diff options
Diffstat (limited to 'auth')
-rw-r--r-- | auth/Makefile.am | 3 | ||||
-rw-r--r-- | auth/addr/Makefile.am | 3 | ||||
-rw-r--r-- | auth/addr/src/Makefile.am | 12 | ||||
-rw-r--r-- | auth/addr/src/addr.c | 224 | ||||
-rw-r--r-- | auth/login/Makefile.am | 3 | ||||
-rw-r--r-- | auth/login/src/Makefile.am | 13 | ||||
-rw-r--r-- | auth/login/src/login.c | 114 |
7 files changed, 0 insertions, 372 deletions
diff --git a/auth/Makefile.am b/auth/Makefile.am deleted file mode 100644 index 6bd54eee3..000000000 --- a/auth/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -SUBDIRS = addr login - -CLEANFILES = diff --git a/auth/addr/Makefile.am b/auth/addr/Makefile.am deleted file mode 100644 index d471a3f92..000000000 --- a/auth/addr/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -SUBDIRS = src - -CLEANFILES = diff --git a/auth/addr/src/Makefile.am b/auth/addr/src/Makefile.am deleted file mode 100644 index cca406151..000000000 --- a/auth/addr/src/Makefile.am +++ /dev/null @@ -1,12 +0,0 @@ -auth_LTLIBRARIES = addr.la -authdir = $(libdir)/glusterfs/$(PACKAGE_VERSION)/auth - -addr_la_LDFLAGS = -module -avoidversion - -addr_la_SOURCES = addr.c -addr_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la - -AM_CFLAGS = -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall -D$(GF_HOST_OS)\ - -I$(top_srcdir)/libglusterfs/src -shared -nostartfiles $(GF_CFLAGS) - -CLEANFILES = diff --git a/auth/addr/src/addr.c b/auth/addr/src/addr.c deleted file mode 100644 index a8803a39f..000000000 --- a/auth/addr/src/addr.c +++ /dev/null @@ -1,224 +0,0 @@ -/* - Copyright (c) 2007-2009 Gluster, Inc. <http://www.gluster.com> - This file is part of GlusterFS. - - GlusterFS is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3 of the License, - or (at your option) any later version. - - GlusterFS is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see - <http://www.gnu.org/licenses/>. -*/ - - -#ifndef _CONFIG_H -#define _CONFIG_H -#include "config.h" -#endif - -#include <fnmatch.h> -#include <sys/socket.h> -#include <netdb.h> -#include "authenticate.h" -#include "dict.h" - -#define ADDR_DELIMITER " ," -#define PRIVILEGED_PORT_CEILING 1024 - -#ifndef AF_INET_SDP -#define AF_INET_SDP 27 -#endif - -auth_result_t -gf_auth (dict_t *input_params, dict_t *config_params) -{ - int ret = 0; - char *name = NULL; - char *searchstr = NULL; - char peer_addr[UNIX_PATH_MAX]; - data_t *peer_info_data = NULL; - peer_info_t *peer_info = NULL; - data_t *allow_addr = NULL, *reject_addr = NULL; - char is_inet_sdp = 0; - - name = data_to_str (dict_get (input_params, "remote-subvolume")); - if (!name) { - gf_log ("authenticate/addr", - GF_LOG_ERROR, - "remote-subvolume not specified"); - return AUTH_DONT_CARE; - } - - ret = asprintf (&searchstr, "auth.addr.%s.allow", name); - if (-1 == ret) { - gf_log ("auth/addr", GF_LOG_ERROR, - "asprintf failed while setting search string"); - return AUTH_DONT_CARE; - } - allow_addr = dict_get (config_params, - searchstr); - free (searchstr); - - ret = asprintf (&searchstr, "auth.addr.%s.reject", name); - if (-1 == ret) { - gf_log ("auth/addr", GF_LOG_ERROR, - "asprintf failed while setting search string"); - return AUTH_DONT_CARE; - } - reject_addr = dict_get (config_params, - searchstr); - free (searchstr); - - if (!allow_addr) { - /* TODO: backword compatibility */ - ret = asprintf (&searchstr, "auth.ip.