X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Ftools%2Fceph_authtool.cc;fp=src%2Fceph%2Fsrc%2Ftools%2Fceph_authtool.cc;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=5172391832e58ea733dd41acc71ccc836e0fd73b;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/src/tools/ceph_authtool.cc b/src/ceph/src/tools/ceph_authtool.cc deleted file mode 100644 index 5172391..0000000 --- a/src/ceph/src/tools/ceph_authtool.cc +++ /dev/null @@ -1,310 +0,0 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab -/* - * Ceph - scalable distributed file system - * - * Copyright (C) 2004-2009 Sage Weil - * - * This is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software - * Foundation. See file COPYING. - * - */ - -#include "common/ConfUtils.h" -#include "common/ceph_argparse.h" -#include "common/config.h" -#include "global/global_context.h" -#include "global/global_init.h" - -#include "auth/Crypto.h" -#include "auth/Auth.h" -#include "auth/KeyRing.h" - -void usage() -{ - cout << "usage: ceph-authtool keyringfile [OPTIONS]...\n" - << "where the options are:\n" - << " -l, --list will list all keys and capabilities present in\n" - << " the keyring\n" - << " -p, --print-key will print an encoded key for the specified\n" - << " entityname. This is suitable for the\n" - << " 'mount -o secret=..' argument\n" - << " -C, --create-keyring will create a new keyring, overwriting any\n" - << " existing keyringfile\n" - << " -g, --gen-key will generate a new secret key for the\n" - << " specified entityname\n" - << " --gen-print-key will generate a new secret key without set it\n" - << " to the keyringfile, prints the secret to stdout\n" - << " --import-keyring FILE will import the content of a given keyring\n" - << " into the keyringfile\n" - << " -n NAME, --name NAME specify entityname to operate on\n" - << " -u AUID, --set-uid AUID sets the auid (authenticated user id) for the\n" - << " specified entityname\n" - << " -a BASE64, --add-key BASE64 will add an encoded key to the keyring\n" - << " --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem\n" - << " --caps CAPSFILE will set all of capabilities associated with a\n" - << " given key, for all subsystems" - << std::endl; - exit(1); -} - -int main(int argc, const char **argv) -{ - vector args; - argv_to_vec(argc, argv, args); - env_to_vec(args); - - std::string add_key; - std::string caps_fn; - std::string import_keyring; - uint64_t auid = CEPH_AUTH_UID_DEFAULT; - map caps; - std::string fn; - - auto cct = global_init(NULL, args, CEPH_ENTITY_TYPE_CLIENT, - CODE_ENVIRONMENT_UTILITY, - CINIT_FLAG_NO_DEFAULT_CONFIG_FILE); - - bool gen_key = false; - bool gen_print_key = false; - bool list = false; - bool print_key = false; - bool create_keyring = false; - bool set_auid = false; - std::vector::iterator i; - - /* Handle options unique to ceph-authtool - * -n NAME, --name NAME is handled by global_init - * */ - for (i = args.begin(); i != args.end(); ) { - std::string val; - if (ceph_argparse_double_dash(args, i)) { - break; - } else if (ceph_argparse_flag(args, i, "-g", "--gen-key", (char*)NULL)) { - gen_key = true; - } else if (ceph_argparse_flag(args, i, "--gen-print-key", (char*)NULL)) { - gen_print_key = true; - } else if (ceph_argparse_witharg(args, i, &val, "-a", "--add-key", (char*)NULL)) { - if (val.empty()) { - cerr << "Option --add-key requires an argument" << std::endl; - exit(1); - } - add_key = val; - } else if (ceph_argparse_flag(args, i, "-l", "--list", (char*)NULL)) { - list = true; - } else if (ceph_argparse_witharg(args, i, &val, "--caps", (char*)NULL)) { - caps_fn = val; - } else if (ceph_argparse_witharg(args, i, &val, "--cap", (char*)NULL)) { - std::string my_key = val; - if (i == args.end()) { - cerr << "must give two arguments to --cap: key and val." << std::endl; - exit(1); - } - std::string my_val = *i; - ++i; - ::encode(my_val, caps[my_key]); - } else if (ceph_argparse_flag(args, i, "-p", "--print-key", (char*)NULL)) { - print_key = true; - } else if (ceph_argparse_flag(args, i, "-C", "--create-keyring", (char*)NULL)) { - create_keyring = true; - } else if (ceph_argparse_witharg(args, i, &val, "--import-keyring", (char*)NULL)) { - import_keyring = val; - } else if (ceph_argparse_witharg(args, i, &val, "-u", "--set-uid", (char*)NULL)) { - std::string err; - auid = strict_strtoll(val.c_str(), 10, &err); - if (!err.empty()) { - cerr << "error parsing UID: " << err << std::endl; - exit(1); - } - set_auid = true; - } else if (fn.empty()) { - fn = *i++; - } else { - cerr << argv[0] << ": unexpected '" << *i << "'" << std::endl; - usage(); - } - } - - if (fn.empty() && !gen_print_key) { - cerr << argv[0] << ": must specify filename" << std::endl; - usage(); - } - if (!