hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
922630f76f395f44bcf24637f7c8d06cf051fccf
MaxScale/server/core/maxkeys.cc
Markus Mäkelä e2642d64b9 MXS-3010: Fix maxkeys and the test 
The test doesn't work properly if the maxscale user doesn't exist and the
key file permissions cannot be given to it. The test should use the
current user as the owner of the file but it turned out that the -u option
is broken.

Extended the test case to make sure the same password with the same
encryption key results in the same hash.
2020-05-25 19:45:33 +03:00

129 lines
3.5 KiB
C++
Raw Blame History

/*
* Copyright (c) 2016 MariaDB Corporation Ab
*
* Use of this software is governed by the Business Source License included
* in the LICENSE.TXT file and at www.mariadb.com/bsl11.
*
* Change Date: 2024-04-23
*
* On the date above, in accordance with the Business Source License, use
* of this software will be governed by version 2 or later of the General
* Public License.
*/
/**
* @file maxkeys.c - Create the random encryption keys for maxscale
*/
#include <maxscale/ccdefs.hh>
#include <getopt.h>
#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
#include <unistd.h>
#include <maxscale/paths.h>
#include <maxscale/random.h>
#include "internal/secrets.hh"
#ifdef HAVE_GLIBC
struct option options[] =
{
{"help", no_argument, NULL, 'h'},
{"user", required_argument, NULL, 'u'},
{NULL, 0, NULL, 0 }
};
#endif
void print_usage(const char* executable, const char* directory)
{
printf("usage: %s [-h|--help] [directory]\n"
"\n"
"This utility writes into the file .secrets, in the specified directory, the\n"
"AES encryption key and init vector that are used by the utility maxpasswd,\n"
"when encrypting passwords used in the MariaDB MaxScale configuration file.\n"
"\n"
"Note that re-creating the .secrets file will invalidate all existing\n"
"passwords used in the configuration file.\n"
"\n"
" -h, --help Display this help\n"
" -u, --user Sets the owner of the .secrets file (default: maxscale)\n"
"\n"
"directory : The directory where the .secrets file should be created.\n"
"\n"
"If a specific directory is not provided, the file is created in\n"
"%s.\n",
executable,
directory);
}
int main(int argc, char** argv)
{
std::string directory = get_datadir();
std::string username = "maxscale";
int c;
#ifdef HAVE_GLIBC
while ((c = getopt_long(argc, argv, "hu:", options, NULL)) != -1)
#else
while ((c = getopt(argc, argv, "hu:")) != -1)
#endif
{
switch (c)
{
case 'h':
print_usage(argv[0], directory.c_str());
exit(EXIT_SUCCESS);
break;
case 'u':
username = optarg;
break;
default:
print_usage(argv[0], directory.c_str());
exit(EXIT_FAILURE);
break;
}
}
int rval = EXIT_SUCCESS;
if (optind == argc)
{
fprintf(stderr, "Generating .secrets file in %s.\n", directory.c_str());
}
else
{
directory = argv[optind];
}
mxs_log_init(NULL, NULL, MXS_LOG_TARGET_DEFAULT);
if (secrets_write_keys(directory.c_str()) == 0)
{
std::string filename = directory + "/.secrets";
if (auto user = getpwnam(username.c_str()))
{
if (chown(filename.c_str(), user->pw_uid, user->pw_gid) == -1)
{
fprintf(stderr, "Failed to give '%s' ownership of '%s': %d, %s",
username.c_str(), filename.c_str(), errno, strerror(errno));
}
}
else
{
fprintf(stderr, "Could not find user '%s' when attempting to change ownership of '%s': %d, %s",
username.c_str(), filename.c_str(), errno, strerror(errno));
}
}
else
{
fprintf(stderr, "Failed to create the .secrets file.\n");
rval = EXIT_FAILURE;
}
mxs_log_finish();
return rval;
}
Reference in New Issue View Git Blame Copy Permalink