From: Stefan Benten Date: Tue, 30 Jun 2026 20:02:26 +0000 (+0200) Subject: [Feature]: src/rspamadm: allow reading password from env (#6114) X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=41771e33fe807b509514dffa9dc9d9f9ca3489bf;p=thirdparty%2Frspamd.git [Feature]: src/rspamadm: allow reading password from env (#6114) * src/rspamadm: allow reading password from stdin Currently the cli only allows reading the password from tty. This makes it challenging to check the password via automation, ie. used by continous deployment to ensure a clean state. This change adds the functionality to read from stdin, so that passwords can be piped in. * test/functional/cases: test for stdin password checks * src/rspamadm/: switch to ENV instead of stdin --- diff --git a/src/rspamadm/pw.c b/src/rspamadm/pw.c index 717b1b4301..69f734b467 100644 --- a/src/rspamadm/pw.c +++ b/src/rspamadm/pw.c @@ -269,8 +269,14 @@ rspamadm_pw_check(void) exit(EXIT_FAILURE); } - plen = rspamd_read_passphrase(test_password, sizeof(test_password), - 0, NULL); + const char *env_password = getenv("RSPAMADM_PASSWORD"); + if (env_password != NULL && env_password[0] != '\0') { + plen = rspamd_strlcpy(test_password, env_password, sizeof(test_password)); + } + else { + plen = rspamd_read_passphrase(test_password, sizeof(test_password), + 0, NULL); + } if (plen == 0) { rspamd_explicit_memzero(encrypted_password, sizeof(encrypted_password)); fprintf(stderr, "Invalid password\n"); diff --git a/test/functional/cases/150_rspamadm.robot b/test/functional/cases/150_rspamadm.robot index d4ce5f00fd..67c880617e 100644 --- a/test/functional/cases/150_rspamadm.robot +++ b/test/functional/cases/150_rspamadm.robot @@ -55,6 +55,18 @@ Verbose mode Should Match Regexp ${result.stdout} hello world\n Should Be Equal As Integers ${result.rc} 0 +Password Check Via Env Correct + ${enc} = Rspamadm pw -p nq1 + ${result} = Run Process ${RSPAMADM} pw -c -p ${enc.stdout} env:RSPAMADM_PASSWORD=nq1 + Should Contain ${result.stdout} password correct + Should Be Equal As Integers ${result.rc} 0 + +Password Check Via Env Wrong + ${enc} = Rspamadm pw -p nq1 + ${result} = Run Process ${RSPAMADM} pw -c -p ${enc.stdout} env:RSPAMADM_PASSWORD=wrongpassword + Should Contain ${result.stdout} password incorrect + Should Be Equal As Integers ${result.rc} 1 + SecretBox rspamadm encrypt/decrypt ${result} = Rspamadm secret_box -B encrypt -t ${TEXT} -k ${KEY} -n ${NONCE} Should Match Regexp ${result.stderr} ^$