From dfe15ad95dcd6bd8253ca02cc2dd5ab6a3f1e066 Mon Sep 17 00:00:00 2001 From: Logan oos Even <46396513+Logan007@users.noreply.github.com> Date: Sat, 25 Sep 2021 16:01:11 +0545 Subject: [PATCH] added support for N2N_PASSWORD environment variable (#818) --- doc/Authentication.md | 2 +- edge.8 | 9 ++++++--- src/edge.c | 8 +++++++- src/edge_utils.c | 5 +++++ 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/doc/Authentication.md b/doc/Authentication.md index 387e947..43cdc66 100644 --- a/doc/Authentication.md +++ b/doc/Authentication.md @@ -87,7 +87,7 @@ Considering all this, our example expands to [user@host n2n]$ sudo ./edge -l -c netleo -I logan -J 007 -A5 -k mySecretKey -P opIyaWhWjKLJSNOHNpKnGmelhHWRqkmY5pAx7lbDHp4 ``` -You might want to consider the use of [`.conf` files](https://github.com/ntop/n2n/blob/dev/doc/ConfigurationFiles.md) to accomodate all the command line parameters more easily. +You might want to consider the use of [`.conf` files](https://github.com/ntop/n2n/blob/dev/doc/ConfigurationFiles.md) to accomodate all the command line parameters more easily. Alternatively, the `N2N_PASSWORD` environment variable can be used to set the password without having it show up as part of the command line. #### How Does It Work? diff --git a/edge.8 b/edge.8 index c9cd904..764c0b5 100644 --- a/edge.8 +++ b/edge.8 @@ -137,7 +137,7 @@ annotate the edge's description used for easier identification in management port output or username .TP \fB\-J \fR<\fIpassword\fR> -password for user-password edge authentication +password for user-password edge authentication (see also N2N_PASSWORD in ENVIRONMENT) .TP \fB\-P \fR<\fIpublic key\fR> federation public key for user-password authentication @@ -203,10 +203,13 @@ shows detailed parameter description .SH ENVIRONMENT .TP .B N2N_KEY -set the encryption key so it is not visible on the command line +set the encryption key so it is not visible at the command line .TP .B N2N_COMMUNITY -set the community name so it is not visible on the command line +set the community name so it is not visible at the command line +.TP +.B N2N_PASSWORD +set the password for user-password authentication so it is not visible at the command line .SH EXAMPLES .TP .B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:23 \-a 192.168.254.7 \-p 50001 \-l 123.121.120.119:7654 diff --git a/src/edge.c b/src/edge.c index f13fcc5..8c3639f 100644 --- a/src/edge.c +++ b/src/edge.c @@ -215,6 +215,9 @@ static void help (int level) { "N2N_KEY instead of [-k ]" "\n variables " "N2N_COMMUNITY instead of -c " + "\n " + "N2N_PASSWORD instead of [-J ]" + "\n " "\n meaning of the " @@ -328,6 +331,8 @@ static void help (int level) { printf (" ---------------------\n\n"); printf(" N2N_KEY | encryption key (ASCII), not with '-k ...'\n"); printf(" N2N_COMMUNITY | community name (ASCII), overwritten by '-c ...'\n"); + printf(" N2N_PASSWORD | password (ASCII) for user-password authentication,\n" + " | overwritten by '-J ...'\n"); #ifdef WIN32 printf ("\n"); printf (" AVAILABLE TAP ADAPTERS\n"); @@ -561,7 +566,8 @@ static int setOption (int optkey, char *optargument, n2n_tuntap_priv_config_t *e } case 'J': /* password for user-password authentication */ { - conf->shared_secret = calloc(1, sizeof(n2n_private_public_key_t)); + if(!conf->shared_secret) /* we could already have it from environment variable, see edge_init_conf_defaults() */ + conf->shared_secret = calloc(1, sizeof(n2n_private_public_key_t)); if(conf->shared_secret) generate_private_key(*(conf->shared_secret), optargument); diff --git a/src/edge_utils.c b/src/edge_utils.c index 7db9c37..fca51e8 100644 --- a/src/edge_utils.c +++ b/src/edge_utils.c @@ -3684,6 +3684,11 @@ void edge_init_conf_defaults (n2n_edge_conf_t *conf) { strncpy((char*)conf->community_name, getenv("N2N_COMMUNITY"), N2N_COMMUNITY_SIZE); conf->community_name[N2N_COMMUNITY_SIZE - 1] = '\0'; } + if(getenv("N2N_PASSWORD")) { + conf->shared_secret = calloc(1, sizeof(n2n_private_public_key_t)); + if(conf->shared_secret) + generate_private_key(*(conf->shared_secret), getenv("N2N_PASSWORD")); + } conf->metric = 0; }