(gen_key || - gen_print_key || - !add_key.empty() || - list || - !caps_fn.empty() || - !caps.empty() || - set_auid || - print_key || - create_keyring || - !import_keyring.empty())) { - cerr << "no command specified" << std::endl; - usage(); - } - if (gen_key && (!add_key.empty())) { - cerr << "can't both gen-key and add-key" << std::endl; - usage(); - } - - common_init_finish(g_ceph_context); - EntityName ename(g_conf->name); - - // Enforce the use of gen-key or add-key when creating to avoid ending up - // with an "empty" key (key = AAAAAAAAAAAAAAAA) - if (create_keyring && !gen_key && add_key.empty() && !caps.empty()) { - cerr << "must specify either gen-key or add-key when creating" << std::endl; - usage(); - } - - if (gen_print_key) { - CryptoKey key; - key.create(g_ceph_context, CEPH_CRYPTO_AES); - cout << key << std::endl; - return 0; - } - - // keyring -------- - bool modified = false; - KeyRing keyring; - - bufferlist bl; - int r = 0; - if (create_keyring) { - cout << "creating " << fn << std::endl; - modified = true; - } else { - std::string err; - r = bl.read_file(fn.c_str(), &err); - if (r >= 0) { - try { - bufferlist::iterator iter = bl.begin(); - ::decode(keyring, iter); - } catch (const buffer::error &err) { - cerr << "error reading file " << fn << std::endl; - exit(1); - } - } else { - cerr << "can't open " << fn << ": " << err << std::endl; - exit(1); - } - } - - // Validate that "name" actually has an existing key in this keyring if we - // have not given gen-key or add-key options - if (!gen_key && add_key.empty() && !caps.empty()) { - CryptoKey key; - if (!keyring.get_secret(ename, key)) { - cerr << "can't find existing key for " << ename - << " and neither gen-key nor add-key specified" << std::endl; - exit(1); - } - } - - // write commands - if (!import_keyring.empty()) { - KeyRing other; - bufferlist obl; - std::string err; - int r = obl.read_file(import_keyring.c_str(), &err); - if (r >= 0) { - try { - bufferlist::iterator iter = obl.begin(); - ::decode(other, iter); - } catch (const buffer::error &err) { - cerr << "error reading file " << import_keyring << std::endl; - exit(1); - } - - cout << "importing contents of " << import_keyring << " into " << fn << std::endl; - //other.print(cout); - keyring.import(g_ceph_context, other); - modified = true; - } else { - cerr << "can't open " << import_keyring << ": " << err << std::endl; - exit(1); - } - } - if (gen_key) { - EntityAuth eauth; - eauth.key.create(g_ceph_context, CEPH_CRYPTO_AES); - keyring.add(ename, eauth); - modified = true; - } - if (!add_key.empty()) { - EntityAuth eauth; - try { - eauth.key.decode_base64(add_key); - } catch (const buffer::error &err) { - cerr << "can't decode key '" << add_key << "'" << std::endl; - exit(1); - } - keyring.add(ename, eauth); - modified = true; - cout << "added entity " << ename << " auth " << eauth << std::endl; - } - if (!caps_fn.empty()) { - ConfFile cf; - std::deque parse_errors; - if (cf.parse_file(caps_fn, &parse_errors, &cerr) != 0) { - cerr << "could not parse caps file " << caps_fn << std::endl; - exit(1); - } - complain_about_parse_errors(g_ceph_context, &parse_errors); - map caps; - const char *key_names[] = { "mon", "osd", "mds", "mgr", NULL }; - for (int i=0; key_names[i]; i++) { - std::string val; - if (cf.read("global", key_names[i], val) == 0) { - bufferlist bl; - ::encode(val, bl); - string s(key_names[i]); - caps[s] = bl; - } - } - keyring.set_caps(ename, caps); - modified = true; - } - if (!caps.empty()) { - keyring.set_caps(ename, caps); - modified = true; - } - if (set_auid) { - keyring.set_uid(ename, auid); - modified = true; - } - - // read commands - if (list) { - try { - keyring.print(cout); - } catch (ceph::buffer::end_of_buffer &eob) { - cout << "Exception (end_of_buffer) in print(), exit." << std::endl; - exit(1); - } - } - if (print_key) { - CryptoKey key; - if (keyring.get_secret(ename, key)) { - cout << key << std::endl; - } else { - cerr << "entity " << ename << " not found" << std::endl; - exit(1); - } - } - - // write result? - if (modified) { - bufferlist bl; - keyring.encode_plaintext(bl); - r = bl.write_file(fn.c_str(), 0600); - if (r < 0) { - cerr << "could not write " << fn << std::endl; - exit(1); - } - //cout << "wrote " << bl.length() << " bytes to " << fn << std::endl; - } - return 0; -}