From 3b43af89b9c55a9b8247ed62022481390e720ba1 Mon Sep 17 00:00:00 2001 From: Georg Pfuetzenreuter Date: Fri, 21 Feb 2025 11:11:52 +0100 Subject: [PATCH] admin: support password through environment Passing the password through the "--password" command line argument is potentially insecure, as the value would be exposed in a process listing or shell history. Read an environment variable as an alternative. Signed-off-by: Georg Pfuetzenreuter --- AUTHORS | 1 + doc/ADMIN.md | 2 + doc/GETTING_STARTED.md | 6 +- doc/man/pgagroal-admin.1.rst | 8 +++ doc/manual/97-acknowledgement.md | 1 + doc/manual/advanced/03-installation.md | 4 ++ doc/manual/advanced/97-acknowledgement.md | 1 + doc/tutorial/01_install.md | 2 +- doc/tutorial/05_split_security.md | 2 +- doc/tutorial/07_vault.md | 6 +- src/admin.c | 81 +++++++++++++++-------- 11 files changed, 82 insertions(+), 32 deletions(-) diff --git a/AUTHORS b/AUTHORS index 037b861f..b0501962 100644 --- a/AUTHORS +++ b/AUTHORS @@ -15,3 +15,4 @@ Eugenio Gigante Haoran Zhang Mohanad Khaled Christian Englert +Georg Pfuetzenreuter diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 0582736f..e57a03ec 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -32,6 +32,8 @@ Options can be specified either in short or long form, in any position of the co The `-f` option is mandatory for every operation that involves user management. If no user file is specified, `pgagroal-admin` will silently use the default one (`pgagroal_users.conf`). +The password can be passed using the environment variable `PGAGROAL_PASSWORD` instead of `-P`, however the command line argument will have precedence. + ## Commands ### user diff --git a/doc/GETTING_STARTED.md b/doc/GETTING_STARTED.md index f7454425..24be3cc8 100644 --- a/doc/GETTING_STARTED.md +++ b/doc/GETTING_STARTED.md @@ -245,7 +245,9 @@ In order to set the master key for all users you can use pgagroal-admin -g master-key ``` -The master key must be at least 8 characters. +The master key must be at least 8 characters if provided interactively. + +For scripted use, the master key can be provided using the `PGAGROAL_PASSWORD` environment variable. Then use the other commands to add, update, remove or list the current user names, f.ex. @@ -253,6 +255,8 @@ Then use the other commands to add, update, remove or list the current user name pgagroal-admin -f pgagroal_users.conf user add ``` +For scripted use, the user password can be provided using the `PGAGROAL_PASSWORD` environment variable. + ## Next Steps Next steps in improving pgagroal's configuration could be diff --git a/doc/man/pgagroal-admin.1.rst b/doc/man/pgagroal-admin.1.rst index 28968e4a..869e9657 100644 --- a/doc/man/pgagroal-admin.1.rst +++ b/doc/man/pgagroal-admin.1.rst @@ -60,6 +60,14 @@ user del user ls List all users +ENVIRONMENT VARIABLES +===================== + +PGAGROAL_PASSWORD + Provide either a key for use with the `master-key` command, or a user password for use with the `user add` or `user edit` commands. + If provided, `pgagroal-admin` will not ask for the key/password interactively. + Note that a password provided using the `--password` command line argument will have precedence over this variable. + REPORTING BUGS ============== diff --git a/doc/manual/97-acknowledgement.md b/doc/manual/97-acknowledgement.md index 2f744178..cef9be35 100644 --- a/doc/manual/97-acknowledgement.md +++ b/doc/manual/97-acknowledgement.md @@ -22,6 +22,7 @@ Eugenio Gigante Mohanad Khaled Haoran Zhang Christian Englert +Georg Pfuetzenreuter ``` ## Committers diff --git a/doc/manual/advanced/03-installation.md b/doc/manual/advanced/03-installation.md index b32a6c23..c6db8e4c 100644 --- a/doc/manual/advanced/03-installation.md +++ b/doc/manual/advanced/03-installation.md @@ -139,6 +139,10 @@ First, we will need to create a master security key for the [**pgagroal**][pgagr pgagroal-admin -g master-key ``` +By default, this will ask for a key interactively. Alternatively, a key can be provided using either the +`--password` command line argument, or the `PGAGROAL_PASSWORD` environment variable. Note that passing the +key using the command line might not be secure. + Then we will create the configuration for [**pgagroal**][pgagroal], ``` diff --git a/doc/manual/advanced/97-acknowledgement.md b/doc/manual/advanced/97-acknowledgement.md index 2f744178..cef9be35 100644 --- a/doc/manual/advanced/97-acknowledgement.md +++ b/doc/manual/advanced/97-acknowledgement.md @@ -22,6 +22,7 @@ Eugenio Gigante Mohanad Khaled Haoran Zhang Christian Englert +Georg Pfuetzenreuter ``` ## Committers diff --git a/doc/tutorial/01_install.md b/doc/tutorial/01_install.md index 5132cb38..e147fd37 100644 --- a/doc/tutorial/01_install.md +++ b/doc/tutorial/01_install.md @@ -128,7 +128,7 @@ As the [**pgagroal**](https://github.com/agroal/pgagroal) operating system user, ``` pgagroal-admin master-key -pgagroal-admin -f /etc/pgagroal/pgagroal_users.conf -U myuser -P mypassword user add +PGAGROAL_PASSWORD=password pgagroal-admin -f /etc/pgagroal/pgagroal_users.conf -U myuser user add ``` **You have to choose a password for the master key - remember it !