Vladislav,
again, nice idea, but. I would rather see use of CLI option + comments
inside.
Vladislav Bogdanov napsal(a):
> Signed-off-by: Vladislav Bogdanov <bubble@xxxxxxxxxxxxx>
> ---
> man/corosync-keygen.8 | 27 +++++++++++++++++++--------
> tools/corosync-keygen.c | 38 ++++++++++++++++++++++----------------
> 2 files changed, 41 insertions(+), 24 deletions(-)
>
> diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8
> index 5dc3f45..71ca40e 100644
> --- a/man/corosync-keygen.8
> +++ b/man/corosync-keygen.8
> @@ -39,26 +39,22 @@ corosync-keygen \- Generate an authentication key for Corosync.
> .SH DESCRIPTION
>
> If you want to configure corosync to use cryptographic techniques to ensure authenticity
> -.br
> and privacy of the messages, you will need to generate a private key.
> .PP
> .B corosync-keygen
> -creates this key and writes it to /etc/corosync/authkey.
> +creates this key and writes it to /etc/corosync/authkey or to file specified by
> +COROSYNC_TOTEM_AUTHKEY_FILE environment variable.
> .PP
> This private key must be copied to every processor in the cluster. If the
> -.br
> private key isn't the same for every node, those nodes with nonmatching private
> -.br
> keys will not be able to join the same configuration.
> .PP
> Copy the key to some security transportable storage or use ssh to transmit the
> -.br
> key from node to node. Then install the key with the command:
> .PP
> unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/corosync/authkey
> .PP
> If a message "Invalid digest" appears from the corosync executive, the keys
> -.br
> are not consistent between processors.
> .PP
> .B Note: corosync-keygen
> @@ -67,13 +63,21 @@ will ask for user input to assist in generating entropy unless the -l option is
> .TP
> .B -l
> Use a less secure random data source that will not require user input to help generate
> +entropy. This may be useful when this utility is used from a script or hardware random number
> +generator is not available (f.e. in virtual machine).
> +.SH ENVIRONMENT VARIABLES
> +.TP
> +COROSYNC_TOTEM_AUTHKEY_FILE
> +This specifies the fully qualified path to the shared key to create.
> .br
> -entropy. This may be useful when this utility is used from a script.
> +
> +The default is /etc/corosync/authkey.
> +
> .SH EXAMPLES
> .TP
> Generate the key.
> .PP
> -$ corosync-keygen
> +# corosync-keygen
> .br
> Corosync Cluster Engine Authentication key generator.
> .br
> @@ -81,6 +85,13 @@ Gathering 1024 bits for key from /dev/random.
> .br
> Press keys on your keyboard to generate entropy.
> .br
> +.PP
> +$ COROSYNC_TOTEM_AUTHKEY_FILE=/tmp/authkey corosync-keygen -l
> +.br
> +Corosync Cluster Engine Authentication key generator.
> +.br
> +Writing corosync key to /tmp/authkey.
> +.br
> .SH SEE ALSO
> .BR corosync_overview (8),
> .BR corosync.conf (5),
> diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
> index 71ea9d8..519e8d9 100644
> --- a/tools/corosync-keygen.c
> +++ b/tools/corosync-keygen.c
> @@ -40,14 +40,13 @@
> #include <unistd.h>
> #include <fcntl.h>
> #include <errno.h>
> +#include <string.h>
> #include <getopt.h>
> #include <sys/types.h>
> #include <sys/stat.h>
>
> #include <netinet/in.h>
>
> -#define KEYFILE COROSYSCONFDIR "/authkey"
> -
> static const char usage[] =
> "Usage: corosync-keygen [-l]\n"
> " -l / --less-secure - Use a less secure random number source\n"
> @@ -60,6 +59,7 @@ int main (int argc, char *argv[])
> {
> int authkey_fd;
> int random_fd;
> + const char *keyfile = getenv("COROSYNC_TOTEM_AUTHKEY_FILE");
> unsigned char key[128];
> ssize_t res;
> ssize_t bytes_read;
> @@ -89,14 +89,18 @@ int main (int argc, char *argv[])
> }
>
> printf ("Corosync Cluster Engine Authentication key generator.\n");
> - if (geteuid() != 0) {
> + if (geteuid() != 0 && !keyfile) {
> printf ("Error: Authorization key must be generated as root user.\n");
> exit (errno);
> }
> - if (mkdir (COROSYSCONFDIR, 0700)) {
> - if (errno != EEXIST) {
> - perror ("Failed to create directory: " COROSYSCONFDIR);
> - exit (errno);
> +
> + if (!keyfile) {
> + keyfile = COROSYSCONFDIR "/authkey";
> + if (mkdir (COROSYSCONFDIR, 0700)) {
> + if (errno != EEXIST) {
> + perror ("Failed to create directory: " COROSYSCONFDIR);
> + exit (errno);
> + }
> }
> }
>
> @@ -134,37 +138,39 @@ retry_read:
> /*
> * Open key
> */
> - authkey_fd = open (KEYFILE, O_CREAT|O_WRONLY, 600);
> + authkey_fd = open (keyfile, O_CREAT|O_WRONLY, 0600);
> if (authkey_fd == -1) {
> - perror ("Could not create " KEYFILE);
> + fprintf (stderr, "Could not create %s: %s", keyfile, strerror(errno));
> exit (errno);
> }
> /*
> * Set security of authorization key to uid = 0 gid = 0 mode = 0400
> */
> - res = fchown (authkey_fd, 0, 0);
> - if (res == -1) {
> - perror ("Could not fchown key to uid 0 and gid 0\n");
> - exit (errno);
> + if (geteuid() == 0) {
> + res = fchown (authkey_fd, 0, 0);
> + if (res == -1) {
> + perror ("Could not fchown key to uid 0 and gid 0\n");
> + exit (errno);
> + }
> }
> if (fchmod (authkey_fd, 0400)) {
> perror ("Failed to set key file permissions to 0400\n");
> exit (errno);
> }
>
> - printf ("Writing corosync key to " KEYFILE ".\n");
> + printf ("Writing corosync key to %s.\n", keyfile);
>
> /*
> * Write key
> */
> res = write (authkey_fd, key, sizeof (key));
> if (res != sizeof (key)) {
> - perror ("Could not write " KEYFILE);
> + fprintf (stderr, "Could not write %s: %s", keyfile, strerror(errno));
> exit (errno);
Please use err/errx (see errx(3)) instead of fprintf and exit (err does
this in one function, and it's standard).
Please DO not use errno as return code. Errno (potentially) can be >
127. Error code > 127 is used when signal arrived (this is not the case
here).
Regards,
Honza
> }
>
> if (close (authkey_fd)) {
> - perror ("Could not write " KEYFILE);
> + fprintf (stderr, "Could not write %s: %s", keyfile, strerror(errno));
> exit (errno);
> }
>
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
