Project

General

Profile

Bug #22784

Key exported from auth keyring is not imported properly

Added by Wido den Hollander over 1 year ago. Updated over 1 year ago.

Status:
Need Review
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
-
Start date:
01/24/2018
Due date:
% Done:

0%

Source:
Tags:
mon,cephx,auth
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature:

Description

Exporting a key with " in there is exported to a file, but importing this key again seems to succeed, but the mon caps are missing:

The resulting file contains:

[client.rbd]
    key = AQA5R8dWPYvJCxAAvdhxx7UIKzFofSyRb4VrwQ==
    caps mon = "allow r, allow command "osd blacklist"" 
    caps osd = "allow class-read object_prefix rbd_children, allow rwx pool=rbd" 

If you use this command:

ceph auth import -i client.rbd

The resulting key becomes:

client.rbd
    key: AQA5R8dWPYvJCxAAvdhxx7UIKzFofSyRb4VrwQ==
    caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=rbd

The 'mon' caps are lost in this case and that is a problem.

The double quotes are causing problems here.


Related issues

Related to RADOS - Bug #22525: auth: ceph auth add does not sanity-check caps Resolved 12/21/2017

History

#1 Updated by Jing Li over 1 year ago

A backslash before double quotation mark would be the solution to this problem.

[client.demo]
    key=AQCudM5Z6osGIxAA2+kQKLBohgM3sjpvIfDUHw==
    caps mon = "allow r, allow command \"osd blacklist\"" 

Beside, I think this patch would help to hint if unvalid caps have been passed.
https://github.com/ceph/ceph/pull/19794

#2 Updated by Nathan Cutler over 1 year ago

  • Related to Bug #22525: auth: ceph auth add does not sanity-check caps added

#3 Updated by John Spray over 1 year ago

  • Status changed from New to Need Review

Also available in: Atom PDF