From 5d48aba7b65dfad09bfc639e3434f03227b8bd50 Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever Date: Tue, 11 Apr 2017 16:41:33 +0530 Subject: create: support 'auth enable' option This patch add support to enable auth while create. The schematics of authentication setting for/while create, looks like $ gluster-block create block-test/sample-block ha 1 auth enable \ 192.168.0.105 1GiB --json-pretty { "IQN":"iqn.2016-12.org.gluster-block:dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "USERNAME":"dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "PASSWORD":"ae48635a-6902-454c-949a-f2ad0e056086", "PORTAL(S)":[ "192.168.0.105:3260" ], "RESULT":"SUCCESS" } Change-Id: Ib8f5ddd904cb879e0ee05f6a7c3c381c6615a0e4 Fixes: #5 Signed-off-by: Prasanna Kumar Kalever --- cli/gluster-block.c | 25 ++++++++++++++++-- rpc/block_svc_routines.c | 67 +++++++++++++++++++++++++++++++++++++++--------- rpc/rpcl/block.x | 3 +++ tests/basic.t | 12 +++++++++ 4 files changed, 93 insertions(+), 14 deletions(-) diff --git a/cli/gluster-block.c b/cli/gluster-block.c index 3020587..a980110 100644 --- a/cli/gluster-block.c +++ b/cli/gluster-block.c @@ -35,7 +35,8 @@ const char *argp_program_version = "" \ "in all cases as published by the Free Software Foundation."; #define GB_CREATE_HELP_STR "gluster-block create "\ - "[ha ] [--json*]" + "[ha ] [auth enable|disable] "\ + " [--json*]" #define GB_DELETE_HELP_STR "gluster-block delete [--json*]" #define GB_MODIFY_HELP_STR "gluster-block modify "\ @@ -182,7 +183,7 @@ glusterBlockHelp(void) " gluster-block [] [--json*]\n" "\n" "commands:\n" - " create [ha ] \n" + " create [ha ] [auth enable|disable] \n" " create block device.\n" "\n" " list \n" @@ -353,6 +354,26 @@ glusterBlockCreate(int argcount, char **options, int json) } } + if (argcount - optind >= 2) { /* atleast 2 needed */ + /* if auth given then collect boolean which is next by 'auth' arg */ + if (!strcmp(options[optind], "auth")) { + optind++; + if(strcmp (options[optind], "enable") == 0) { + cobj.auth_mode = 1; + } else if (strcmp (options[optind], "disable") == 0) { + cobj.auth_mode = 0; + } else { + MSG("%s\n", "argument to 'auth' doesn't seems to be right"); + MSG("%s\n", GB_CREATE_HELP_STR); + LOG("cli", GB_LOG_ERROR, "Create failed while parsing argument " + "to auth for <%s/%s>", + cobj.volume, cobj.block_name); + goto out; + } + optind++; + } + } + if (argcount - optind < 2) { /* left with servers and size so 2 */ MSG("%s\n", "Insufficient arguments for create"); MSG("%s\n", GB_CREATE_HELP_STR); diff --git a/rpc/block_svc_routines.c b/rpc/block_svc_routines.c index 8b3eaea..c3875c8 100644 --- a/rpc/block_svc_routines.c +++ b/rpc/block_svc_routines.c @@ -481,6 +481,10 @@ glusterBlockCreateRemote(void *data) GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume, ret, errMsg, out, "%s: CONFIGSUCCESS\n", args->addr); + if (cobj.auth_mode) { + GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume, + ret, errMsg, out, "%s: AUTHENFORCED\n", args->addr); + } out: if (!args->reply) { @@ -1059,6 +1063,7 @@ glusterBlockAuditRequest(struct glfs *glfs, for (i = 0; i < info->nhosts; i++) { switch (blockMetaStatusEnumParse(info->list[i]->status)) { case GB_CONFIG_SUCCESS: + case GB_AUTH_ENFORCED: successcnt++; break; case GB_CONFIG_INPROGRESS: @@ -1286,7 +1291,7 @@ blockResponse * block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp) { int ret = -1; - static blockModify mobj; + static blockModify mobj = {0}; static blockRemoteModifyResp *savereply = NULL; static blockResponse *reply = NULL; struct glfs *glfs; @@ -1421,13 +1426,15 @@ block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp) } void -blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, - char *errMsg, blockRemoteCreateResp *savereply, +blockCreateCliFormatResponse(blockCreateCli *blk, struct blockCreate *cobj, + int errCode, char *errMsg, + blockRemoteCreateResp *savereply, struct blockResponse *reply) { json_object *json_obj = NULL; json_object *json_array = NULL; char *tmp = NULL; + char *tmp2 = NULL; char *portals = NULL; int i = 0; @@ -1448,6 +1455,12 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, json_obj = json_object_new_object(); json_object_object_add(json_obj, "IQN", json_object_new_string(savereply->iqn)); + if (blk->auth_mode) { + json_object_object_add(json_obj, "USERNAME", + json_object_new_string(cobj->gbid)); + json_object_object_add(json_obj, "PASSWORD", + json_object_new_string(cobj->passwd)); + } json_array = json_object_new_array(); @@ -1511,12 +1524,21 