[ceph.git] / ceph / src / rgw / services / svc_config_key_rados.cc


#include "svc_rados.h"
#include "svc_config_key_rados.h"

using namespace std;

RGWSI_ConfigKey_RADOS::~RGWSI_ConfigKey_RADOS(){}

int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp)
{
  maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(dpp);

  return 0;
}

void RGWSI_ConfigKey_RADOS::warn_if_insecure()
{
  if (!maybe_insecure_mon_conn ||
      warned_insecure.test_and_set()) {
    return;
  }

  string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak";

  svc.rados->clog_warn(s);

  lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl;
}

int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result)
{
  string cmd =
    "{"
      "\"prefix\": \"config-key get\", "
      "\"key\": \"" + key + "\""
    "}";

  bufferlist inbl;
  auto handle = svc.rados->handle();
  int ret = handle.mon_command(cmd, inbl, result, nullptr);
  if (ret < 0) {
    return ret;
  }

  if (secure) {
    warn_if_insecure();
  }

  return 0;
}
Commit	Line	Data
9f95a23c TL	1
	2	#include "svc_rados.h"
	3	#include "svc_config_key_rados.h"
	4
20effc67 TL	5	using namespace std;
	6
	7	RGWSI_ConfigKey_RADOS::~RGWSI_ConfigKey_RADOS(){}
	8
b3b6e05e	9	int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp)
9f95a23c	10	{
20effc67	11	maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(dpp);
9f95a23c TL	12
	13	return 0;
	14	}
	15
	16	void RGWSI_ConfigKey_RADOS::warn_if_insecure()
	17	{
	18	if (!maybe_insecure_mon_conn \|\|
	19	warned_insecure.test_and_set()) {
	20	return;
	21	}
	22
	23	string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak";
	24
	25	svc.rados->clog_warn(s);
	26
	27	lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl;
	28	}
	29
	30	int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result)
	31	{
	32	string cmd =
	33	"{"
	34	"\"prefix\": \"config-key get\", "
	35	"\"key\": \"" + key + "\""
	36	"}";
	37
	38	bufferlist inbl;
	39	auto handle = svc.rados->handle();
	40	int ret = handle.mon_command(cmd, inbl, result, nullptr);
	41	if (ret < 0) {
	42	return ret;
	43	}
	44
	45	if (secure) {
	46	warn_if_insecure();
	47	}
	48
	49	return 0;
	50	}