fix #3853: tape cli: add force flag to key change-passphrase

Adds the '--force' flag to the proxmox-tape command allowing users
with root privileges to overwrite the passphrase of a given key.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
Stefan Sterz 2022-02-10 15:23:25 +01:00 committed by Thomas Lamprecht
parent 77d6d7a22c
commit 41adda1c64

View File

@ -146,11 +146,18 @@ fn show_key(
hint: { hint: {
schema: PASSWORD_HINT_SCHEMA, schema: PASSWORD_HINT_SCHEMA,
}, },
force: {
optional: true,
type: bool,
description: "Reset the passphrase for a tape key, without asking for the old one.",
default: false,
},
}, },
}, },
)] )]
/// Change the encryption key's password. /// Change the encryption key's password.
fn change_passphrase( fn change_passphrase(
force: bool,
mut param: Value, mut param: Value,
rpcenv: &mut dyn RpcEnvironment, rpcenv: &mut dyn RpcEnvironment,
) -> Result<(), Error> { ) -> Result<(), Error> {
@ -159,11 +166,15 @@ fn change_passphrase(
bail!("unable to change passphrase - no tty"); bail!("unable to change passphrase - no tty");
} }
let password = tty::read_password("Current Tape Encryption Key Password: ")?; if force {
param["force"] = serde_json::Value::Bool(true);
} else {
let password = tty::read_password("Current Tape Encryption Key Password: ")?;
param["password"] = String::from_utf8(password)?.into();
}
let new_password = tty::read_and_verify_password("New Tape Encryption Key Password: ")?; let new_password = tty::read_and_verify_password("New Tape Encryption Key Password: ")?;
param["password"] = String::from_utf8(password)?.into();
param["new-password"] = String::from_utf8(new_password)?.into(); param["new-password"] = String::from_utf8(new_password)?.into();
let info = &api2::config::tape_encryption_keys::API_METHOD_CHANGE_PASSPHRASE; let info = &api2::config::tape_encryption_keys::API_METHOD_CHANGE_PASSPHRASE;