From b179cd275526613a3838cb52e6f1c35950b6f3a8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?S=C3=A9bastien=20Han?= Date: Fri, 23 Jun 2017 15:45:57 +0200 Subject: [PATCH] ceph_authtool: add mode option MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit We now have the ability to set the keyring file mode with the help of '--mode MODE'. The mode needs to be specified in octal using the format: 0600. Closes: http://tracker.ceph.com/issues/23513 Signed-off-by: Sébastien Han --- doc/man/8/ceph-authtool.rst | 9 +++++++-- src/test/cli/ceph-authtool/add-key-segv.t | 2 +- src/test/cli/ceph-authtool/add-key.t | 2 +- src/test/cli/ceph-authtool/cap-bin.t | 2 +- src/test/cli/ceph-authtool/cap-invalid.t | 2 +- src/test/cli/ceph-authtool/cap-overwrite.t | 2 +- src/test/cli/ceph-authtool/cap.t | 2 +- src/test/cli/ceph-authtool/create-gen-list-bin.t | 3 +-- src/test/cli/ceph-authtool/create-gen-list.t | 2 +- src/test/cli/ceph-authtool/help.t | 2 ++ src/test/cli/ceph-authtool/manpage.t | 2 ++ src/test/cli/ceph-authtool/simple.t | 2 ++ src/tools/ceph_authtool.cc | 14 ++++++++++++-- 13 files changed, 33 insertions(+), 13 deletions(-) diff --git a/doc/man/8/ceph-authtool.rst b/doc/man/8/ceph-authtool.rst index 475b0a21fa5d8..291e50d85f535 100644 --- a/doc/man/8/ceph-authtool.rst +++ b/doc/man/8/ceph-authtool.rst @@ -21,6 +21,7 @@ Synopsis [ -a | --add-key *base64_key* ] [ --cap *subsystem* *capability* ] [ --caps *capfile* ] + [ --mode *mode* ] Description @@ -87,6 +88,10 @@ Options will set all of capabilities associated with a given key, for all subsystems + .. option:: --mode *mode* + + will set the desired file mode to the keyring e.g: 0644, defaults to 0600 + Capabilities ============ @@ -174,9 +179,9 @@ value is the capability string (see above). Example ======= -To create a new keyring containing a key for client.foo:: +To create a new keyring containing a key for client.foo with a 0644 file mode:: - ceph-authtool -C -n client.foo --gen-key keyring + ceph-authtool -C -n client.foo --gen-key keyring --mode 0644 To associate some capabilities with the key (namely, the ability to mount a Ceph filesystem):: diff --git a/src/test/cli/ceph-authtool/add-key-segv.t b/src/test/cli/ceph-authtool/add-key-segv.t index 724deb0b6f37a..6914593f3367c 100644 --- a/src/test/cli/ceph-authtool/add-key-segv.t +++ b/src/test/cli/ceph-authtool/add-key-segv.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring + $ ceph-authtool kring --create-keyring --mode 0644 creating kring $ ceph-authtool kring --add-key 'FAKEBASE64 foo' diff --git a/src/test/cli/ceph-authtool/add-key.t b/src/test/cli/ceph-authtool/add-key.t index d24efc144d544..d99eb5aa94f02 100644 --- a/src/test/cli/ceph-authtool/add-key.t +++ b/src/test/cli/ceph-authtool/add-key.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring + $ ceph-authtool kring --create-keyring --mode 0644 creating kring $ ceph-authtool kring --add-key 'AQAK7yxNeF+nHBAA0SgSdbs8IkJrxroDeJ6SwQ== 18446744073709551615' diff --git a/src/test/cli/ceph-authtool/cap-bin.t b/src/test/cli/ceph-authtool/cap-bin.t index 6ec76772cbf2b..7a6383b8bf642 100644 --- a/src/test/cli/ceph-authtool/cap-bin.t +++ b/src/test/cli/ceph-authtool/cap-bin.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring --gen-key + $ ceph-authtool kring --create-keyring --gen-key --mode 0644 creating kring $ ceph-authtool --cap osd 'allow rx pool=swimming' kring diff --git a/src/test/cli/ceph-authtool/cap-invalid.t b/src/test/cli/ceph-authtool/cap-invalid.t index 6b4897cda39e9..d72f34fed6603 100644 --- a/src/test/cli/ceph-authtool/cap-invalid.t +++ b/src/test/cli/ceph-authtool/cap-invalid.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring --gen-key + $ ceph-authtool kring --create-keyring --gen-key --mode 0644 creating kring # TODO is this nice? diff --git a/src/test/cli/ceph-authtool/cap-overwrite.t b/src/test/cli/ceph-authtool/cap-overwrite.t index 94146b23f84b9..9bc5b07ea8824 100644 --- a/src/test/cli/ceph-authtool/cap-overwrite.t +++ b/src/test/cli/ceph-authtool/cap-overwrite.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring --gen-key + $ ceph-authtool kring --create-keyring --gen-key --mode 0644 creating kring $ ceph-authtool --cap osd 'allow rx pool=swimming' kring diff --git a/src/test/cli/ceph-authtool/cap.t b/src/test/cli/ceph-authtool/cap.t index 65631f3be5198..b9748d9af111f 100644 --- a/src/test/cli/ceph-authtool/cap.t +++ b/src/test/cli/ceph-authtool/cap.