added support for N2N_PASSWORD environment variable (#818)

doc/Authentication.md

@@ -87,7 +87,7 @@ Considering all this, our example expands to
 [user@host n2n]$ sudo ./edge -l <supernode:port> -c netleo -I logan -J 007 -A5 -k mySecretKey -P opIyaWhWjKLJSNOHNpKnGmelhHWRqkmY5pAx7lbDHp4
 ```
 
-You might want to consider the use of [`.conf` files](https://github.com/ntop/n2n/blob/dev/doc/ConfigurationFiles.md) to accomodate all the command line parameters more easily.
+You might want to consider the use of [`.conf` files](https://github.com/ntop/n2n/blob/dev/doc/ConfigurationFiles.md) to accomodate all the command line parameters more easily. Alternatively, the `N2N_PASSWORD` environment variable can be used to set the password without having it show up as part of the command line.
 
 
 #### How Does It Work?

edge.8

@@ -137,7 +137,7 @@ annotate the edge's description used for easier
 identification in management port output or username
 .TP
 \fB\-J \fR<\fIpassword\fR>
-password for user-password edge authentication
+password for user-password edge authentication (see also N2N_PASSWORD in ENVIRONMENT)
 .TP
 \fB\-P \fR<\fIpublic key\fR>
 federation public key for user-password authentication
@@ -203,10 +203,13 @@ shows detailed parameter description
 .SH ENVIRONMENT
 .TP
 .B N2N_KEY
-set the encryption key so it is not visible on the command line
+set the encryption key so it is not visible at the command line
 .TP
 .B N2N_COMMUNITY
-set the community name so it is not visible on the command line
+set the community name so it is not visible at the command line
+.TP
+.B N2N_PASSWORD
+set the password for user-password authentication so it is not visible at the command line
 .SH EXAMPLES
 .TP
 .B edge \-d n2n0 \-c mynetwork \-k encryptme \-u 99 \-g 99 \-m DE:AD:BE:EF:01:23 \-a 192.168.254.7 \-p 50001 \-l 123.121.120.119:7654

src/edge.c

@@ -215,6 +215,9 @@ static void help (int level) {
                "N2N_KEY         instead of [-k <key>]"
           "\n variables            "
                "N2N_COMMUNITY   instead of -c <community>"
+          "\n                      "
+               "N2N_PASSWORD    instead of [-J <password>]"
+
           "\n                      "
 
           "\n meaning of the       "
@@ -328,6 +331,8 @@ static void help (int level) {
         printf (" ---------------------\n\n");
         printf(" N2N_KEY           | encryption key (ASCII), not with '-k ...'\n");
         printf(" N2N_COMMUNITY     | community name (ASCII), overwritten by '-c ...'\n");
+        printf(" N2N_PASSWORD      | password (ASCII) for user-password authentication,\n"
+               "                   | overwritten by '-J ...'\n");
 #ifdef WIN32
         printf ("\n");
         printf (" AVAILABLE TAP ADAPTERS\n");
@@ -561,6 +566,7 @@ static int setOption (int optkey, char *optargument, n2n_tuntap_priv_config_t *e
         }
 
         case 'J': /* password for user-password authentication */ {
+            if(!conf->shared_secret) /* we could already have it from environment variable, see edge_init_conf_defaults() */
                 conf->shared_secret = calloc(1, sizeof(n2n_private_public_key_t));
             if(conf->shared_secret)
                 generate_private_key(*(conf->shared_secret), optargument);

src/edge_utils.c

@@ -3684,6 +3684,11 @@ void edge_init_conf_defaults (n2n_edge_conf_t *conf) {
         strncpy((char*)conf->community_name, getenv("N2N_COMMUNITY"), N2N_COMMUNITY_SIZE);
         conf->community_name[N2N_COMMUNITY_SIZE - 1] = '\0';
     }
+    if(getenv("N2N_PASSWORD")) {
+        conf->shared_secret = calloc(1, sizeof(n2n_private_public_key_t));
+        if(conf->shared_secret)
+            generate_private_key(*(conf->shared_secret), getenv("N2N_PASSWORD"));
+    }
 
     conf->metric = 0;
 }