** diff --git a/doc/tutorial/05_split_security.md b/doc/tutorial/05_split_security.md index 19083571..add49910 100644 --- a/doc/tutorial/05_split_security.md +++ b/doc/tutorial/05_split_security.md @@ -27,7 +27,7 @@ As an example, consider the user `myuser` created in the [Installing pgagroal tu To achieve this, as [**pgagroal**](https://github.com/agroal/pgagroal) operating system run the following command: ``` -pgagroal-admin -f /etc/pgagroal/pgagroal_frontend_users.conf -U myuser -P application_password user add +PGAGROAL_PASSWORD=application_password pgagroal-admin -f /etc/pgagroal/pgagroal_frontend_users.conf -U myuser user add ``` ([**pgagroal**](https://github.com/agroal/pgagroal) user) diff --git a/doc/tutorial/07_vault.md b/doc/tutorial/07_vault.md index a0f16f3b..18c7b239 100644 --- a/doc/tutorial/07_vault.md +++ b/doc/tutorial/07_vault.md @@ -19,7 +19,7 @@ Assuming that the master key is already generated and an admin is already presen As the [**pgagroal**](https://github.com/agroal/pgagroal) operating system user, add the `myuser` to the pooler: ``` -pgagroal-admin -f /etc/pgagroal/pgagroal_users.conf -U myuser -P mypassword user add +PGAGROAL_PASSWORD=mypassword pgagroal-admin -f /etc/pgagroal/pgagroal_users.conf -U myuser user add ``` The `myuser` and `mypassword` should be the original PostgresSQL's user and its corresponding password. @@ -29,7 +29,7 @@ The `myuser` and `mypassword` should be the original PostgresSQL's user and its As the [**pgagroal**](https://github.com/agroal/pgagroal) operating system user, add the `myuser` to the pooler: ``` -pgagroal-admin -f /etc/pgagroal/pgagroal_frontend_users.conf -U myuser -P password user add +PGAGROAL_PASSWORD=password pgagroal-admin -f /etc/pgagroal/pgagroal_frontend_users.conf -U myuser user add ``` **Remember the frontend password should be between [8-1024] characters long.** @@ -76,7 +76,7 @@ and press `Ctrl-d` (if running `cat`) to save the file. As the [**pgagroal**](https://github.com/agroal/pgagroal) operating system user, run the following command: ``` -pgagroal-admin -f /etc/pgagroal/pgagroal_vault_users.conf -U admin -P admin1234 add-user +PGAGROAL_PASSWORD=admin1234 pgagroal-admin -f /etc/pgagroal/pgagroal_vault_users.conf -U admin user add ``` The above will create the `admin` username with the `admin1234` password.Alternately, `/etc/pgagroal/pgagroal_admins.conf` can be provided for vault users information. diff --git a/src/admin.c b/src/admin.c index 05fc6160..fcf837a7 100644 --- a/src/admin.c +++ b/src/admin.c @@ -387,28 +387,37 @@ master_key(char* password, bool generate_pwd, int pwd_length, int32_t output_for if (password == NULL) { - if (!generate_pwd) + if (generate_pwd) { - while (password == NULL) + if (pgagroal_generate_password(pwd_length, &password)) { - printf("Master key (will not echo): "); - password = pgagroal_get_password(); - printf("\n"); - - if (password != NULL && strlen(password) < MIN_PASSWORD_LENGTH) - { - printf("Invalid key length, must be at least %d chars.\n", MIN_PASSWORD_LENGTH); - free(password); - password = NULL; - } + do_free = false; + goto error; } } else { - if (pgagroal_generate_password(pwd_length, &password)) + password = secure_getenv("PGAGROAL_PASSWORD"); + + if (password == NULL) + { + while (password == NULL) + { + printf("Master key (will not echo): "); + password = pgagroal_get_password(); + printf("\n"); + + if (password != NULL && strlen(password) < MIN_PASSWORD_LENGTH) + { + printf("Invalid key length, must be at least %d chars.\n", MIN_PASSWORD_LENGTH); + free(password); + password = NULL; + } + } + } + else { do_free = false; - goto error; } } } @@ -586,15 +595,25 @@ add_user(char* users_path, char* username, char* password, bool generate_pwd, in } else { - printf("Password : "); + password = secure_getenv("PGAGROAL_PASSWORD"); - if (password != NULL) + if (password == NULL) { - free(password); - password = NULL; - } + printf("Password : "); + + if (password != NULL) + { + free(password); + password = NULL; + } - password = pgagroal_get_password(); + password = pgagroal_get_password(); + } + else + { + do_free = false; + do_verify = false; + } } printf("\n"); } @@ -815,15 +834,25 @@ update_user(char* users_path, char* username, char* password, bool generate_pwd, } else { - printf("Password : "); + password = secure_getenv("PGAGROAL_PASSWORD"); - if (password != NULL) + if (password == NULL) { - free(password); - password = NULL; - } + printf("Password : "); - password = pgagroal_get_password(); + if (password != NULL) + { + free(password); + password = NULL; + } + + password = pgagroal_get_password(); + } + else + { + do_free = false; + do_verify = false; + } } printf("\n"); }