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring --gen-key + $ ceph-authtool kring --create-keyring --gen-key --mode 0644 creating kring $ ceph-authtool --cap osd 'allow rx pool=swimming' kring diff --git a/src/test/cli/ceph-authtool/create-gen-list-bin.t b/src/test/cli/ceph-authtool/create-gen-list-bin.t index bfd2a4322dfc4..1d4925af57c20 100644 --- a/src/test/cli/ceph-authtool/create-gen-list-bin.t +++ b/src/test/cli/ceph-authtool/create-gen-list-bin.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring + $ ceph-authtool kring --create-keyring --mode 0600 creating kring $ ceph-authtool kring --list @@ -14,4 +14,3 @@ $ ceph-authtool kring -l [client.admin] \\tkey = [a-zA-Z0-9+/]+=* \(esc\) (re) - diff --git a/src/test/cli/ceph-authtool/create-gen-list.t b/src/test/cli/ceph-authtool/create-gen-list.t index 00f4ed5e0f6e2..2801b0502753c 100644 --- a/src/test/cli/ceph-authtool/create-gen-list.t +++ b/src/test/cli/ceph-authtool/create-gen-list.t @@ -1,4 +1,4 @@ - $ ceph-authtool kring --create-keyring + $ ceph-authtool kring --create-keyring --mode 0644 creating kring $ ceph-authtool kring --list diff --git a/src/test/cli/ceph-authtool/help.t b/src/test/cli/ceph-authtool/help.t index 9a6c88357f7cd..a7aa0abaedea3 100644 --- a/src/test/cli/ceph-authtool/help.t +++ b/src/test/cli/ceph-authtool/help.t @@ -23,4 +23,6 @@ --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem --caps CAPSFILE will set all of capabilities associated with a given key, for all subsystems + --mode MODE will set the desired file mode to the keyring + e.g: '0644', defaults to '0600' [1] diff --git a/src/test/cli/ceph-authtool/manpage.t b/src/test/cli/ceph-authtool/manpage.t index f84b79457a14e..4a6eb11ea6c87 100644 --- a/src/test/cli/ceph-authtool/manpage.t +++ b/src/test/cli/ceph-authtool/manpage.t @@ -22,6 +22,8 @@ --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem --caps CAPSFILE will set all of capabilities associated with a given key, for all subsystems + --mode MODE will set the desired file mode to the keyring + e.g: '0644', defaults to '0600' [1] # demonstrate that manpage examples fail without config diff --git a/src/test/cli/ceph-authtool/simple.t b/src/test/cli/ceph-authtool/simple.t index 35905ad07267d..47c612cf5d60d 100644 --- a/src/test/cli/ceph-authtool/simple.t +++ b/src/test/cli/ceph-authtool/simple.t @@ -22,4 +22,6 @@ --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem --caps CAPSFILE will set all of capabilities associated with a given key, for all subsystems + --mode MODE will set the desired file mode to the keyring + e.g: '0644', defaults to '0600' [1] diff --git a/src/tools/ceph_authtool.cc b/src/tools/ceph_authtool.cc index 23370f7307e4c..180b3ebcbc9fd 100644 --- a/src/tools/ceph_authtool.cc +++ b/src/tools/ceph_authtool.cc @@ -45,7 +45,9 @@ void usage() << " -a BASE64, --add-key BASE64 will add an encoded key to the keyring\n" << " --cap SUBSYSTEM CAPABILITY will set the capability for given subsystem\n" << " --caps CAPSFILE will set all of capabilities associated with a\n" - << " given key, for all subsystems" + << " given key, for all subsystems\n" + << " --mode MODE will set the desired file mode to the keyring\n" + << " e.g: '0644', defaults to '0600'" << std::endl; exit(1); } @@ -72,6 +74,7 @@ int main(int argc, const char **argv) bool print_key = false; bool create_keyring = false; bool set_auid = false; + int mode = 0600; // keyring file mode std::vector::iterator i; /* Handle options unique to ceph-authtool @@ -118,6 +121,13 @@ int main(int argc, const char **argv) exit(1); } set_auid = true; + } else if (ceph_argparse_witharg(args, i, &val, "--mode", (char*)NULL)) { + std::string err; + mode = strict_strtoll(val.c_str(), 8, &err); + if (!err.empty()) { + cerr << "Option --mode requires an argument" << std::endl; + exit(1); + } } else if (fn.empty()) { fn = *i++; } else { @@ -298,7 +308,7 @@ int main(int argc, const char **argv) if (modified) { bufferlist bl; keyring.encode_plaintext(bl); - r = bl.write_file(fn.c_str(), 0600); + r = bl.write_file(fn.c_str(), mode); if (r < 0) { cerr << "could not write " << fn << std::endl; exit(1); -- 2.39.5