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode, } } - GB_ASPRINTF(&reply->out, "IQN: %s\nPORTAL(S): %s\n%sRESULT: %s\n", - savereply->iqn, portals, tmp?tmp:"", errCode?"FAIL":"SUCCESS"); + if (blk->auth_mode) { + if (GB_ASPRINTF(&tmp2, "USERNAME: %s\nPASSWORD: %s\n", + cobj->gbid, cobj->passwd) == 1) { + goto out; + } + } + + GB_ASPRINTF(&reply->out, "IQN: %s\n%sPORTAL(S): %s\n%sRESULT: %s\n", + savereply->iqn, blk->auth_mode?tmp2:"", portals, tmp?tmp:"", + errCode?"FAIL":"SUCCESS"); } out: GB_FREE(tmp); + GB_FREE(tmp2); return; } @@ -1527,8 +1549,9 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) uuid_t uuid; blockRemoteCreateResp *savereply = NULL; char gbid[UUID_BUF_SIZE]; - static blockCreate cobj; - static blockResponse *reply; + char passwd[UUID_BUF_SIZE]; + struct blockCreate cobj = {0}; + struct blockResponse *reply; struct glfs *glfs = NULL; struct glfs_fd *lkfd = NULL; blockServerDefPtr list = NULL; @@ -1610,6 +1633,17 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) cobj.size = blk->size; strcpy(cobj.gbid, gbid); + if (blk->auth_mode) { + uuid_generate(uuid); + uuid_unparse(uuid, passwd); + + strcpy(cobj.passwd, passwd); + cobj.auth_mode = 1; + + GB_METAUPDATE_OR_GOTO(lock, glfs, blk->block_name, blk->volume, + errCode, errMsg, exist, "PASSWORD: %s\n", passwd); + } + errCode = glusterBlockCreateRemoteAsync(list, 0, blk->mpath, glfs, &cobj, &savereply); if (errCode) { @@ -1652,7 +1686,7 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp) } optfail: - blockCreateCliFormatResponse(blk, errCode, errMsg, savereply, reply); + blockCreateCliFormatResponse(blk, &cobj, errCode, errMsg, savereply, reply); GB_FREE(errMsg); blockServerDefFree(list); glfs_fini(glfs); @@ -1672,6 +1706,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) char *lun = NULL; char *portal = NULL; char *attr = NULL; + char *authcred = NULL; char *exec = NULL; blockResponse *reply = NULL; @@ -1716,16 +1751,23 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) goto out; } - if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s", + if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s %s", GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX, blk->gbid, - GB_TGCLI_ATTRIBUTES) == -1) { + blk->auth_mode?"authentication=1":"", GB_TGCLI_ATTRIBUTES) == -1) { goto out; } - if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s && %s", + if (blk->auth_mode && + GB_ASPRINTF(&authcred, "&& %s/%s%s/tpg1 set auth userid=%s " + "password=%s > %s", GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX, + blk->gbid, blk->gbid, blk->passwd, DEVNULLPATH) == -1) { + goto out; + } + + if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s %s && %s", GB_TGCLI_GLOBALS, backstore, iqn, lun, portal, attr, - GB_TGCLI_SAVE) == -1) { + blk->auth_mode?authcred:"", GB_TGCLI_SAVE) == -1) { goto out; } @@ -1753,6 +1795,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp) out: GB_FREE(exec); + GB_FREE(authcred); GB_FREE(attr); GB_FREE(portal); GB_FREE(lun); diff --git a/rpc/rpcl/block.x b/rpc/rpcl/block.x index df29542..ddf381d 100644 --- a/rpc/rpcl/block.x +++ b/rpc/rpcl/block.x @@ -18,8 +18,10 @@ struct blockCreate { char ipaddr[255]; char volume[255]; char gbid[127]; /* uuid */ + char passwd[127]; /* uuid */ u_quad_t size; char block_name[255]; + bool auth_mode; }; struct blockModify { @@ -34,6 +36,7 @@ struct blockCreateCli { char volume[255]; u_quad_t size; u_int mpath; /* HA request count */ + bool auth_mode; char block_name[255]; string block_hosts<>; enum JsonResponseFormat json_resp; diff --git a/tests/basic.t b/tests/basic.t index 6d8aa1a..3b8e677 100755 --- a/tests/basic.t +++ b/tests/basic.t @@ -94,6 +94,12 @@ TEST gluster-block modify ${VOLNAME}/${BLKNAME} auth disable # Block delete gluster-block delete ${VOLNAME}/${BLKNAME} +# Block create with auth set +TEST gluster-block create ${VOLNAME}/${BLKNAME} ha 1 auth enable ${HOST} 1GiB + +# Block delete +TEST gluster-block delete ${VOLNAME}/${BLKNAME} + echo -e "\n*** JSON responses ***\n" # Block create and expect json response @@ -111,4 +117,10 @@ TEST gluster-block info ${VOLNAME}/${BLKNAME} --json-pretty # Modify Block with auth disable and expect json response TEST gluster-block modify ${VOLNAME}/${BLKNAME} auth disable --json-pretty +# Block delete and expect json response +TEST gluster-block delete ${VOLNAME}/${BLKNAME} --json-pretty + +# Block create with auth set and expect json response +TEST gluster-block create ${VOLNAME}/${BLKNAME} ha 1 auth enable ${HOST} 1GiB --json-pretty + cleanup; -- cgit