ff73bc778e
Since most of the time users run MaxScale as the maxscale user, we can change the ownership of the file when it is being created. This prevents the need to manually set the permissions after the file is created. If the user creating the file is root, the ownership change will work but on the other hand if the user simply has write permission into MaxScale's files, the ownership change will likely cause an error. This will still be an improvement as the user will know the file ownership needs to be changed.
129 lines
3.5 KiB
C++
129 lines
3.5 KiB
C++
/*
|
|
* Copyright (c) 2016 MariaDB Corporation Ab
|
|
*
|
|
* Use of this software is governed by the Business Source License included
|
|
* in the LICENSE.TXT file and at www.mariadb.com/bsl11.
|
|
*
|
|
* Change Date: 2023-01-01
|
|
*
|
|
* On the date above, in accordance with the Business Source License, use
|
|
* of this software will be governed by version 2 or later of the General
|
|
* Public License.
|
|
*/
|
|
|
|
/**
|
|
* @file maxkeys.c - Create the random encryption keys for maxscale
|
|
*/
|
|
#include <maxscale/ccdefs.hh>
|
|
#include <getopt.h>
|
|
#include <sys/types.h>
|
|
#include <pwd.h>
|
|
#include <stdio.h>
|
|
#include <unistd.h>
|
|
#include <maxscale/paths.h>
|
|
#include <maxscale/random.h>
|
|
#include "internal/secrets.hh"
|
|
|
|
#ifdef HAVE_GLIBC
|
|
struct option options[] =
|
|
{
|
|
{"help", no_argument, NULL, 'h'},
|
|
{"user", required_argument, NULL, 'u'},
|
|
{NULL, 0, NULL, 0 }
|
|
};
|
|
#endif
|
|
|
|
void print_usage(const char* executable, const char* directory)
|
|
{
|
|
printf("usage: %s [-h|--help] [directory]\n"
|
|
"\n"
|
|
"This utility writes into the file .secrets, in the specified directory, the\n"
|
|
"AES encryption key and init vector that are used by the utility maxpasswd,\n"
|
|
"when encrypting passwords used in the MariaDB MaxScale configuration file.\n"
|
|
"\n"
|
|
"Note that re-creating the .secrets file will invalidate all existing\n"
|
|
"passwords used in the configuration file.\n"
|
|
"\n"
|
|
" -h, --help Display this help\n"
|
|
" -u, --user Sets the owner of the .secrets file (default: maxscale)\n"
|
|
"\n"
|
|
"directory : The directory where the .secrets file should be created.\n"
|
|
"\n"
|
|
"If a specific directory is not provided, the file is created in\n"
|
|
"%s.\n",
|
|
executable,
|
|
directory);
|
|
}
|
|
|
|
int main(int argc, char** argv)
|
|
{
|
|
std::string directory = get_datadir();
|
|
std::string username = "maxscale";
|
|
|
|
int c;
|
|
#ifdef HAVE_GLIBC
|
|
while ((c = getopt_long(argc, argv, "h", options, NULL)) != -1)
|
|
#else
|
|
while ((c = getopt(argc, argv, "h")) != -1)
|
|
#endif
|
|
{
|
|
switch (c)
|
|
{
|
|
case 'h':
|
|
print_usage(argv[0], directory.c_str());
|
|
exit(EXIT_SUCCESS);
|
|
break;
|
|
|
|
case 'u':
|
|
username = optarg;
|
|
break;
|
|
|
|
default:
|
|
print_usage(argv[0], directory.c_str());
|
|
exit(EXIT_FAILURE);
|
|
break;
|
|
}
|
|
}
|
|
|
|
int rval = EXIT_SUCCESS;
|
|
|
|
if (optind == argc)
|
|
{
|
|
fprintf(stderr, "Generating .secrets file in %s.\n", directory.c_str());
|
|
}
|
|
else
|
|
{
|
|
directory = argv[optind];
|
|
}
|
|
|
|
mxs_log_init(NULL, NULL, MXS_LOG_TARGET_DEFAULT);
|
|
|
|
if (secrets_write_keys(directory.c_str()) == 0)
|
|
{
|
|
std::string filename = directory + "/.secrets";
|
|
|
|
if (auto user = getpwnam(username.c_str()))
|
|
{
|
|
if (chown(filename.c_str(), user->pw_uid, user->pw_gid) == -1)
|
|
{
|
|
fprintf(stderr, "Failed to give '%s' ownership of '%s': %d, %s",
|
|
username.c_str(), filename.c_str(), errno, strerror(errno));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
fprintf(stderr, "Could not find user '%s' when attempting to change ownership of '%s': %d, %s",
|
|
username.c_str(), filename.c_str(), errno, strerror(errno));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
fprintf(stderr, "Failed to create the .secrets file.\n");
|
|
rval = EXIT_FAILURE;
|
|
}
|
|
|
|
mxs_log_finish();
|
|
|
|
return rval;
|
|
}
|