%s.allow", name); - if (-1 == ret) { - gf_log ("auth/addr", GF_LOG_ERROR, - "asprintf failed while setting search string"); - return AUTH_DONT_CARE; - } - allow_addr = dict_get (config_params, searchstr); - free (searchstr); - } - - if (!(allow_addr || reject_addr)) { - gf_log ("auth/addr", GF_LOG_DEBUG, - "none of the options auth.addr.%s.allow or " - "auth.addr.%s.reject specified, returning auth_dont_care", - name, name); - return AUTH_DONT_CARE; - } - - peer_info_data = dict_get (input_params, "peer-info"); - if (!peer_info_data) { - gf_log ("authenticate/addr", - GF_LOG_ERROR, - "peer-info not present"); - return AUTH_DONT_CARE; - } - - peer_info = data_to_ptr (peer_info_data); - - switch (((struct sockaddr *) &peer_info->sockaddr)->sa_family) - { - case AF_INET_SDP: - is_inet_sdp = 1; - ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET; - - case AF_INET: - case AF_INET6: - { - char *service; - uint16_t peer_port; - strcpy (peer_addr, peer_info->identifier); - service = strrchr (peer_addr, ':'); - *service = '\0'; - service ++; - - if (is_inet_sdp) { - ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP; - } - - peer_port = atoi (service); - if (peer_port >= PRIVILEGED_PORT_CEILING) { - gf_log ("auth/addr", GF_LOG_ERROR, - "client is bound to port %d which is not privileged", - peer_port); - return AUTH_DONT_CARE; - } - break; - - case AF_UNIX: - strcpy (peer_addr, peer_info->identifier); - break; - - default: - gf_log ("authenticate/addr", GF_LOG_ERROR, - "unknown address family %d", - ((struct sockaddr *) &peer_info->sockaddr)->sa_family); - return AUTH_DONT_CARE; - } - } - - if (reject_addr) { - char *addr_str = NULL; - char *tmp; - char *addr_cpy = strdup (reject_addr->data); - - addr_str = strtok_r (addr_cpy, ADDR_DELIMITER, &tmp); - - while (addr_str) { - char negate = 0, match =0; - gf_log (name, GF_LOG_DEBUG, - "rejected = \"%s\", received addr = \"%s\"", - addr_str, peer_addr); - if (addr_str[0] == '!') { - negate = 1; - addr_str++; - } - - match = fnmatch (addr_str, - peer_addr, - 0); - if (negate ? match : !match) { - free (addr_cpy); - return AUTH_REJECT; - } - addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); - } - free (addr_cpy); - } - - if (allow_addr) { - char *addr_str = NULL; - char *tmp; - char *addr_cpy = strdup (allow_addr->data); - - addr_str = strtok_r (addr_cpy, ADDR_DELIMITER, &tmp); - - while (addr_str) { - char negate = 0, match = 0; - gf_log (name, GF_LOG_DEBUG, - "allowed = \"%s\", received addr = \"%s\"", - addr_str, peer_addr); - if (addr_str[0] == '!') { - negate = 1; - addr_str++; - } - - match = fnmatch (addr_str, - peer_addr, - 0); - - if (negate ? match : !match) { - free (addr_cpy); - return AUTH_ACCEPT; - } - addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); - } - free (addr_cpy); - } - - return AUTH_DONT_CARE; -} - -struct volume_options options[] = { - { .key = {"auth.addr.*.allow"}, - .type = GF_OPTION_TYPE_ANY - }, - { .key = {"auth.addr.*.reject"}, - .type = GF_OPTION_TYPE_ANY - }, - /* Backword compatibility */ - { .key = {"auth.ip.