rgw: avoid using slashes for generated secret keys

Just use plain alphanumeric characterset.

Fixes: #7647
Signed-off-by: Yehuda Sadeh <yehuda@redhat.com>
(cherry picked from commit 3f04a6126fdbfb93304f798da3775c0eec9b7d44)

diff --git a/src/rgw/rgw_common.cc b/src/rgw/rgw_common.cc
index f3988cffd34868212586575bca55ed4dd95da984..c270c6fdb0855a1008ca60fca58e1e944f14e7bc 100644 (file)
--- a/src/rgw/rgw_common.cc
+++ b/src/rgw/rgw_common.cc
@@ -525,6 +525,26 @@ int gen_rand_alphanumeric_no_underscore(CephContext *cct, char *dest, int size)
   return 0;
 }
 
+static const char alphanum_plain_table[]="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
+
+int gen_rand_alphanumeric_plain(CephContext *cct, char *dest, int size) /* size should be the required string size + 1 */
+{
+  int ret = get_random_bytes(dest, size);
+  if (ret < 0) {
+    lderr(cct) << "cannot get random bytes: " << cpp_strerror(-ret) << dendl;
+    return ret;
+  }
+
+  int i;
+  for (i=0; i<size - 1; i++) {
+    int pos = (unsigned)dest[i];
+    dest[i] = alphanum_plain_table[pos % (sizeof(alphanum_plain_table) - 1)];
+  }
+  dest[i] = '\0';
+
+  return 0;
+}
+
 int NameVal::parse()
 {
   int delim_pos = str.find('=');

diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h
index 6c7912bd983c726191fd118edc3bc96786fda557..66415752975107878baa93fba67c08719eafd520 100644 (file)
--- a/src/rgw/rgw_common.h
+++ b/src/rgw/rgw_common.h
@@ -194,6 +194,7 @@ extern int gen_rand_alphanumeric(CephContext *cct, char *dest, int size);
 extern int gen_rand_alphanumeric_lower(CephContext *cct, char *dest, int size);
 extern int gen_rand_alphanumeric_upper(CephContext *cct, char *dest, int size);
 extern int gen_rand_alphanumeric_no_underscore(CephContext *cct, char *dest, int size);
+extern int gen_rand_alphanumeric_plain(CephContext *cct, char *dest, int size);
 
 extern int gen_rand_alphanumeric_lower(CephContext *cct, string *str, int length);
 

diff --git a/src/rgw/rgw_user.cc b/src/rgw/rgw_user.cc
index 24b72fb8572ccc4492bfb4c7351d9db2f51ac7b1..1e06e858a99d4190b37298664b9baa0351246ce0 100644 (file)
--- a/src/rgw/rgw_user.cc
+++ b/src/rgw/rgw_user.cc
@@ -848,7 +848,7 @@ int RGWAccessKeyPool::generate_key(RGWUserAdminOpState& op_state, std::string *e
   } else if (gen_secret) {
     char secret_key_buf[SECRET_KEY_LEN + 1];
 
-    ret = gen_rand_base64(g_ceph_context, secret_key_buf, sizeof(secret_key_buf));
+    ret = gen_rand_alphanumeric_plain(g_ceph_context, secret_key_buf, sizeof(secret_key_buf));
     if (ret < 0) {
       set_err_msg(err_msg, "unable to generate secret key");
       return ret;
@@ -962,7 +962,7 @@ int RGWAccessKeyPool::modify_key(RGWUserAdminOpState& op_state, std::string *err
 
     int ret;
     int key_buf_size = sizeof(secret_key_buf);
-    ret  = gen_rand_base64(g_ceph_context, secret_key_buf, key_buf_size);
+    ret = gen_rand_alphanumeric_plain(g_ceph_context, secret_key_buf, key_buf_size);
     if (ret < 0) {
       set_err_msg(err_msg, "unable to generate secret key");
       return ret;