18 #include <sys/types.h>
26 static int is_magic_value(
char *p);
27 static bool check_md5_hash(
char *hash,
char *value);
28 static void add_secret_params(gpointer key, gpointer value, gpointer user_data);
29 static char *read_local_file(
char *local_file);
31 #define MAX_VALUE_LEN 255
32 #define MAGIC "lrm://"
35 is_magic_value(
char *p)
37 return !strcmp(p,
MAGIC);
41 check_md5_hash(
char *hash,
char *value)
47 crm_debug(
"hash: %s, calculated hash: %s", hash, hash2);
56 read_local_file(
char *local_file)
58 FILE *fp = fopen(local_file,
"r");
63 if (errno != ENOENT) {
64 crm_perror(LOG_ERR,
"cannot open %s" , local_file);
70 crm_perror(LOG_ERR,
"cannot read %s", local_file);
77 for (p = buf + strlen(buf) - 1; (p >= buf) && isspace(*p); p--);
98 char local_file[FILENAME_MAX+1], *start_pname;
99 char hash_file[FILENAME_MAX+1], *hash;
100 GList *secret_params = NULL, *l;
101 char *key, *pvalue, *secret_value;
104 if (params == NULL) {
112 g_hash_table_foreach(params, add_secret_params, &secret_params);
113 if (secret_params == NULL) {
117 crm_debug(
"Replace secret parameters for resource %s", rsc_id);
119 if (snprintf(local_file, FILENAME_MAX, LRM_CIBSECRETS_DIR
"/%s/", rsc_id)
121 crm_err(
"Can't replace secret parameters for %s: file name size exceeded",
125 start_pname = local_file + strlen(local_file);
127 for (l = g_list_first(secret_params); l; l = g_list_next(l)) {
128 key = (
char *)(l->data);
129 pvalue = g_hash_table_lookup(params, key);
131 crm_err(
"odd, no parameter %s for rsc %s found now", key, rsc_id);
135 if ((strlen(key) + strlen(local_file)) >= FILENAME_MAX-2) {
136 crm_err(
"%s: parameter name %s too big", rsc_id, key);
141 strcpy(start_pname, key);
142 secret_value = read_local_file(local_file);
144 crm_err(
"secret for rsc %s parameter %s not found in %s",
145 rsc_id, key, LRM_CIBSECRETS_DIR);
150 strcpy(hash_file, local_file);
151 if (strlen(hash_file) + 5 > FILENAME_MAX) {
152 crm_err(
"cannot build such a long name "
153 "for the sign file: %s.sign", hash_file);
159 strcat(hash_file,
".sign");
160 hash = read_local_file(hash_file);
162 crm_err(
"md5 sum for rsc %s parameter %s "
163 "cannot be read from %s", rsc_id, key, hash_file);
168 }
else if (!check_md5_hash(hash, secret_value)) {
169 crm_err(
"md5 sum for rsc %s parameter %s "
170 "does not match", rsc_id, key);
178 g_hash_table_replace(params, strdup(key), secret_value);
180 g_list_free(secret_params);
185 add_secret_params(gpointer key, gpointer value, gpointer user_data)
187 GList **lp = (GList **)user_data;
189 if (is_magic_value((
char *)value)) {
190 *lp = g_list_append(*lp, (
char *)key);
int pcmk__substitute_secrets(const char *rsc_id, GHashTable *params)
#define crm_debug(fmt, args...)
#define crm_perror(level, fmt, args...)
Send a system error message to both the log and stderr.
#define crm_err(fmt, args...)
char * crm_md5sum(const char *buffer)