mirror of https://github.com/Icinga/icinga2.git
Improve api user command
--oneline can now be used to print out only the password hash string. This can be used to update ApiUser passwords through the API. There is also now a validation to make use salt does not contain a '$' which would break verification.
This commit is contained in:
parent
2e5aedd28a
commit
aad44dfbb2
|
@ -44,7 +44,8 @@ void ApiUserCommand::InitParameters(boost::program_options::options_description&
|
||||||
visibleDesc.add_options()
|
visibleDesc.add_options()
|
||||||
("user", po::value<std::string>(), "API username")
|
("user", po::value<std::string>(), "API username")
|
||||||
("passwd", po::value<std::string>(), "Password in clear text")
|
("passwd", po::value<std::string>(), "Password in clear text")
|
||||||
("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)");
|
("salt", po::value<std::string>(), "Optional salt (default: 8 random chars)")
|
||||||
|
("oneline", "Print only the password hash");
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -54,29 +55,40 @@ void ApiUserCommand::InitParameters(boost::program_options::options_description&
|
||||||
*/
|
*/
|
||||||
int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
int ApiUserCommand::Run(const boost::program_options::variables_map& vm, const std::vector<std::string>& ap) const
|
||||||
{
|
{
|
||||||
if (!vm.count("user")) {
|
String user, passwd, salt;
|
||||||
|
if (!vm.count("user") && !vm.count("oneline")) {
|
||||||
Log(LogCritical, "cli", "Username (--user) must be specified.");
|
Log(LogCritical, "cli", "Username (--user) must be specified.");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
} else
|
||||||
|
user = vm["user"].as<std::string>();
|
||||||
|
|
||||||
if (!vm.count("passwd")) {
|
if (!vm.count("passwd")) {
|
||||||
Log(LogCritical, "cli", "Password (--passwd) must be specified.");
|
Log(LogCritical, "cli", "Password (--passwd) must be specified.");
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
String user = vm["user"].as<std::string>();
|
passwd = vm["passwd"].as<std::string>();
|
||||||
String passwd = vm["passwd"].as<std::string>();
|
salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
|
||||||
String salt = vm.count("salt") ? String(vm["salt"].as<std::string>()) : RandomString(8);
|
|
||||||
|
std::cout << salt << '\n';
|
||||||
|
if (salt.FindFirstOf('$') != String::NPos) {
|
||||||
|
Log(LogCritical, "cli", "Salt (--salt) may not contain '$'");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
|
||||||
String hashedPassword = HashPassword(passwd, salt, true);
|
String hashedPassword = HashPassword(passwd, salt, true);
|
||||||
|
|
||||||
std::cout
|
if (vm.count("oneline"))
|
||||||
<< "object ApiUser \"" << user << "\" {\n"
|
std::cout << '"' << hashedPassword << "\"\n";
|
||||||
<< " password_hash =\"" << hashedPassword << "\"\n"
|
else {
|
||||||
<< " // client_cn = \"\"\n"
|
std::cout
|
||||||
<< "\n"
|
<< "object ApiUser \"" << user << "\" {\n"
|
||||||
<< " permissions = [ \"*\" ]\n"
|
<< " password_hash =\"" << hashedPassword << "\"\n"
|
||||||
<< "}\n";
|
<< " // client_cn = \"\"\n"
|
||||||
|
<< "\n"
|
||||||
|
<< " permissions = [ \"*\" ]\n"
|
||||||
|
<< "}\n";
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue