Password rotation functionality without '-F'

ashu3103 · May 25, 2024 · 9c38420 · 9c38420
1 parent 5f4cfc4
commit 9c38420
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 1 deletion.
diff --git a/src/main.c b/src/main.c
@@ -82,6 +82,7 @@ static void max_connection_age_cb(struct ev_loop* loop, ev_periodic* w, int reve
 static void rotate_frontend_password_cb(struct ev_loop* loop, ev_periodic* w, int revents);
 static void validation_cb(struct ev_loop* loop, ev_periodic* w, int revents);
 static void disconnect_client_cb(struct ev_loop* loop, ev_periodic* w, int revents);
+static void pgagroal_frontend_user_password_statrup(struct main_configuration* config);
 static bool accept_fatal(int error);
 static void add_client(pid_t pid);
 static void remove_client(pid_t pid);
@@ -733,6 +734,8 @@ main(int argc, char** argv)
       exit(1);
    }
 
+   pgagroal_frontend_user_password_statrup(config);
+
    if (pgagroal_start_logging())
    {
 #ifdef HAVE_LINUX
@@ -1916,6 +1919,36 @@ accept_fatal(int error)
    return true;
 }
 
+static void
+pgagroal_frontend_user_password_statrup(struct main_configuration* config)
+{
+   char* pwd = NULL;
+
+   if (config->number_of_frontend_users == 0 && config->number_of_users == 0 && config->rotate_frontend_password_timeout > 0)
+   {
+      pgagroal_log_fatal("pgagroal_frontend_user_password_statrup: users must be defined for rotation frontend password to be enabled");
+      return;
+   }
+
+   if (config->number_of_frontend_users == 0 && config->rotate_frontend_password_timeout > 0)
+   {
+      for (int i = 0; i < config->number_of_users; i++)
+      {
+         memcpy(&config->frontend_users[i].username, config->users[i].username, strlen(config->users[i].username));
+         if (pgagroal_generate_password(config->rotate_frontend_password_length, &pwd))
+         {
+            pgagroal_log_debug("pgagroal_frontend_user_password_statrup: unable to generate random password at startup");
+            return;
+         }
+         memcpy(&config->frontend_users[i].password, pwd, strlen(pwd) + 1);
+         pgagroal_log_trace("pgagroal_frontend_user_password_statrup: current password for username=%s:%s", config->frontend_users[i].username, config->frontend_users[i].password);
+         free(pwd);
+      }
+      config->number_of_frontend_users = config->number_of_users;
+   }
+
+}
+
 static void
 add_client(pid_t pid)
 {

diff --git a/src/vault.c b/src/vault.c
@@ -204,7 +204,7 @@ static int
 connect_pgagroal(struct vault_configuration* config, char* username, char* password, SSL** s_ssl, int* client_socket)
 {
    SSL* s = NULL;
-   
+
    if (pgagroal_connect(config->vault_server.server.host, config->vault_server.server.port, client_socket, false, false, &default_buffer_size, false))
    {
       pgagroal_disconnect(*client_socket);