user"].as<std::string>(); passwd = vm["passwd"].as<std::string>();
String passwd = vm["passwd"].as<std::string>(); salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
String salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
std::cout << salt << '\n';
if (salt.FindFirstOf('$') != String::NPos) {
Log(LogCritical, "cli", "Salt (--salt) may not contain '$'");
return 1;
}
String hashedPassword = HashPassword(passwd, salt, true); String hashedPassword = HashPassword(passwd, salt, true);
std::cout if (vm.count("oneline"))
<< "object ApiUser \"" << user << "\" {\n" std::cout << '"' << hashedPassword << "\"\n";
<< " password_hash =\"" << hashedPassword << "\"\n" else {
<< " // client_cn = \"\"\n" std::cout
<< "\n" << "object ApiUser \"" << user << "\" {\n"
<< " permissions = [ \"*\" ]\n" << " password_hash =\"" << hashedPassword << "\"\n"
<< "}\n"; << " // client_cn = \"\"\n"
<< "\n"
<< " permissions = [ \"*\" ]\n"
<< "}\n";
}
return 0; return 0;
} }