*.allow"}, - .type = GF_OPTION_TYPE_ANY - }, - { .key = {NULL} } -}; diff --git a/auth/login/Makefile.am b/auth/login/Makefile.am deleted file mode 100644 index d471a3f92..000000000 --- a/auth/login/Makefile.am +++ /dev/null @@ -1,3 +0,0 @@ -SUBDIRS = src - -CLEANFILES = diff --git a/auth/login/src/Makefile.am b/auth/login/src/Makefile.am deleted file mode 100644 index eb7b990c2..000000000 --- a/auth/login/src/Makefile.am +++ /dev/null @@ -1,13 +0,0 @@ -auth_LTLIBRARIES = login.la -authdir = $(libdir)/glusterfs/$(PACKAGE_VERSION)/auth - -login_la_LDFLAGS = -module -avoidversion - -login_la_SOURCES = login.c -login_la_LIBADD = $(top_builddir)/libglusterfs/src/libglusterfs.la - - -AM_CFLAGS = -fPIC -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE -Wall -D$(GF_HOST_OS)\ - -I$(top_srcdir)/libglusterfs/src -shared -nostartfiles $(GF_CFLAGS) - -CLEANFILES = diff --git a/auth/login/src/login.c b/auth/login/src/login.c deleted file mode 100644 index 0c85292f7..000000000 --- a/auth/login/src/login.c +++ /dev/null @@ -1,114 +0,0 @@ -/* - Copyright (c) 2007-2009 Gluster, Inc. <http://www.gluster.com> - This file is part of GlusterFS. - - GlusterFS is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published - by the Free Software Foundation; either version 3 of the License, - or (at your option) any later version. - - GlusterFS is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see - <http://www.gnu.org/licenses/>. -*/ - -#ifndef _CONFIG_H -#define _CONFIG_H -#include "config.h" -#endif - -#include <fnmatch.h> -#include "authenticate.h" - -auth_result_t gf_auth (dict_t *input_params, dict_t *config_params) -{ - int ret = 0; - char *username = NULL, *password = NULL; - data_t *allow_user = NULL, *username_data = NULL, *password_data = NULL; - int32_t result = AUTH_DONT_CARE; - char *brick_name = NULL, *searchstr = NULL; - - username_data = dict_get (input_params, "username"); - if (!username_data) - return AUTH_DONT_CARE; - - username = data_to_str (username_data); - - password_data = dict_get (input_params, "password"); - if (!password_data) - return AUTH_DONT_CARE; - - password = data_to_str (password_data); - - brick_name = data_to_str (dict_get (input_params, "remote-subvolume")); - if (!brick_name) { - gf_log ("auth/login", - GF_LOG_ERROR, - "remote-subvolume not specified"); - return AUTH_REJECT; - } - - ret = asprintf (&searchstr, "auth.login.%s.allow", brick_name); - if (-1 == ret) { - gf_log ("auth/login", GF_LOG_ERROR, - "asprintf failed while setting search string"); - return AUTH_DONT_CARE; - } - - allow_user = dict_get (config_params, - searchstr); - free (searchstr); - - if (allow_user) { - char *username_str = NULL; - char *tmp; - char *username_cpy = strdup (allow_user->data); - - username_str = strtok_r (username_cpy, " ,", &tmp); - - while (username_str) { - data_t *passwd_data = NULL; - if (!fnmatch (username_str, - username, - 0)) { - ret = asprintf (&searchstr, "auth.login.%s.password", username); - if (-1 == ret) { - gf_log ("auth/login", GF_LOG_ERROR, - "asprintf failed while setting search string"); - return AUTH_DONT_CARE; - } - passwd_data = dict_get (config_params, searchstr); - FREE (searchstr); - - if (!passwd_data) { - gf_log ("auth/login", - GF_LOG_DEBUG, - "wrong username/password combination"); - result = AUTH_REJECT; - } - else - result = !strcmp (data_to_str (passwd_data), password) ? AUTH_ACCEPT : AUTH_REJECT; - break; - } - username_str = strtok_r (NULL, " ,", &tmp); - } - free (username_cpy); - } - - return result; -} - -struct volume_options options[] = { - { .key = {"auth.login.*.allow"}, - .type = GF_OPTION_TYPE_ANY - }, - { .key = {"auth.login.*.password"}, - .type = GF_OPTION_TYPE_ANY - }, - { .key = {NULL} } -}; |