[SSSD] [sssd PR#5643][synchronized] SECRETS: Resolve mkey path correctly

justin-stephenson Wed, 19 May 2021 08:59:20 -0700

   URL: https://github.com/SSSD/sssd/pull/5643
Author: justin-stephenson
 Title: #5643: SECRETS: Resolve mkey path correctly
Action: synchronized


To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5643/head:pr5643
git checkout pr5643

From 39e380a1864f1016e1ac5995ea0b8f11ac86f049 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstep...@redhat.com>
Date: Wed, 19 May 2021 10:54:52 -0400
Subject: [PATCH] SECRETS: Resolve mkey path correctly

Use the correct master key path for the secrets database,
fixing an issue on upgrade.
---
 src/tests/cmocka/test_kcm_renewals.c |  3 ++-
 src/util/secrets/secrets.c           | 10 ++++++----
 src/util/secrets/secrets.h           |  1 +
 3 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/tests/cmocka/test_kcm_renewals.c b/src/tests/cmocka/test_kcm_renewals.c
index f508bab005..53ce558be2 100644
--- a/src/tests/cmocka/test_kcm_renewals.c
+++ b/src/tests/cmocka/test_kcm_renewals.c
@@ -37,6 +37,7 @@
 #define TESTS_PATH "tp_" BASE_FILE_STEM
 #define TEST_CONF_DB "test_kcm_renewals_conf.ldb"
 #define TEST_DB_FULL_PATH  TESTS_PATH "/secrets.ldb"
+#define TEST_MKEY_FULL_PATH  TESTS_PATH "/.secrets.mkey"
 
 errno_t kcm_renew_all_tgts(TALLOC_CTX *mem_ctx,
                            struct kcm_renew_tgt_ctx *renew_tgt_ctx,
@@ -199,7 +200,7 @@ static void test_kcm_renewals_tgt(void **state)
     open(TEST_DB_FULL_PATH, O_CREAT|O_EXCL|O_WRONLY, 0600);
 
     ret = sss_sec_init_with_path(test_ctx->ccdb, NULL, TEST_DB_FULL_PATH,
-                                 &secdb->sctx);
+                                 TEST_MKEY_FULL_PATH, &secdb->sctx);
 
     /* Create renew ctx */
     renew_tgt_ctx = talloc_zero(test_ctx, struct kcm_renew_tgt_ctx);
diff --git a/src/util/secrets/secrets.c b/src/util/secrets/secrets.c
index 42df14aa9c..2801eb2426 100644
--- a/src/util/secrets/secrets.c
+++ b/src/util/secrets/secrets.c
@@ -634,13 +634,13 @@ static int generate_master_key(const char *filename, size_t size)
 }
 
 static errno_t lcl_read_mkey(TALLOC_CTX *mem_ctx,
-                             const char *dbpath,
+                             const char *mkeypath,
                              struct sss_sec_data *master_key)
 {
     int mfd;
     ssize_t size;
     errno_t ret;
-    const char *mkey = dbpath;
+    const char *mkey = mkeypath;
 
     master_key->data = talloc_size(mem_ctx, MKEY_SIZE);
     if (master_key->data == NULL) {
@@ -703,6 +703,7 @@ static int set_quotas(struct sss_sec_ctx *sec_ctx,
 errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,
                                struct sss_sec_hive_config **config_list,
                                const char *dbpath,
+                               const char *mkeypath,
                                struct sss_sec_ctx **_sec_ctx)
 {
     struct sss_sec_ctx *sec_ctx;
@@ -746,7 +747,7 @@ errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    ret = lcl_read_mkey(sec_ctx, dbpath, &sec_ctx->master_key);
+    ret = lcl_read_mkey(sec_ctx, mkeypath, &sec_ctx->master_key);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "Cannot get the master key\n");
         goto done;
@@ -764,9 +765,10 @@ errno_t sss_sec_init(TALLOC_CTX *mem_ctx,
                      struct sss_sec_ctx **_sec_ctx)
 {
     const char *dbpath = SECRETS_DB_PATH"/secrets.ldb";
+    const char *mkeypath = SECRETS_DB_PATH"/.secrets.mkey";
     errno_t ret;
 
-    ret = sss_sec_init_with_path(mem_ctx, config_list, dbpath, _sec_ctx);
+    ret = sss_sec_init_with_path(mem_ctx, config_list, dbpath, mkeypath, _sec_ctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize secdb [%d]: %s\n",
                                    ret, sss_strerror(ret));
diff --git a/src/util/secrets/secrets.h b/src/util/secrets/secrets.h
index a15b99ffec..958f0824b5 100644
--- a/src/util/secrets/secrets.h
+++ b/src/util/secrets/secrets.h
@@ -83,6 +83,7 @@ errno_t sss_sec_init(TALLOC_CTX *mem_ctx,
 errno_t sss_sec_init_with_path(TALLOC_CTX *mem_ctx,
                                struct sss_sec_hive_config **config_list,
                                const char *dbpath,
+                               const char *mkeypath,
                                struct sss_sec_ctx **_sec_ctx);
 
 errno_t sss_sec_new_req(TALLOC_CTX *mem_ctx,

_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/sssd-devel@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[SSSD] [sssd PR#5643][synchronized] SECRETS: Resolve mkey path correctly

Reply via email to