Hi Jan,
16.07.2014 17:18, Jan Friesse wrote:
> Vladislav,
> again, nice idea, but. I would rather see use of CLI option + comments
> inside.
I thought about that, but decided to go the same way
corosync_overview(8) describes. Otherwise I'd need to patch main.c for
consistency and thus possibly change functionality someone already uses.
>
>
> Vladislav Bogdanov napsal(a):
>> Signed-off-by: Vladislav Bogdanov <bubble@xxxxxxxxxxxxx>
>> ---
>> man/corosync-keygen.8 | 27 +++++++++++++++++++--------
>> tools/corosync-keygen.c | 38 ++++++++++++++++++++++----------------
>> 2 files changed, 41 insertions(+), 24 deletions(-)
>>
>> diff --git a/man/corosync-keygen.8 b/man/corosync-keygen.8
>> index 5dc3f45..71ca40e 100644
>> --- a/man/corosync-keygen.8
>> +++ b/man/corosync-keygen.8
>> @@ -39,26 +39,22 @@ corosync-keygen \- Generate an authentication key for Corosync.
>> .SH DESCRIPTION
>>
>> If you want to configure corosync to use cryptographic techniques to ensure authenticity
>> -.br
>> and privacy of the messages, you will need to generate a private key.
>> .PP
>> .B corosync-keygen
>> -creates this key and writes it to /etc/corosync/authkey.
>> +creates this key and writes it to /etc/corosync/authkey or to file specified by
>> +COROSYNC_TOTEM_AUTHKEY_FILE environment variable.
>> .PP
>> This private key must be copied to every processor in the cluster. If the
>> -.br
>> private key isn't the same for every node, those nodes with nonmatching private
>> -.br
>> keys will not be able to join the same configuration.
>> .PP
>> Copy the key to some security transportable storage or use ssh to transmit the
>> -.br
>> key from node to node. Then install the key with the command:
>> .PP
>> unix#: install -D --group=0 --owner=0 --mode=0400 /path_to_authkey/authkey /etc/corosync/authkey
>> .PP
>> If a message "Invalid digest" appears from the corosync executive, the keys
>> -.br
>> are not consistent between processors.
>> .PP
>> .B Note: corosync-keygen
>> @@ -67,13 +63,21 @@ will ask for user input to assist in generating entropy unless the -l option is
>> .TP
>> .B -l
>> Use a less secure random data source that will not require user input to help generate
>> +entropy. This may be useful when this utility is used from a script or hardware random number
>> +generator is not available (f.e. in virtual machine).
>> +.SH ENVIRONMENT VARIABLES
>> +.TP
>> +COROSYNC_TOTEM_AUTHKEY_FILE
>> +This specifies the fully qualified path to the shared key to create.
>> .br
>> -entropy. This may be useful when this utility is used from a script.
>> +
>> +The default is /etc/corosync/authkey.
>> +
>> .SH EXAMPLES
>> .TP
>> Generate the key.
>> .PP
>> -$ corosync-keygen
>> +# corosync-keygen
>> .br
>> Corosync Cluster Engine Authentication key generator.
>> .br
>> @@ -81,6 +85,13 @@ Gathering 1024 bits for key from /dev/random.
>> .br
>> Press keys on your keyboard to generate entropy.
>> .br
>> +.PP
>> +$ COROSYNC_TOTEM_AUTHKEY_FILE=/tmp/authkey corosync-keygen -l
>> +.br
>> +Corosync Cluster Engine Authentication key generator.
>> +.br
>> +Writing corosync key to /tmp/authkey.
