mirror of
https://github.com/s3fs-fuse/s3fs-fuse.git
synced 2024-12-23 01:08:54 +00:00
Revamped the read_passwd_file function to resolve issue #114
Add support for mulitple access id/secret access keys in passwd-s3fs file This change applies to any passwd-s3fs files. The format of the file is more robust, error checked and extended: - as before, any line beginning with # is ignored - any empty line is ignored - any non-ignored line which contains a space or tab is an error - any non-ignored line which does not contain a : separator is an error The format of the file is: [bucket:]AccessKeyId:SecretAccessKey The bucket can now be specified to allow for multiple credentials. A default entry is as before: AccessKeyId:SecretAccessKey Only one default entry is allowed, if more than one default entry is found, that is an error. A default entry is not required, if the bucket that is being mounted has its own entry. If the user's .passwd-s3fs file is present but credentials cannot be determined from it, then the system-wide /etc/passwd-s3fs will be consulted (if readable by the current user). This change is completely backward compatable with the existing scheme and has been well tested. git-svn-id: http://s3fs.googlecode.com/svn/trunk@229 df820570-a93a-0410-bd06-b72b767a4274
This commit is contained in:
parent
a80c900894
commit
cc2e440276
@ -1,7 +1,7 @@
|
||||
dnl Process this file with autoconf to produce a configure script.
|
||||
|
||||
AC_PREREQ(2.59)
|
||||
AC_INIT(s3fs, 1.10)
|
||||
AC_INIT(s3fs, 1.11)
|
||||
|
||||
|
||||
AC_CANONICAL_SYSTEM
|
||||
|
@ -1581,26 +1581,81 @@ static int s3fs_utimens(const char *path, const struct timespec ts[2]) {
|
||||
return put_headers(path, meta);
|
||||
}
|
||||
|
||||
// This function needs to be a little bit more
|
||||
// robust - add support for per bucket credentials
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// read_passwd_file
|
||||
//
|
||||
// Support for per bucket credentials
|
||||
//
|
||||
// Format for the credentials file:
|
||||
// [bucket:]AccessKeyId:SecretAccessKey
|
||||
//
|
||||
// Lines beginning with # are considered comments
|
||||
// and ignored, as are empty lines
|
||||
//
|
||||
// Uncommented lines without the ":" character are flagged as
|
||||
// an error, so are lines with spaces or tabs
|
||||
//
|
||||
// only one default key pair is allowed, but not required
|
||||
//////////////////////////////////////////////////////////////////
|
||||
static void read_passwd_file (void) {
|
||||
string line;
|
||||
string field1, field2, field3;
|
||||
size_t first_pos = string::npos;
|
||||
size_t last_pos = string::npos;
|
||||
bool default_found = 0;
|
||||
|
||||
ifstream PF(passwd_file.c_str());
|
||||
if (PF.good()) {
|
||||
while (getline(PF, line)) {
|
||||
if (line[0]=='#')
|
||||
if (line[0]=='#') {
|
||||
continue;
|
||||
}
|
||||
if (line.size() == 0) {
|
||||
continue;
|
||||
}
|
||||
|
||||
size_t pos = line.find(':');
|
||||
if (pos != string::npos) {
|
||||
if (AWSAccessKeyId.size() == 0) {
|
||||
AWSAccessKeyId = line.substr(0, pos);
|
||||
first_pos = line.find_first_of(" \t");
|
||||
if (first_pos != string::npos) {
|
||||
printf ("%s: invalid line in passwd file, found whitespace character\n",
|
||||
program_name.c_str());
|
||||
exit(1);
|
||||
}
|
||||
if (AWSSecretAccessKey.size() == 0) {
|
||||
if (line.substr(0, pos) == AWSAccessKeyId) {
|
||||
AWSSecretAccessKey = line.substr(pos + 1, string::npos);
|
||||
|
||||
first_pos = line.find_first_of(":");
|
||||
if (first_pos == string::npos) {
|
||||
printf ("%s: invalid line in passwd file, no \":\" separator found\n",
|
||||
program_name.c_str());
|
||||
exit(1);
|
||||
}
|
||||
last_pos = line.find_last_of(":");
|
||||
|
||||
if (first_pos != last_pos) {
|
||||
// bucket specified
|
||||
field1 = line.substr(0,first_pos);
|
||||
field2 = line.substr(first_pos + 1, last_pos - first_pos - 1);
|
||||
field3 = line.substr(last_pos + 1, string::npos);
|
||||
} else {
|
||||
// no bucket specified - original style - found default key
|
||||
if (default_found == 1) {
|
||||
printf ("%s: more than one default key pair found in passwd file\n",
|
||||
program_name.c_str());
|
||||
exit(1);
|
||||
}
|
||||
default_found = 1;
|
||||
field1.assign("");
|
||||
field2 = line.substr(0,first_pos);
|
||||
field3 = line.substr(first_pos + 1, string::npos);
|
||||
AWSAccessKeyId = field2;
|
||||
AWSSecretAccessKey = field3;
|
||||
}
|
||||
|
||||
// does the bucket we are mounting match this passwd file entry?
|
||||
// if so, use that key pair, otherwise use the default key, if found,
|
||||
// will be used
|
||||
if (field1.size() != 0 && field1 == bucket) {
|
||||
AWSAccessKeyId = field2;
|
||||
AWSSecretAccessKey = field3;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1677,9 +1732,14 @@ static void get_access_keys (void) {
|
||||
if (PF.good()) {
|
||||
PF.close();
|
||||
read_passwd_file();
|
||||
// It is possible that the user's file was there but
|
||||
// contained no key pairs i.e. commented out
|
||||
// in that case, go look in the final location
|
||||
if (AWSAccessKeyId.size() > 0 && AWSSecretAccessKey.size() > 0) {
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 5 - from the system default location
|
||||
passwd_file.assign("/etc/passwd-s3fs");
|
||||
@ -2017,11 +2077,12 @@ int main(int argc, char *argv[]) {
|
||||
program_name.c_str());
|
||||
exit(1);
|
||||
}
|
||||
// More error checking on the access key pair can be done
|
||||
// like checking for appropriate lengths and characters
|
||||
}
|
||||
|
||||
// There's room for more command line error checking
|
||||
|
||||
|
||||
s3fs_oper.getattr = s3fs_getattr;
|
||||
s3fs_oper.readlink = s3fs_readlink;
|
||||
s3fs_oper.mknod = s3fs_mknod;
|
||||
|
Loading…
Reference in New Issue
Block a user