]>
git.proxmox.com Git - ceph.git/blob - ceph/src/common/secret.c
82150930eabe832c85136d4d66cb262d02660f37
1 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 * Ceph - scalable distributed file system
6 * Copyright (C) 2011 New Dream Network
8 * This is free software; you can redistribute it and/or
9 * modify it under the terms of the GNU Lesser General Public
10 * License version 2.1, as published by the Free Software
11 * Foundation. See file COPYING.
22 #include <sys/types.h>
24 #include "common/armor.h"
25 #include "common/safe_io.h"
27 int read_secret_from_file(const char *filename
, char *secret
, size_t max_len
)
33 fd
= open(filename
, O_RDONLY
);
35 perror("unable to read secretfile");
38 len
= safe_read(fd
, secret
, max_len
);
40 perror("unable to read secret from file");
45 while (end
< secret
+ len
&& *end
&& *end
!= '\n' && *end
!= '\r')
53 int set_kernel_secret(const char *secret
, const char *key_name
)
55 /* try to submit key to kernel via the keys api */
58 int secret_len
= strlen(secret
);
59 char payload
[((secret_len
* 3) / 4) + 4];
62 fprintf(stderr
, "secret is empty.\n");
66 ret
= ceph_unarmor(payload
, payload
+sizeof(payload
), secret
, secret
+secret_len
);
69 fprintf(stderr
, "secret is not valid base64: %s.\n",
70 strerror_r(-ret
, error_buf
, sizeof(error_buf
)));
74 serial
= add_key("ceph", key_name
, payload
, sizeof(payload
), KEY_SPEC_PROCESS_KEYRING
);
82 int is_kernel_secret(const char *key_name
)
85 serial
= request_key("ceph", key_name
, NULL
, KEY_SPEC_USER_KEYRING
);
89 int get_secret_option(const char *secret
, const char *key_name
,
90 char *secret_option
, size_t max_len
)
97 int olen
= strlen(key_name
) + 7;
99 olen
+= strlen(secret
);
108 ret
= set_kernel_secret(secret
, key_name
);
110 if (ret
== -ENODEV
|| ret
== -ENOSYS
) {
111 /* running against older kernel; fall back to secret= in options */
112 snprintf(option
, olen
, "secret=%s", secret
);
117 fprintf(stderr
, "adding ceph secret key to kernel failed: %s.\n",
118 strerror_r(-ret
, error_buf
, sizeof(error_buf
)));
125 /* add key= option to identify key to use */
126 snprintf(option
, olen
, "key=%s", key_name
);
129 if (strlen(option
) + 1 > max_len
) {
132 secret_option
[max_len
-1] = '\0';
133 strncpy(secret_option
, option
, max_len
-1);