Implement setting API password via env variable
Signed-off-by: DL6ER <dl6er@dl6er.de>
This commit is contained in:
parent
b853e2a855
commit
6f8bc4ee82
|
@ -283,26 +283,8 @@ static const char *getJSONvalue(struct conf_item *conf_item, cJSON *elem, struct
|
|||
break;
|
||||
}
|
||||
|
||||
// Get password hash as allocated string (an empty string is hashed to an empty string)
|
||||
char *pwhash = strlen(elem->valuestring) > 0 ? create_password(elem->valuestring) : strdup("");
|
||||
|
||||
// Verify that the password hash is valid
|
||||
if(verify_password(elem->valuestring, pwhash, false) != PASSWORD_CORRECT)
|
||||
{
|
||||
free(pwhash);
|
||||
if(!set_and_check_password(conf_item, elem->valuestring))
|
||||
return "Failed to create password hash (verification failed), password remains unchanged";
|
||||
}
|
||||
|
||||
// Get pointer to pwhash instead
|
||||
conf_item--;
|
||||
|
||||
// Free previously allocated memory (if applicable)
|
||||
if(conf_item->t == CONF_STRING_ALLOCATED)
|
||||
free(conf_item->v.s);
|
||||
|
||||
// Set item
|
||||
conf_item->v.s = pwhash;
|
||||
log_debug(DEBUG_CONFIG, "Set %s to \"%s\"", conf_item->k, conf_item->v.s);
|
||||
|
||||
break;
|
||||
}
|
||||
|
|
|
@ -570,3 +570,30 @@ int run_performance_test(void)
|
|||
|
||||
return EXIT_SUCCESS;
|
||||
}
|
||||
|
||||
bool set_and_check_password(struct conf_item *conf_item, const char *password)
|
||||
{
|
||||
// Get password hash as allocated string (an empty string is hashed to an empty string)
|
||||
char *pwhash = strlen(password) > 0 ? create_password(password) : strdup("");
|
||||
|
||||
// Verify that the password hash is valid
|
||||
if(verify_password(password, pwhash, false) != PASSWORD_CORRECT)
|
||||
{
|
||||
free(pwhash);
|
||||
log_warn("Failed to create password hash (verification failed), password remains unchanged");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Get pointer to pwhash instead
|
||||
conf_item--;
|
||||
|
||||
// Free previously allocated memory (if applicable)
|
||||
if(conf_item->t == CONF_STRING_ALLOCATED)
|
||||
free(conf_item->v.s);
|
||||
|
||||
// Set item
|
||||
conf_item->v.s = pwhash;
|
||||
log_debug(DEBUG_CONFIG, "Set %s to \"%s\"", conf_item->k, conf_item->v.s);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
|
@ -18,6 +18,7 @@ void sha256_raw_to_hex(uint8_t *data, char *buffer);
|
|||
char *create_password(const char *password) __attribute__((malloc));
|
||||
char verify_password(const char *password, const char *pwhash, const bool rate_limiting);
|
||||
int run_performance_test(void);
|
||||
bool set_and_check_password(struct conf_item *conf_item, const char *password);
|
||||
|
||||
enum password_result {
|
||||
PASSWORD_INCORRECT = 0,
|
||||
|
|
|
@ -18,6 +18,8 @@
|
|||
#include <sys/file.h>
|
||||
// rotate_files()
|
||||
#include "files.h"
|
||||
//set_and_check_password()
|
||||
#include "config/password.h"
|
||||
|
||||
// Open the TOML file for reading or writing
|
||||
FILE * __attribute((malloc)) __attribute((nonnull(1))) openFTLtoml(const char *mode)
|
||||
|
@ -714,6 +716,7 @@ void readTOMLvalue(struct conf_item *conf_item, const char* key, toml_table_t *t
|
|||
case CONF_PASSWORD:
|
||||
{
|
||||
// This is ignored, it is only a pseudo-element with no real content
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -950,7 +953,11 @@ bool readEnvValue(struct conf_item *conf_item, struct config *newconf)
|
|||
}
|
||||
case CONF_PASSWORD:
|
||||
{
|
||||
// This is ignored, it is only a pseudo-element with no real content
|
||||
if(!set_and_check_password(conf_item, envvar))
|
||||
{
|
||||
log_warn("ENV %s is invalid", envkey);
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -68,8 +68,10 @@ bash test/pdns/setup.sh
|
|||
OLDUMASK=$(umask)
|
||||
umask 0022
|
||||
|
||||
# Start FTL
|
||||
# Set exemplary config value by environment variable
|
||||
export FTLCONF_misc_nice="-11"
|
||||
|
||||
# Start FTL
|
||||
if ! su pihole -s /bin/sh -c /home/pihole/pihole-FTL; then
|
||||
echo "pihole-FTL failed to start"
|
||||
exit 1
|
||||
|
|
Loading…
Reference in New Issue