Fix: keyring permissions where world readable

Reported in https://bugzilla.suse.com/show_bug.cgi?id=920926
by  Andreas Stieger <astieger@suse.com>

Before thsi fix to umask for keyring handling, After execution
of ceph-deploy, all keyrings have mode 644.

The documented ceph-deploy procedure by creating a dedicated
admin user, and keys will be readable to all other (non-admin)
users as well, thus leaking authentication credentials.

The fix uses umask to resolve the writing of keyfiles.

Signed-off-by: Owen Synge <osynge@suse.com>

diff --git a/ceph_deploy/gatherkeys.py b/ceph_deploy/gatherkeys.py
index bd856628e4da0eb0027493da78eaa061c5cc0eb4..d35a9ae35e054ec41f79c7673df8d12064f92650 100644 (file)
--- a/ceph_deploy/gatherkeys.py
+++ b/ceph_deploy/gatherkeys.py
@@ -30,51 +30,54 @@ def fetch_file(args, frompath, topath, _hosts):
 
 
 def gatherkeys(args):
-    # client.admin
-    keyring = '/etc/ceph/{cluster}.client.admin.keyring'.format(
-        cluster=args.cluster)
-    r = fetch_file(
-        args=args,
-        frompath=keyring,
-        topath='{cluster}.client.admin.keyring'.format(
-            cluster=args.cluster),
-        _hosts=args.mon,
-        )
-    if not r:
-        raise exc.KeyNotFoundError(keyring, args.mon)
-
-    # mon.
-    keyring = '/var/lib/ceph/mon/{cluster}-{{hostname}}/keyring'.format(
-        cluster=args.cluster)
-    r = fetch_file(
-        args=args,
-        frompath=keyring,
-        topath='{cluster}.mon.keyring'.format(cluster=args.cluster),
-        _hosts=args.mon,
-        )
-    if not r:
-        raise exc.KeyNotFoundError(keyring, args.mon)
+    oldmask = os.umask(077)
+    try:
+        # client.admin
+        keyring = '/etc/ceph/{cluster}.client.admin.keyring'.format(
+            cluster=args.cluster)
+        r = fetch_file(
+            args=args,
+            frompath=keyring,
+            topath='{cluster}.client.admin.keyring'.format(
+                cluster=args.cluster),
+            _hosts=args.mon,
+            )
+        if not r:
+            raise exc.KeyNotFoundError(keyring, args.mon)
 
-    # bootstrap
-    for what in ['osd', 'mds', 'rgw']:
-        keyring = '/var/lib/ceph/bootstrap-{what}/{cluster}.keyring'.format(
-            what=what,
+        # mon.
+        keyring = '/var/lib/ceph/mon/{cluster}-{{hostname}}/keyring'.format(
             cluster=args.cluster)
         r = fetch_file(
             args=args,
             frompath=keyring,
-            topath='{cluster}.bootstrap-{what}.keyring'.format(
-                cluster=args.cluster,
-                what=what),
+            topath='{cluster}.mon.keyring'.format(cluster=args.cluster),
             _hosts=args.mon,
             )
         if not r:
-            if what in ['osd', 'mds']:
-                raise exc.KeyNotFoundError(keyring, args.mon)
-            else:
-                LOG.warning(("No RGW bootstrap key found. Will not be able to "
-                             "deploy RGW daemons"))
+            raise exc.KeyNotFoundError(keyring, args.mon)
 
+        # bootstrap
+        for what in ['osd', 'mds', 'rgw']:
+            keyring = '/var/lib/ceph/bootstrap-{what}/{cluster}.keyring'.format(
+                what=what,
+                cluster=args.cluster)
+            r = fetch_file(
+                args=args,
+                frompath=keyring,
+                topath='{cluster}.bootstrap-{what}.keyring'.format(
+                    cluster=args.cluster,
+                    what=what),
+                _hosts=args.mon,
+                )
+            if not r:
+                if what in ['osd', 'mds']:
+                    raise exc.KeyNotFoundError(keyring, args.mon)
+                else:
+                    LOG.warning(("No RGW bootstrap key found. Will not be able to "
+                                 "deploy RGW daemons"))
+    finally:
+        os.umask(oldmask)
 
 @priority(40)
 def make(parser):

diff --git a/ceph_deploy/new.py b/ceph_deploy/new.py
index 902e87d9cccb4f3dc32aaad52ed430e7b3f1d0b4..ab1dfc03be0680efece5ad5ec653919499b759e1 100644 (file)
--- a/ceph_deploy/new.py
+++ b/ceph_deploy/new.py
@@ -211,18 +211,21 @@ def new_mon_keyring(args):
     keypath = '{name}.mon.keyring'.format(
         name=args.cluster,
         )
-
+    oldmask = os.umask(077)
     LOG.debug('Writing monitor keyring to %s...', keypath)
-    tmp = '%s.tmp' % keypath
-    with file(tmp, 'w') as f:
-        f.write(mon_keyring)
     try:
-        os.rename(tmp, keypath)
-    except OSError as e:
-        if e.errno == errno.EEXIST:
-            raise exc.ClusterExistsError(keypath)
-        else:
-            raise
+        tmp = '%s.tmp' % keypath
+        with open(tmp, 'w', 0600) as f:
+            f.write(mon_keyring)
+        try:
+            os.rename(tmp, keypath)
+        except OSError as e:
+            if e.errno == errno.EEXIST:
+                raise exc.ClusterExistsError(keypath)
+            else:
+                raise
+    finally:
+        os.umask(oldmask)
 
 
 @priority(10)