summaryrefslogtreecommitdiffstats
path: root/xlators/protocol/server/src/authenticate.c
diff options
context:
space:
mode:
Diffstat (limited to 'xlators/protocol/server/src/authenticate.c')
-rw-r--r--xlators/protocol/server/src/authenticate.c387
1 files changed, 184 insertions, 203 deletions
diff --git a/xlators/protocol/server/src/authenticate.c b/xlators/protocol/server/src/authenticate.c
index d1cdebdee95..c1229f9ebf3 100644
--- a/xlators/protocol/server/src/authenticate.c
+++ b/xlators/protocol/server/src/authenticate.c
@@ -1,27 +1,13 @@
/*
- Copyright (c) 2007-2011 Gluster, Inc. <http://www.gluster.com>
+ Copyright (c) 2007-2013 Red Hat, Inc. <http://www.redhat.com>
This file is part of GlusterFS.
- GlusterFS is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
- by the Free Software Foundation; either version 3 of the License,
- or (at your option) any later version.
-
- GlusterFS is distributed in the hope that it will be useful, but
- WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see
- <http://www.gnu.org/licenses/>.
+ This file is licensed to you under your choice of the GNU Lesser
+ General Public License, version 3 or any later version (LGPLv3 or
+ later), or the GNU General Public License, version 2 (GPLv2), in all
+ cases as published by the Free Software Foundation.
*/
-#ifndef _CONFIG_H
-#define _CONFIG_H
-#include "config.h"
-#endif
-
#ifndef _GNU_SOURCE
#define _GNU_SOURCE
#endif
@@ -30,222 +16,217 @@
#include <dlfcn.h>
#include <errno.h>
#include "authenticate.h"
+#include "server-messages.h"
-static void
-init (dict_t *this, char *key, data_t *value, void *data)
+static int
+init(dict_t *this, char *key, data_t *value, void *data)
{
- void *handle = NULL;
- char *auth_file = NULL;
- auth_handle_t *auth_handle = NULL;
- auth_fn_t authenticate = NULL;
- int *error = NULL;
- int ret = 0;
-
- /* It gets over written */
- error = data;
-
- if (!strncasecmp (key, "ip", strlen ("ip"))) {
- gf_log ("authenticate", GF_LOG_ERROR,
- "AUTHENTICATION MODULE \"IP\" HAS BEEN REPLACED "
- "BY \"ADDR\"");
- dict_set (this, key, data_from_dynptr (NULL, 0));
- /* TODO: 1.3.x backword compatibility */
- // *error = -1;
- // return;
- key = "addr";
- }
-
- ret = gf_asprintf (&auth_file, "%s/%s.so", LIBDIR, key);
- if (-1 == ret) {
- dict_set (this, key, data_from_dynptr (NULL, 0));
- *error = -1;
- return;
- }
-
- handle = dlopen (auth_file, RTLD_LAZY);
- if (!handle) {
- gf_log ("authenticate", GF_LOG_ERROR, "dlopen(%s): %s\n",
- auth_file, dlerror ());
- dict_set (this, key, data_from_dynptr (NULL, 0));
- GF_FREE (auth_file);
- *error = -1;
- return;
- }
- GF_FREE (auth_file);
-
- authenticate = dlsym (handle, "gf_auth");
- if (!authenticate) {
- gf_log ("authenticate", GF_LOG_ERROR,
- "dlsym(gf_auth) on %s\n", dlerror ());
- dict_set (this, key, data_from_dynptr (NULL, 0));
- dlclose (handle);
- *error = -1;
- return;
- }
-
- auth_handle = GF_CALLOC (1, sizeof (*auth_handle),
- gf_common_mt_auth_handle_t);
- if (!auth_handle) {
- dict_set (this, key, data_from_dynptr (NULL, 0));
- *error = -1;
- dlclose (handle);
- return;
- }
- auth_handle->vol_opt = GF_CALLOC (1, sizeof (volume_opt_list_t),
- gf_common_mt_volume_opt_list_t);
- if (!auth_handle->vol_opt) {
- dict_set (this, key, data_from_dynptr (NULL, 0));
- *error = -1;
- GF_FREE (auth_handle);
- dlclose (handle);
- return;
- }
- auth_handle->vol_opt->given_opt = dlsym (handle, "options");
