[Engine-patches] Change in ovirt-engine[master]: core: Encrypt CHAP credentials in the database

Tue, 16 Oct 2012 05:28:04 -0700 

Alon Bar-Lev has posted comments on this change.

Change subject: core: Encrypt CHAP credentials in the database
......................................................................


Patch Set 5: (3 inline comments)

....................................................
File backend/manager/dbscripts/upgrade/03_01_1440_encrypt_chap_password.sh
Line 16: execute_command "${CMD}" "${DATABASE}" "${SERVERNAME}" "${PORT}" > 
/dev/null
Line 17: 
Line 18: # get all connections that have a password configured
Line 19: CMD="select id, connection||' '||coalesce(iqn, '') as name, password 
from storage_server_connections where password is not null;"
Line 20: execute_command "${CMD}" "${DATABASE}" "${SERVERNAME}" "${PORT}" | 
while read line; do
to emulate -A consider:

 execute_command "${CMD}" "${DATABASE}" "${SERVERNAME}" "${PORT}" | \
   sed -e 's/^ *//' -e 's/ *$//' -e 's/ *| */|/g' | \
   while read line; do

And remove the above sed and use only cut here...
Line 21:     # filter lines that don't look like tuples: uuid | name | password
Line 22:     if echo "${line}" | grep -vq '^ *[a-fA-F0-9-]\{32,\} | [^|]\+ | '; 
then
Line 23:         continue
Line 24:     fi


Line 18: # get all connections that have a password configured
Line 19: CMD="select id, connection||' '||coalesce(iqn, '') as name, password 
from storage_server_connections where password is not null;"
Line 20: execute_command "${CMD}" "${DATABASE}" "${SERVERNAME}" "${PORT}" | 
while read line; do
Line 21:     # filter lines that don't look like tuples: uuid | name | password
Line 22:     if echo "${line}" | grep -vq '^ *[a-fA-F0-9-]\{32,\} | [^|]\+ | '; 
then
Hmmm.... I guess this is a common problem with all scripts, no?
Line 23:         continue
Line 24:     fi
Line 25: 
Line 26:     connId="$(get_field "${line}" "1")"


Line 29: 
Line 30:     if [ -n "${connId}" -a -n "${connPasswd}" ]; then
Line 31:         # encrypt the password
Line 32:         encryptedPasswd="$(echo -n "${connPasswd}" | /usr/bin/openssl 
rsautl -certin -inkey "${certificate}" -encrypt -pkcs | /usr/bin/openssl enc 
-a)"
Line 33:         if [ $? -ne 0 -o -z "${encryptedPasswd}" ]; then
Great!
Line 34:             # note that an empty password here indicates failure to 
encrypt
Line 35:             echo "Failed to encrypt connection ${connName} password. 
The password will remain unencrypted in the database until this is complete."
Line 36:         else
Line 37:             # update the password field for the given connection


--
To view, visit http://gerrit.ovirt.org/8344
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I15b4cba7418d9d818fb2fd69c708fdeb20942f9c
Gerrit-PatchSet: 5
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Greg Padgett <gpadg...@redhat.com>
Gerrit-Reviewer: Allon Mureinik <amure...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Ayal Baron <aba...@redhat.com>
Gerrit-Reviewer: Doron Fediuck <dfedi...@redhat.com>
Gerrit-Reviewer: Eduardo <ewars...@redhat.com>
Gerrit-Reviewer: Eli Mesika <emes...@redhat.com>
Gerrit-Reviewer: Federico Simoncelli <fsimo...@redhat.com>
Gerrit-Reviewer: Greg Padgett <gpadg...@redhat.com>
Gerrit-Reviewer: Liron Aravot <lara...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches

Reply via email to