From 41adda1c64067957bff8fc4775302171450e6470 Mon Sep 17 00:00:00 2001 From: Stefan Sterz Date: Thu, 10 Feb 2022 15:23:25 +0100 Subject: [PATCH] fix #3853: tape cli: add force flag to key change-passphrase Adds the '--force' flag to the proxmox-tape command allowing users with root privileges to overwrite the passphrase of a given key. Signed-off-by: Stefan Sterz --- src/bin/proxmox_tape/encryption_key.rs | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) diff --git a/src/bin/proxmox_tape/encryption_key.rs b/src/bin/proxmox_tape/encryption_key.rs index 156295fd..71df9ffa 100644 --- a/src/bin/proxmox_tape/encryption_key.rs +++ b/src/bin/proxmox_tape/encryption_key.rs @@ -146,11 +146,18 @@ fn show_key( hint: { schema: PASSWORD_HINT_SCHEMA, }, + force: { + optional: true, + type: bool, + description: "Reset the passphrase for a tape key, without asking for the old one.", + default: false, + }, }, }, )] /// Change the encryption key's password. fn change_passphrase( + force: bool, mut param: Value, rpcenv: &mut dyn RpcEnvironment, ) -> Result<(), Error> { @@ -159,11 +166,15 @@ fn change_passphrase( bail!("unable to change passphrase - no tty"); } - let password = tty::read_password("Current Tape Encryption Key Password: ")?; + if force { + param["force"] = serde_json::Value::Bool(true); + } else { + let password = tty::read_password("Current Tape Encryption Key Password: ")?; + param["password"] = String::from_utf8(password)?.into(); + } let new_password = tty::read_and_verify_password("New Tape Encryption Key Password: ")?; - param["password"] = String::from_utf8(password)?.into(); param["new-password"] = String::from_utf8(new_password)?.into(); let info = &api2::config::tape_encryption_keys::API_METHOD_CHANGE_PASSPHRASE;