rpc/auth: allow SSL identity to be used for authorization

Access to a volume is now controlled by the following options, based on
whether SSL is enabled or not.

 * server.ssl-allow: get identity from certificate, no password needed

 * auth.allow: get identity and matching password from command line

It is not possible to allow both simultaneously, since the connection
itself is either using SSL or it isn't.

Change-Id: I5a5be66520f56778563d62f4b3ab35c66cc41ac0
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/3695
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

1 files changed, 7 insertions, 0 deletions

diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c
index 6b1a39936f4..98418e77893 100644
--- a/xlators/protocol/server/src/server-handshake.c
+++ b/xlators/protocol/server/src/server-handshake.c
@@ -450,6 +450,13 @@ server_setvolume (rpcsvc_request_t *req)
                 req->trans->xl_private = client;
 
         auth_set_username_passwd (params, config_params, client);
+        if (req->trans->ssl_name) {
+                if (dict_set_str(params,"ssl-name",req->trans->ssl_name) != 0) {
+                        gf_log (this->name, GF_LOG_WARNING,
+                                "failed to set ssl_name %s", req->trans->ssl_name);
+                        /* Not fatal, auth will just fail. */
+                }
+        }
 
         ret = dict_get_int32 (params, "fops-version", &fop_version);
         if (ret < 0) {