Project

General

Profile

Bug #2904

ceph-authtool: Adds keys on typos, expected error message

Added by Anonymous almost 7 years ago. Updated almost 3 years ago.

Status:
Resolved
Priority:
Low
Assignee:
Category:
-
Target version:
-
Start date:
08/02/2012
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
Regression:
Severity:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

$ cat >temp.keyring <<EOF
[osd.0]
    key = AQD0TGVNSG0jHRAASDDwan8hOOZBxxZ3aMMVdg==
    auid = 18446744073709551615
EOF
$ ./ceph-authtool temp.keyring --cap mon "allow *" --cap osd "allow *" 
$ cat temp.keyring
[osd.0]
    key = AQD0TGVNSG0jHRAASDDwan8hOOZBxxZ3aMMVdg==
    auid = 18446744073709551615
[client.admin]
    key = AAAAAAAAAAAAAAAA
    auid = 18446744073709551615
    caps mon = "allow *" 
    caps osd = "allow *" 

This can hurt you either through forgetting --name=, or typoing it, e.g. --name=ods.0

Since I did not specify --gen-key, I expected an error message, something like:

$ ./ceph-authtool temp.keyring --cap mon "allow *" --cap osd "allow *" 
ceph-authtool: Key does not exist: client.admin
$ ./ceph-authtool temp.keyring --name=ods.0 --cap mon "allow *" --cap osd "allow *" 
ceph-authtool: Key does not exist: ods.0

History

#1 Updated by Brad Hubbard almost 3 years ago

  • Assignee set to Brad Hubbard

#2 Updated by Brad Hubbard almost 3 years ago

This case has been resolved by a previous commit.

$ ./ceph-authtool /tmp/keyring --name=ods.0 --cap mon "allow *" --cap osd "allow *"
error parsing 'ods.0': expected string of the form TYPE.ID, valid types are: auth, mon, osd, mds, client

I have a candidate patch which produces the following for commands which previously misbehaved.

$ ./ceph-authtool /tmp/keyring --create-keyring --name=mon. --add-key= --cap mon 'allow *'
Option --add-key= requires an argument.

$ ./ceph-authtool /tmp/keyring --cap mon "allow *" --cap osd "allow *"
Can't find existing key for client.admin and neither gen-key nor add-key specified

I think I have covered all options which can create an invalid key like "key = AAAAAAAAAAAAAAAA"

My patch needs a good deal of testing and then I'll submit a PR.

#3 Updated by Brad Hubbard almost 3 years ago

  • Status changed from New to Verified

#4 Updated by Kefu Chai almost 3 years ago

  • Status changed from Verified to Resolved

Also available in: Atom PDF