17 #include <sys/types.h> 26 static int do_replace_secret_params(
const char *rsc_id, GHashTable *params, gboolean from_legacy_dir);
27 static int is_magic_value(
char *p);
28 static int check_md5_hash(
char *hash,
char *value);
29 static void add_secret_params(gpointer key, gpointer value, gpointer user_data);
30 static char *read_local_file(
char *local_file);
32 #define MAX_VALUE_LEN 255 33 #define MAGIC "lrm://" 36 is_magic_value(
char *p)
38 return !strcmp(p,
MAGIC);
42 check_md5_hash(
char *hash,
char *value)
48 crm_debug(
"hash: %s, calculated hash: %s", hash, hash2);
58 read_local_file(
char *local_file)
60 FILE *fp = fopen(local_file,
"r");
65 if (errno != ENOENT) {
66 crm_perror(LOG_ERR,
"cannot open %s" , local_file);
72 crm_perror(LOG_ERR,
"cannot read %s", local_file);
79 for (p = buf+strlen(buf)-1; p >= buf && isspace(*p); p--)
93 if (do_replace_secret_params(rsc_id, params, FALSE) < 0
94 && do_replace_secret_params(rsc_id, params, TRUE) < 0) {
102 do_replace_secret_params(
const char *rsc_id, GHashTable *params,
103 gboolean from_legacy_dir)
105 char local_file[FILENAME_MAX+1], *start_pname;
106 char hash_file[FILENAME_MAX+1], *hash;
107 GList *secret_params = NULL, *l;
108 char *key, *pvalue, *secret_value;
110 const char *dir_prefix = NULL;
112 if (params == NULL) {
116 if (from_legacy_dir) {
117 dir_prefix = LRM_LEGACY_CIBSECRETS_DIR;
120 dir_prefix = LRM_CIBSECRETS_DIR;
127 g_hash_table_foreach(params, add_secret_params, &secret_params);
128 if (!secret_params) {
132 crm_debug(
"replace secret parameters for resource %s", rsc_id);
134 if (snprintf(local_file, FILENAME_MAX,
135 "%s/%s/", dir_prefix, rsc_id) > FILENAME_MAX) {
136 crm_err(
"filename size exceeded for resource %s", rsc_id);
139 start_pname = local_file + strlen(local_file);
141 for (l = g_list_first(secret_params); l; l = g_list_next(l)) {
142 key = (
char *)(l->data);
143 pvalue = g_hash_table_lookup(params, key);
145 crm_err(
"odd, no parameter %s for rsc %s found now", key, rsc_id);
149 if ((strlen(key) + strlen(local_file)) >= FILENAME_MAX-2) {
150 crm_err(
"%d: parameter name %s too big", key);
155 strcpy(start_pname, key);
156 secret_value = read_local_file(local_file);
158 if (from_legacy_dir == FALSE) {
159 crm_debug(
"secret for rsc %s parameter %s not found in %s. " 160 "will try "LRM_LEGACY_CIBSECRETS_DIR, rsc_id, key, dir_prefix);
163 crm_err(
"secret for rsc %s parameter %s not found in %s",
164 rsc_id, key, dir_prefix);
170 strcpy(hash_file, local_file);
171 if (strlen(hash_file) + 5 > FILENAME_MAX) {
172 crm_err(
"cannot build such a long name " 173 "for the sign file: %s.sign", hash_file);
179 strcat(hash_file,
".sign");
180 hash = read_local_file(hash_file);
182 crm_err(
"md5 sum for rsc %s parameter %s " 183 "cannot be read from %s", rsc_id, key, hash_file);
188 }
else if (!check_md5_hash(hash, secret_value)) {
189 crm_err(
"md5 sum for rsc %s parameter %s " 190 "does not match", rsc_id, key);
198 g_hash_table_replace(params, strdup(key), secret_value);
200 g_list_free(secret_params);
205 add_secret_params(gpointer key, gpointer value, gpointer user_data)
207 GList **lp = (GList **)user_data;
209 if (is_magic_value((
char *)value)) {
210 *lp = g_list_append(*lp, (
char *)key);
int replace_secret_params(const char *rsc_id, GHashTable *params)
#define crm_debug(fmt, args...)
#define crm_perror(level, fmt, args...)
Log a system error message.
#define crm_err(fmt, args...)
char * crm_md5sum(const char *buffer)
#define safe_str_eq(a, b)