Fix to MXS-125: https://mariadb.atlassian.net/browse/MXS-125

Unified the usages of maxkeys and maxpasswd.

Documentation/Getting-Started/Configuration-Guide.md

@@ -1393,20 +1393,24 @@ In addition parameters may be added to define patterns to match against to eithe
 
 ## Encrypting Passwords
 
-Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/cache/maxscale`.
+Passwords stored in the maxscale.cnf file may optionally be encrypted for added security. This is done by creation of an encryption key on installation of MaxScale. Encryption keys may be created manually by executing the maxkeys utility with the argument of the filename to store the key. The default location MaxScale stores the keys is `/var/lib/maxscale`.
 
 ```
-maxkeys /var/cache/maxscale/.secrets
+ # Usage: maxkeys [PATH]
+maxkeys /var/lib/maxscale/
 ```
 
 Changing the encryption key for MaxScale will invalidate any currently encrypted keys stored in the maxscale.cnf file.
 
 ### Creating Encrypted Passwords
 
-Encrypted passwords are created by executing the maxpasswd command with the password you require to encrypt as an argument.
+Encrypted passwords are created by executing the maxpasswd command with the location of the .secrets file and the password you require to encrypt as an argument.
 
-    maxpasswd MaxScalePw001
-    61DD955512C39A4A8BC4BB1E5F116705
+```
+# Usage: maxpasswd PATH PASSWORD
+maxpasswd /var/lib/maxscale/ MaxScalePw001
+61DD955512C39A4A8BC4BB1E5F116705
+```
 
 The output of the maxpasswd command is a hexadecimal string, this should be inserted into the maxscale.cnf file in place of the ordinary, plain text, password. MaxScale will determine this as an encrypted password and automatically decrypt it before sending it the database server.
 

server/core/maxkeys.c

@@ -32,19 +32,24 @@
 #include <skygw_utils.h>
 #include <log_manager.h>
 #include <gwdirs.h>
+
 int main(int argc, char **argv)
 {
-    int arg_count = 6;
+    int arg_count = 4;
     char *home;
+    char *keyfile;
     char** arg_vector;
     int rval = 0;
 
-	if (argc != 2)
+	if (argc < 2)
 	{
-		fprintf(stderr, "Usage: %s <filename>\n", argv[0]);
-		return 1;
+	    keyfile = "/var/lib/maxscale/";
+	    fprintf(stderr, "Generating .secrets file in /var/lib/maxscale/ ...\n");
+	}
+	else
+	{
+	    keyfile = argv[1];
 	}
-
 	arg_vector = malloc(sizeof(char*)*(arg_count + 1));
 
 	if(arg_vector == NULL)
@@ -53,27 +58,16 @@ int main(int argc, char **argv)
 	    return 1;
 	}
 
-	if(access("/var/log/maxscale/maxkeys/",F_OK) != 0)
-	{
-            if(mkdir("/var/log/maxscale/maxkeys/",0777) == -1)
-            {
-		if(errno != EEXIST)
-		{
-		    fprintf(stderr,"Error: %d - %s",errno,strerror(errno));
-		    return 1;
-		}
-            }
-	}
-	arg_vector[0] = strdup("logmanager");
-	arg_vector[1] = strdup("-j");
-	arg_vector[2] = strdup("/var/log/maxscale/maxkeys");
-	arg_vector[3] = NULL;
+	arg_vector[0] = "logmanager";
+	arg_vector[1] = "-j";
+	arg_vector[2] = "/var/log/maxscale/maxkeys";
+	arg_vector[3] = "-o";
+	arg_vector[4] = NULL;
 	skygw_logmanager_init(arg_count,arg_vector);
-	free(arg_vector[2]);
 	free(arg_vector);
 
 
-	if (secrets_writeKeys(argv[1]))
+	if (secrets_writeKeys(keyfile))
 	{
 		fprintf(stderr, "Failed to encode the password\n");
 		rval = 1;

server/core/maxpasswd.c

@@ -46,9 +46,9 @@ main(int argc, char **argv)
     char** arg_vector;
     int rval = 0;
 
