fix #3853: tape cli: add force flag to key change-passphrase
Adds the '--force' flag to the proxmox-tape command allowing users with root privileges to overwrite the passphrase of a given key. Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
parent
77d6d7a22c
commit
41adda1c64
@ -146,11 +146,18 @@ fn show_key(
|
|||||||
hint: {
|
hint: {
|
||||||
schema: PASSWORD_HINT_SCHEMA,
|
schema: PASSWORD_HINT_SCHEMA,
|
||||||
},
|
},
|
||||||
|
force: {
|
||||||
|
optional: true,
|
||||||
|
type: bool,
|
||||||
|
description: "Reset the passphrase for a tape key, without asking for the old one.",
|
||||||
|
default: false,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
)]
|
)]
|
||||||
/// Change the encryption key's password.
|
/// Change the encryption key's password.
|
||||||
fn change_passphrase(
|
fn change_passphrase(
|
||||||
|
force: bool,
|
||||||
mut param: Value,
|
mut param: Value,
|
||||||
rpcenv: &mut dyn RpcEnvironment,
|
rpcenv: &mut dyn RpcEnvironment,
|
||||||
) -> Result<(), Error> {
|
) -> Result<(), Error> {
|
||||||
@ -159,11 +166,15 @@ fn change_passphrase(
|
|||||||
bail!("unable to change passphrase - no tty");
|
bail!("unable to change passphrase - no tty");
|
||||||
}
|
}
|
||||||
|
|
||||||
let password = tty::read_password("Current Tape Encryption Key Password: ")?;
|
if force {
|
||||||
|
param["force"] = serde_json::Value::Bool(true);
|
||||||
|
} else {
|
||||||
|
let password = tty::read_password("Current Tape Encryption Key Password: ")?;
|
||||||
|
param["password"] = String::from_utf8(password)?.into();
|
||||||
|
}
|
||||||
|
|
||||||
let new_password = tty::read_and_verify_password("New Tape Encryption Key Password: ")?;
|
let new_password = tty::read_and_verify_password("New Tape Encryption Key Password: ")?;
|
||||||
|
|
||||||
param["password"] = String::from_utf8(password)?.into();
|
|
||||||
param["new-password"] = String::from_utf8(new_password)?.into();
|
param["new-password"] = String::from_utf8(new_password)?.into();
|
||||||
|
|
||||||
let info = &api2::config::tape_encryption_keys::API_METHOD_CHANGE_PASSPHRASE;
|
let info = &api2::config::tape_encryption_keys::API_METHOD_CHANGE_PASSPHRASE;
|
||||||
|
Loading…
Reference in New Issue
Block a user