diff options
author | Josh Durgin <josh.durgin@dreamhost.com> | 2011-04-13 14:48:45 -0700 |
---|---|---|
committer | Josh Durgin <josh.durgin@dreamhost.com> | 2011-04-22 13:34:12 -0700 |
commit | 4cc88f628cd18dca59a0dd01996bf022a46a0e26 (patch) | |
tree | bbf7929891841999f449afedac0deeb333c10314 /src/mount | |
parent | 36f00685633a6f953b046106f5dd31a9169c82d4 (diff) | |
download | ceph-4cc88f628cd18dca59a0dd01996bf022a46a0e26.tar.gz |
common, mount.ceph: move functions for working with secrets into secret.h
Use sprintf instead of safe_cat, since we're just writing a string once.
Signed-off-by: Josh Durgin <josh.durgin@dreamhost.com>
Diffstat (limited to 'src/mount')
-rwxr-xr-x | src/mount/mount.ceph.c | 64 |
1 files changed, 12 insertions, 52 deletions
diff --git a/src/mount/mount.ceph.c b/src/mount/mount.ceph.c index 97578363135..9f390fa7b64 100755 --- a/src/mount/mount.ceph.c +++ b/src/mount/mount.ceph.c @@ -9,12 +9,15 @@ #include <sys/wait.h> #include "common/armor.h" +#include "common/secret.h" #ifndef MS_RELATIME # define MS_RELATIME (1<<21) #endif #define BUF_SIZE 128 +#define MAX_SECRET_LEN 1000 +#define MAX_SECRET_OPTION_LEN (MAX_SECRET_LEN + 7) int verboseflag = 0; static const char * const EMPTY_STRING = ""; @@ -189,7 +192,7 @@ static char *parse_options(const char *data, int *filesys_flags) int skip; int pos = 0; char *newdata = 0; - char secret[1000]; + char secret[MAX_SECRET_LEN]; char *saw_name = NULL; char *saw_secret = NULL; @@ -253,36 +256,15 @@ static char *parse_options(const char *data, int *filesys_flags) skip = 1; /* ignore */ } else if (strncmp(data, "secretfile", 10) == 0) { - char *fn = value; - char *end = fn; - int fd; - int len; - - if (!fn || !*fn) { + if (!value || !*value) { printf("keyword secretfile found, but no secret file specified\n"); return NULL; } - while (*end) - end++; - fd = open(fn, O_RDONLY); - if (fd < 0) { - perror("unable to read secretfile"); - return NULL; - } - len = read(fd, secret, 1000); - if (len <= 0) { - perror("unable to read secret from secretfile"); + if (read_secret_from_file(value, secret, sizeof(secret)) < 0) { + printf("error reading secret file\n"); return NULL; } - end = secret; - while (end < secret + len && *end && *end != '\n' && *end != '\r') - end++; - *end = '\0'; - close(fd); - - if (verboseflag) - printf("read secret of len %d from %s\n", len, fn); /* see comment for "secret" */ saw_secret = secret; @@ -345,46 +327,24 @@ static char *parse_options(const char *data, int *filesys_flags) } while (data); if (saw_secret) { - /* try to submit key to kernel via the keys api */ - key_serial_t serial; int ret; - int secret_len = strlen(saw_secret); - char payload[((secret_len * 3) / 4) + 4]; + char secret_option[MAX_SECRET_OPTION_LEN]; char *name = NULL; int name_len = 0; int name_pos = 0; - - ret = ceph_unarmor(payload, payload+sizeof(payload), saw_secret, saw_secret+secret_len); - if (ret < 0) { - printf("secret is not valid base64: %s.\n", strerror(-ret)); - return NULL; - } - name_pos = safe_cat(&name, &name_len, name_pos, "client."); if (!saw_name) { name_pos = safe_cat(&name, &name_len, name_pos, CEPH_AUTH_NAME_DEFAULT); } else { name_pos = safe_cat(&name, &name_len, name_pos, saw_name); } - serial = add_key("ceph", name, payload, sizeof(payload), KEY_SPEC_USER_KEYRING); - if (serial < 0) { - if (errno == ENODEV || errno == ENOSYS) { - /* running against older kernel; fall back to secret= in options */ - if (pos) - pos = safe_cat(&out, &out_len, pos, ","); - pos = safe_cat(&out, &out_len, pos, "secret="); - pos = safe_cat(&out, &out_len, pos, saw_secret); - } else { - perror("adding ceph secret key to kernel failed"); - } + ret = get_secret_option(saw_secret, name, secret_option, sizeof(secret_option)); + if (ret < 0) { + return NULL; } else { - if (verboseflag) - printf("added key %s with serial %d\n", name, serial); - /* add key= option to identify key to use */ if (pos) pos = safe_cat(&out, &out_len, pos, ","); - pos = safe_cat(&out, &out_len, pos, "key="); - pos = safe_cat(&out, &out_len, pos, name); + pos = safe_cat(&out, &out_len, pos, secret_option); } } |