|
|
|
@@ -84,6 +84,7 @@ static gboolean dump_cache = FALSE; |
|
|
|
static gboolean is_debug = FALSE; |
|
|
|
static gboolean is_insecure = FALSE; |
|
|
|
static gboolean gen_keypair = FALSE; |
|
|
|
static gboolean encrypt_password = FALSE; |
|
|
|
/* List of workers that are pending to start */ |
|
|
|
static GList *workers_pending = NULL; |
|
|
|
|
|
|
|
@@ -129,9 +130,12 @@ static GOptionEntry entries[] = |
|
|
|
"Specify private key to sign", NULL }, |
|
|
|
{ "gen-keypair", 0, 0, G_OPTION_ARG_NONE, &gen_keypair, "Generate new encryption " |
|
|
|
"keypair", NULL}, |
|
|
|
{ "encrypt-password", 0, 0, G_OPTION_ARG_NONE, &encrypt_password, "Encrypt " |
|
|
|
"controller password to store in the configuration file", NULL }, |
|
|
|
{ NULL, 0, 0, G_OPTION_ARG_NONE, NULL, NULL, NULL } |
|
|
|
}; |
|
|
|
|
|
|
|
extern const struct rspamd_controller_pbkdf pbkdf_list[]; |
|
|
|
|
|
|
|
#ifndef HAVE_SA_SIGINFO |
|
|
|
static void |
|
|
|
@@ -1037,6 +1041,43 @@ perform_configs_sign (void) |
|
|
|
#endif |
|
|
|
} |
|
|
|
|
|
|
|
static void |
|
|
|
do_encrypt_password (void) |
|
|
|
{ |
|
|
|
const struct rspamd_controller_pbkdf *pbkdf; |
|
|
|
guchar *salt, *key; |
|
|
|
gchar *encoded_salt, *encoded_key; |
|
|
|
gchar password[BUFSIZ]; |
|
|
|
gsize plen; |
|
|
|
|
|
|
|
pbkdf = &pbkdf_list[0]; |
|
|
|
g_assert (pbkdf != NULL); |
|
|
|
|
|
|
|
plen = rspamd_read_passphrase (password, sizeof (password), 0, NULL); |
|
|
|
|
|
|
|
if (plen == 0) { |
|
|
|
fprintf (stderr, "Invalid password\n"); |
|
|
|
exit (EXIT_FAILURE); |
|
|
|
} |
|
|
|
|
|
|
|
salt = g_alloca (pbkdf->salt_len); |
|
|
|
key = g_alloca (pbkdf->key_len); |
|
|
|
ottery_rand_bytes (salt, pbkdf->salt_len); |
|
|
|
/* Derive key */ |
|
|
|
rspamd_cryptobox_pbkdf (password, strlen (password), |
|
|
|
salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->rounds); |
|
|
|
|
|
|
|
encoded_salt = rspamd_encode_base32 (salt, pbkdf->salt_len); |
|
|
|
encoded_key = rspamd_encode_base32 (key, pbkdf->key_len); |
|
|
|
|
|
|
|
rspamd_printf ("$%d$%s$%s\n", pbkdf->id, encoded_salt, |
|
|
|
encoded_key); |
|
|
|
|
|
|
|
g_free (encoded_salt); |
|
|
|
g_free (encoded_key); |
|
|
|
rspamd_explicit_memzero (password, sizeof (password)); |
|
|
|
} |
|
|
|
|
|
|
|
static void |
|
|
|
rspamd_init_main (struct rspamd_main *rspamd) |
|
|
|
{ |
|
|
|
@@ -1140,6 +1181,11 @@ main (gint argc, gchar **argv, gchar **env) |
|
|
|
exit (EXIT_SUCCESS); |
|
|
|
} |
|
|
|
|
|
|
|
if (encrypt_password) { |
|
|
|
do_encrypt_password (); |
|
|
|
exit (EXIT_SUCCESS); |
|
|
|
} |
|
|
|
|
|
|
|
if (rspamd_main->cfg->config_test || dump_cache) { |
|
|
|
if (!load_rspamd_config (rspamd_main->cfg, FALSE)) { |
|
|
|
exit (EXIT_FAILURE); |
Vsevolod Stakhov
9 years ago