diff options
| author | Amalia Hawkins <amalia.hawkins@10gen.com> | 2015-07-09 16:07:16 -0400 |
|---|---|---|
| committer | Amalia Hawkins <amalia.hawkins@10gen.com> | 2015-07-09 16:07:23 -0400 |
| commit | 9c97272957073d9643d7ce0eb02222e4c6884dd0 (patch) | |
| tree | 1cc468ad25255499bb9ad5e48afc507bb038ce3a /src/mongo/db/auth/security_key.cpp | |
| parent | 06402d2f9a0c8d5a7bf2a2e256a0f3742c1d3fb5 (diff) | |
| download | mongo-9c97272957073d9643d7ce0eb02222e4c6884dd0.tar.gz | |
SERVER-19345: refactor security key reading into two parts
Diffstat (limited to 'src/mongo/db/auth/security_key.cpp')
| -rw-r--r-- | src/mongo/db/auth/security_key.cpp | 65 |
1 files changed, 2 insertions, 63 deletions
diff --git a/src/mongo/db/auth/security_key.cpp b/src/mongo/db/auth/security_key.cpp index e5a6b24a7ae..a8e5611e1c0 100644 --- a/src/mongo/db/auth/security_key.cpp +++ b/src/mongo/db/auth/security_key.cpp @@ -45,6 +45,7 @@ #include "mongo/db/auth/internal_user_auth.h" #include "mongo/db/auth/privilege.h" #include "mongo/db/auth/sasl_options.h" +#include "mongo/db/auth/security_file.h" #include "mongo/db/auth/user.h" #include "mongo/db/server_options.h" #include "mongo/util/log.h" @@ -55,7 +56,7 @@ namespace mongo { using std::string; bool setUpSecurityKey(const string& filename) { - StatusWith<std::string> keyString = readSecurityFile(filename); + StatusWith<std::string> keyString = mongo::readSecurityFile(filename); if (!keyString.isOK()) { log() << keyString.getStatus().reason(); return false; @@ -98,66 +99,4 @@ bool setUpSecurityKey(const string& filename) { return true; } -StatusWith<std::string> readSecurityFile(const std::string& filename) { - struct stat stats; - - // check obvious file errors - if (stat(filename.c_str(), &stats) == -1) { - return StatusWith<std::string>(ErrorCodes::InvalidPath, - str::stream() << "error getting file " << filename << ": " - << strerror(errno)); - } - -#if !defined(_WIN32) - // check permissions: must be X00, where X is >= 4 - if ((stats.st_mode & (S_IRWXG | S_IRWXO)) != 0) { - return StatusWith<std::string>(ErrorCodes::InvalidPath, - str::stream() << "permissions on " << filename - << " are too open"); - } -#endif - - FILE* file = fopen(filename.c_str(), "rb"); - if (!file) { - return StatusWith<std::string>(ErrorCodes::InvalidPath, - str::stream() << "error opening file: " << filename << ": " - << strerror(errno)); - } - - string str = ""; - - // strip key file - const unsigned long long fileLength = stats.st_size; - unsigned long long read = 0; - while (read < fileLength) { - char buf; - int readLength = fread(&buf, 1, 1, file); - if (readLength < 1) { - fclose(file); - return StatusWith<std::string>(ErrorCodes::UnsupportedFormat, - str::stream() << "error reading file: " << filename); - } - read++; - - // check for whitespace - if ((buf >= '\x09' && buf <= '\x0D') || buf == ' ') { - continue; - } - - // check valid base64 - if ((buf < 'A' || buf > 'Z') && (buf < 'a' || buf > 'z') && (buf < '0' || buf > '9') && - buf != '+' && buf != '/' && buf != '=') { - fclose(file); - return StatusWith<std::string>(ErrorCodes::UnsupportedFormat, - str::stream() << "invalid char in key file " << filename - << ": " << buf); - } - - str += buf; - } - - fclose(file); - return StatusWith<std::string>(str); -} - } // namespace mongo |