From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Tue, 30 Mar 2021 15:57:33 +0000 (+0200)
Subject: rec: Implement rec_control hash-password
X-Git-Tag: dnsdist-1.7.0-alpha1~12^2~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b6b0dae13aac7f5eee85259d0a59430f5da323d;p=thirdparty%2Fpdns.git

rec: Implement rec_control hash-password
---

diff --git a/pdns/rec_control.cc b/pdns/rec_control.cc
index 9d705b8580..77bdfe789c 100644
--- a/pdns/rec_control.cc
+++ b/pdns/rec_control.cc
@@ -22,13 +22,15 @@
 #ifdef HAVE_CONFIG_H
 #include "config.h"
 #endif
-#include "rec_channel.hh"
+
 #include <iostream>
 #include <fcntl.h>
+
 #include "pdnsexception.hh"
 #include "arguments.hh"
-
+#include "credentials.hh"
 #include "namespaces.hh"
+#include "rec_channel.hh"
 
 ArgvMap &arg()
 {
@@ -95,7 +97,6 @@ int main(int argc, char** argv)
   };
   try {
     initArguments(argc, argv);
-    RecursorControlChannel rccS;
     string sockname="pdns_recursor";
 
     if (arg()["config-name"] != "")
@@ -106,10 +107,9 @@ int main(int argc, char** argv)
 
     sockname.append(".controlsocket");
 
-    rccS.connect(arg()["socket-dir"], sockname);
-
     const vector<string>&commands=arg().getCommands();
     string command;
+    string password;
     int fd = -1;
     unsigned int i = 0;
     while (i < commands.size()) {
@@ -142,10 +142,26 @@ int main(int argc, char** argv)
           throw PDNSException("Command needs a file argument");
         }
       }
+      else if (commands.at(i) == "hash-password") {
+        if (commands.size() > (i + 1)) {
+          ++i;
+          password = commands.at(i);
+        }
+        else {
+          throw PDNSException("Command needs a password argument");
+        }
+      }
       ++i;
     }
 
+    if (!password.empty()) {
+      cout << hashPassword(password) << endl;
+      return 0;
+    }
+
     auto timeout = arg().asNum("timeout");
+    RecursorControlChannel rccS;
+    rccS.connect(arg()["socket-dir"], sockname);
     rccS.send({0, command}, nullptr, timeout, fd);
 
     auto receive = rccS.recv(0, timeout);
diff --git a/pdns/recursordist/docs/manpages/rec_control.1.rst b/pdns/recursordist/docs/manpages/rec_control.1.rst
index 42c1607498..f690b6650c 100644
--- a/pdns/recursordist/docs/manpages/rec_control.1.rst
+++ b/pdns/recursordist/docs/manpages/rec_control.1.rst
@@ -152,6 +152,11 @@ get-parameter *KEY* [*KEY*]...
 get-qtypelist
     Retrieves QType statistics. Queries from cache aren't being counted yet.
 
+hash-password
+    Hash and salt the given password, to use as a webserver password or
+    API key. This command does not contact the recursor but does the
+    hashing inside rec_control.
+
 help
     Shows a list of supported commands understood by the running
     :program:`pdns_recursor`