]> git.ipfire.org Git - thirdparty/rspamd.git/commitdiff
[Feature]: src/rspamadm: allow reading password from env (#6114)
authorStefan Benten <mail@stefan-benten.de>
Tue, 30 Jun 2026 20:02:26 +0000 (22:02 +0200)
committerGitHub <noreply@github.com>
Tue, 30 Jun 2026 20:02:26 +0000 (21:02 +0100)
* src/rspamadm: allow reading password from stdin

Currently the cli only allows reading the password from tty.
This makes it challenging to check the password via automation,
ie. used by continous deployment to ensure a clean state.

This change adds the functionality to read from stdin, so that
passwords can be piped in.

* test/functional/cases: test for stdin password checks

* src/rspamadm/: switch to ENV instead of stdin

src/rspamadm/pw.c
test/functional/cases/150_rspamadm.robot

index 717b1b43019cb33ae09ea5bdd6c82275172fd8f1..69f734b467eb167c298d588e20cf610c41f227d3 100644 (file)
@@ -269,8 +269,14 @@ rspamadm_pw_check(void)
                        exit(EXIT_FAILURE);
                }
 
-               plen = rspamd_read_passphrase(test_password, sizeof(test_password),
-                                                                         0, NULL);
+               const char *env_password = getenv("RSPAMADM_PASSWORD");
+               if (env_password != NULL && env_password[0] != '\0') {
+                       plen = rspamd_strlcpy(test_password, env_password, sizeof(test_password));
+               }
+               else {
+                       plen = rspamd_read_passphrase(test_password, sizeof(test_password),
+                                                                                 0, NULL);
+               }
                if (plen == 0) {
                        rspamd_explicit_memzero(encrypted_password, sizeof(encrypted_password));
                        fprintf(stderr, "Invalid password\n");
index d4ce5f00fde83600b7d5decf9fff6e36989b2a5b..67c880617e2913f2e13d7f0f5dd27dddce187cd6 100644 (file)
@@ -55,6 +55,18 @@ Verbose mode
   Should Match Regexp  ${result.stdout}  hello world\n
   Should Be Equal As Integers  ${result.rc}  0
   
+Password Check Via Env Correct
+  ${enc} =  Rspamadm  pw  -p  nq1
+  ${result} =  Run Process  ${RSPAMADM}  pw  -c  -p  ${enc.stdout}  env:RSPAMADM_PASSWORD=nq1
+  Should Contain  ${result.stdout}  password correct
+  Should Be Equal As Integers  ${result.rc}  0
+
+Password Check Via Env Wrong
+  ${enc} =  Rspamadm  pw  -p  nq1
+  ${result} =  Run Process  ${RSPAMADM}  pw  -c  -p  ${enc.stdout}  env:RSPAMADM_PASSWORD=wrongpassword
+  Should Contain  ${result.stdout}  password incorrect
+  Should Be Equal As Integers  ${result.rc}  1
+
 SecretBox rspamadm encrypt/decrypt
   ${result} =  Rspamadm  secret_box  -B  encrypt  -t  ${TEXT}  -k  ${KEY}  -n  ${NONCE}
   Should Match Regexp  ${result.stderr}  ^$