This file is indexed.

/usr/bin/ceph-post-file is in ceph-common 12.2.4-0ubuntu1.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
#!/bin/bash -e

# If these files exist, assume we are a source install.
if [[ -f ../share/known_hosts_drop.ceph.com && -f ../share/id_rsa_drop.ceph.com ]]
    then # running from source install
       known_hosts=../share/known_hosts_drop.ceph.com
       ssh_key=../share/id_rsa_drop.ceph.com
    else # running from a pkg install
       known_hosts=/usr/share/ceph/known_hosts_drop.ceph.com
       ssh_key=/usr/share/ceph/id_rsa_drop.ceph.com
fi

function usage() {
    echo "Usage: $0 [options] file1 [dir2 ...]

Easily upload files or directories to ceph.com for analysis by Ceph
developers.

Each invocation uploads files or directories to a separate directory
with a unique tag.  That tag can be passed to a developer or
referenced in a bug report (http://tracker.ceph.com/).  Once the
upload completes, the directory is marked non-readable and
non-writeable to prevent access or modification by other users.

WARNING:
  Basic measures are taken to make posted data be visible only to
  developers with access to ceph.com infrastructure. However, users
  should think twice and/or take appropriate precautions before
  posting potentially sensitive data (for example, logs or data
  directories that contain Ceph secrets).

Options:
  -d|--description <desc>    Description for this post
                               [Default: none]
  -u|--user <user>           User identifier
                               [Default: \`whoami\`@\`hostname -f\`]
  -r|--remote <user@host>    Remote to upload to
                               [Default: postfile@drop.ceph.com]
  -k|--known_hosts <path>    known_hosts file
                               [Default: /usr/share/ceph/known_hosts_drop.ceph.com]
  -i <path>         Ssh identity file
                      [Default: /usr/share/ceph/id_rsa_drop.ceph.com]
  -h|--help         Show this usage information
"
}

if [ -z "$*" ]; then
    usage
    exit 1
fi

description=""
user="`whoami`@`hostname -f`"
remote="postfile@drop.ceph.com"

if [ `uname` = FreeBSD ]; then
  GETOPT=/usr/local/bin/getopt
else
  GETOPT=getopt
fi

ARGS=$(${GETOPT} -n "ceph-post-file" -o 'd:u:hk:i:r:' -l "description:,user:,help,known-hosts:,remote:" -- "$@")
eval set -- $ARGS

while true; do
	echo "args: $@"
	case $1 in
	    -d | --description)
		description="$2"
		shift
		shift
		;;
	    -u | --user)
		user="$2"
		shift
		shift
		;;
	    -h | --help)
		usage
		exit 0
		;;
	    -k | --known-hosts)
		known_hosts="$2"
		shift
		shift
		;;
	    -i)
		ssh_key="$2"
		shift
		shift
		;;
	    -r | --remote)
		remote="$2"
		shift
		shift
		;;
	    --)
		shift
		break
		;;
	esac
done

# this id should be shared
id=`uuidgen`
echo "$0: upload tag $id"

# this is secret goop we add to the directory so that $id is not
# enough to find the data using the shared user; only ceph developers
# who have access to the server and can read the post directory can
# find the uploaded data.
nonce=`uuidgen`

# stick the user info in the dir too
dir="${id}_${user}_${nonce}"

t1=$(mktemp) || exit
t2=$(mktemp) || exit
t3=$(mktemp) || exit
t4=$(mktemp) || exit
trap "rm -f -- '$t1' '$t2' '$t3' '$t4'" EXIT
cat > $t1 <<EOF
mkdir post/$dir
cd post/$dir
EOF

echo "$0: user: $user"
cat > $t3 <<EOF
$user
EOF
echo put $t3 user >> $t1

if [ -n "$description" ]; then
    echo "$0: description: $description"
    cat > $t2 <<EOF
$description
EOF
    echo put $t2 description >> $t1
fi

while [ -n "$*" ]; do
    if [ -d "$1" ]; then
	echo $0: will upload directory $1
	bn=`basename "$1"`
	cat >> $t1 <<EOF
mkdir $bn
put -r $1
EOF
    else
	echo $0: will upload file $1
	cat >> $t1 <<EOF
put $1
EOF
    fi
    shift
done

# no UserKnownHostsFile so that we don't try to record the IP hash key
# GlobalKnownHostsFile so that we are verifying that this is the real drop.ceph.com
# IdentitiesOnly=yes forces sftp to ignore any keys offered by ssh-agent

cp "$ssh_key" "$t4"
cp "${ssh_key}.pub" "$t4.pub"

sftp -o "IdentityFile=$t4" \
    -C \
    -oCheckHostIP=no \
    -oGlobalKnownHostsFile=$known_hosts \
    -oBatchMode=no \
    -oIdentitiesOnly=yes \
    -b $t1 -- $remote

echo "$0: copy the upload id below to share with a dev:

ceph-post-file: $id
"