>> +.br
>> .SH SEE ALSO
>> .BR corosync_overview (8),
>> .BR corosync.conf (5),
>> diff --git a/tools/corosync-keygen.c b/tools/corosync-keygen.c
>> index 71ea9d8..519e8d9 100644
>> --- a/tools/corosync-keygen.c
>> +++ b/tools/corosync-keygen.c
>> @@ -40,14 +40,13 @@
>> #include <unistd.h>
>> #include <fcntl.h>
>> #include <errno.h>
>> +#include <string.h>
>> #include <getopt.h>
>> #include <sys/types.h>
>> #include <sys/stat.h>
>>
>> #include <netinet/in.h>
>>
>> -#define KEYFILE COROSYSCONFDIR "/authkey"
>> -
>> static const char usage[] =
>> "Usage: corosync-keygen [-l]\n"
>> " -l / --less-secure - Use a less secure random number source\n"
>> @@ -60,6 +59,7 @@ int main (int argc, char *argv[])
>> {
>> int authkey_fd;
>> int random_fd;
>> + const char *keyfile = getenv("COROSYNC_TOTEM_AUTHKEY_FILE");
>> unsigned char key[128];
>> ssize_t res;
>> ssize_t bytes_read;
>> @@ -89,14 +89,18 @@ int main (int argc, char *argv[])
>> }
>>
>> printf ("Corosync Cluster Engine Authentication key generator.\n");
>> - if (geteuid() != 0) {
>> + if (geteuid() != 0 && !keyfile) {
>> printf ("Error: Authorization key must be generated as root user.\n");
>> exit (errno);
>> }
>> - if (mkdir (COROSYSCONFDIR, 0700)) {
>> - if (errno != EEXIST) {
>> - perror ("Failed to create directory: " COROSYSCONFDIR);
>> - exit (errno);
>> +
>> + if (!keyfile) {
>> + keyfile = COROSYSCONFDIR "/authkey";
>> + if (mkdir (COROSYSCONFDIR, 0700)) {
>> + if (errno != EEXIST) {
>> + perror ("Failed to create directory: " COROSYSCONFDIR);
>> + exit (errno);
>> + }
>> }
>> }
>>
>> @@ -134,37 +138,39 @@ retry_read:
>> /*
>> * Open key
>> */
>> - authkey_fd = open (KEYFILE, O_CREAT|O_WRONLY, 600);
>> + authkey_fd = open (keyfile, O_CREAT|O_WRONLY, 0600);
>> if (authkey_fd == -1) {
>> - perror ("Could not create " KEYFILE);
>> + fprintf (stderr, "Could not create %s: %s", keyfile, strerror(errno));
>> exit (errno);
>> }
>> /*
>> * Set security of authorization key to uid = 0 gid = 0 mode = 0400
>> */
>> - res = fchown (authkey_fd, 0, 0);
>> - if (res == -1) {
>> - perror ("Could not fchown key to uid 0 and gid 0\n");
>> - exit (errno);
>> + if (geteuid() == 0) {
>> + res = fchown (authkey_fd, 0, 0);
>> + if (res == -1) {
>> + perror ("Could not fchown key to uid 0 and gid 0\n");
>> + exit (errno);
>> + }
>> }
>> if (fchmod (authkey_fd, 0400)) {
>> perror ("Failed to set key file permissions to 0400\n");
>> exit (errno);
>> }
>>
>> - printf ("Writing corosync key to " KEYFILE ".\n");
>> + printf ("Writing corosync key to %s.\n", keyfile);
>>
>> /*
>> * Write key
>> */
>> res = write (authkey_fd, key, sizeof (key));
>> if (res != sizeof (key)) {
>> - perror ("Could not write " KEYFILE);
>> + fprintf (stderr, "Could not write %s: %s", keyfile, strerror(errno));
>> exit (errno);
>
> Please use err/errx (see errx(3)) instead of fprintf and exit (err does
> this in one function, and it's standard).
>
> Please DO not use errno as return code. Errno (potentially) can be >
> 127. Error code > 127 is used when signal arrived (this is not the case
> here).
>
> Regards,
> Honza
>
>
>> }
>>
>> if (close (authkey_fd)) {
>> - perror ("Could not write " KEYFILE);
>> + fprintf (stderr, "Could not write %s: %s", keyfile, strerror(errno));
>> exit (errno);
>> }
>>
>>
>
_______________________________________________
discuss mailing list
discuss@xxxxxxxxxxxx
http://lists.corosync.org/mailman/listinfo/discuss