-	if (argc != 2)
+	if (argc != 3)
 	{
-		fprintf(stderr, "Usage: %s <password>\n", argv[0]);
+		fprintf(stderr, "Usage: %s <file> <password>\n", argv[0]);
 		return 1;
 	}
 
@@ -79,9 +79,9 @@ main(int argc, char **argv)
 		return 1;
 	}
 
-	strncpy(pw,argv[1],80);
+	strncpy(pw,argv[2],80);
 
-	if ((enc = encryptPassword(pw)) != NULL){
+	if ((enc = encryptPassword(argv[1],pw)) != NULL){
 		printf("%s\n", enc);
 	}else{
 		fprintf(stderr, "Failed to encode the password\n");

server/core/secrets.c

@@ -53,15 +53,14 @@ int i;
 }
 
 /**
- * secrets_readKeys
- *
- * This routine reads data from a binary file and extracts the AES encryption key
- * and the AES Init Vector
- *
+ * This routine reads data from a binary file named ".secrets" and extracts the AES encryption key
+ * and the AES Init Vector.
+ * If the path parameter is not null the custom path is interpreted as a folder
+ * containing the .secrets file. Otherwise the default location is used.
  * @return	The keys structure or NULL on error
  */
 static MAXKEYS *
-secrets_readKeys()
+secrets_readKeys(char* path)
 {
 char		secret_file[PATH_MAX+1];
 char		*home;
@@ -70,9 +69,10 @@ struct stat 	secret_stats;
 int		fd;
 int             len;
 static int	reported = 0;
-
-	snprintf(secret_file, PATH_MAX, "%s/.secrets", get_datadir());
-
+	if(path != NULL)
+	    snprintf(secret_file, PATH_MAX, "%s/.secrets", path);
+	else
+	    snprintf(secret_file, PATH_MAX, "%s/.secrets", get_datadir());
 	/* Try to access secrets file */
 	if (access(secret_file, R_OK) == -1) 
 	{
@@ -221,11 +221,14 @@ static int	reported = 0;
  * @param secret_file   The file with secret keys
  * @return 0 on success and 1 on failure
  */
-int secrets_writeKeys(char *secret_file)
+int secrets_writeKeys(char *path)
 {
 int				fd,randfd;
 unsigned int	randval;
 MAXKEYS			key;
+char secret_file[PATH_MAX + 10];
+
+	sprintf(secret_file,"%s/.secrets",path);
 
 	/* Open for writing | Create | Truncate the file for writing */
         if ((fd = open(secret_file, O_CREAT | O_WRONLY | O_TRUNC, S_IRUSR)) < 0)
@@ -328,7 +331,7 @@ char		*ptr;
 unsigned char	encrypted[80];
 int		enlen;
 
-	keys = secrets_readKeys();
+	keys = secrets_readKeys(NULL);
 	if (!keys)
 		return strdup(crypt);
 	/*
@@ -365,12 +368,12 @@ int		enlen;
  * Encrypt a password that can be stored in the MaxScale configuration file.
  *
  * Note the return is always a malloc'd string that the caller must free
- *
+ * @param path		Path the the .secrets file
  * @param password	The password to encrypt
  * @return	The encrypted password
  */
 char *
-encryptPassword(char *password)
+encryptPassword(char* path, char *password)
 {
 MAXKEYS		*keys;
 AES_KEY		aeskey;
@@ -379,7 +382,7 @@ char		*hex_output;
 unsigned char	padded_passwd[80];
 unsigned char	encrypted[80];
 
-	if ((keys = secrets_readKeys()) == NULL)
+	if ((keys = secrets_readKeys(path)) == NULL)
 		return NULL;
 
 	memset(padded_passwd, 0, 80);

server/include/secrets.h

@@ -53,5 +53,5 @@ typedef	struct maxkeys {
 
 extern int	secrets_writeKeys(char *filename);
 extern char	*decryptPassword(char *);
-extern char	*encryptPassword(char *);
+extern char	*encryptPassword(char*,char *);
 #endif