- if (auth_handle->vol_opt->given_opt == NULL) {
- gf_log ("authenticate", GF_LOG_DEBUG,
- "volume option validation not specified");
- }
-
- auth_handle->authenticate = authenticate;
- auth_handle->handle = handle;
+ void *handle = NULL;
+ char *auth_file = NULL;
+ auth_handle_t *auth_handle = NULL;
+ auth_fn_t authenticate = NULL;
+ int *error = NULL;
+ int ret = 0;
+
+ /* It gets over written */
+ error = data;
+
+ if (!strncasecmp(key, "ip", SLEN("ip"))) {
+ gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
+ "AUTHENTICATION MODULE "
+ "\"IP\" HAS BEEN REPLACED BY \"ADDR\"");
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ /* TODO: 1.3.x backward compatibility */
+ // *error = -1;
+ // return;
+ key = "addr";
+ }
+
+ ret = gf_asprintf(&auth_file, "%s/%s.so", LIBDIR, key);
+ if (-1 == ret) {
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ *error = -1;
+ return -1;
+ }
+
+ handle = dlopen(auth_file, RTLD_LAZY);
+ if (!handle) {
+ gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
+ "dlopen(%s): %s\n", auth_file, dlerror());
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ GF_FREE(auth_file);
+ *error = -1;
+ return -1;
+ }
+ GF_FREE(auth_file);
+
+ authenticate = dlsym(handle, "gf_auth");
+ if (!authenticate) {
+ gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
+ "dlsym(gf_auth) on %s\n", dlerror());
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ dlclose(handle);
+ *error = -1;
+ return -1;
+ }
+
+ auth_handle = GF_CALLOC(1, sizeof(*auth_handle),
+ gf_common_mt_auth_handle_t);
+ if (!auth_handle) {
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ *error = -1;
+ dlclose(handle);
+ return -1;
+ }
+ auth_handle->vol_opt = GF_CALLOC(1, sizeof(volume_opt_list_t),
+ gf_common_mt_volume_opt_list_t);
+ if (!auth_handle->vol_opt) {
+ dict_set(this, key, data_from_dynptr(NULL, 0));
+ *error = -1;
+ GF_FREE(auth_handle);
+ dlclose(handle);
+ return -1;
+ }
+ auth_handle->vol_opt->given_opt = dlsym(handle, "options");
+ if (auth_handle->vol_opt->given_opt == NULL) {
+ gf_msg_debug("authenticate", 0,
+ "volume option validation "
+ "not specified");
+ }
+
+ auth_handle->authenticate = authenticate;
+ auth_handle->handle = handle;
+
+ dict_set(this, key, data_from_dynptr(auth_handle, sizeof(*auth_handle)));
+ return 0;
+}
- dict_set (this, key,
- data_from_dynptr (auth_handle, sizeof (*auth_handle)));
+static int
+fini(dict_t *this, char *key, data_t *value, void *data)
+{
+ auth_handle_t *handle = data_to_ptr(value);
+ if (handle) {
+ dlclose(handle->handle);
+ }
+ return 0;
}
-static void
-fini (dict_t *this, char *key, data_t *value, void *data)
+static int
+_gf_auth_option_validate(dict_t *d, char *k, data_t *v, void *tmp)
{
- auth_handle_t *handle = data_to_ptr (value);
- if (handle) {
- dlclose (handle->handle);
- }
+ auth_handle_t *handle = NULL;
+ xlator_t *xl = NULL;
+ int ret = 0;
+
+ xl = tmp;
+
+ handle = data_to_ptr(v);
+ if (!handle)
+ return 0;
+
+ list_add_tail(&(handle->vol_opt->list), &(xl->volume_options));
+
+ ret = xlator_options_validate_list(xl, xl->options, handle->vol_opt, NULL);
+ if (ret) {
+ gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_VOL_VALIDATE_FAILED,
+ "volume option validation "
+ "failed");
+ return -1;
+ }
+ return 0;
}
int32_t
-gf_auth_init (xlator_t *xl, dict_t *auth_modules)
+gf_auth_init(xlator_t *xl, dict_t *auth_modules)
{
- int ret = 0;
- auth_handle_t *handle = NULL;
- data_pair_t *pair = NULL;
-
- dict_foreach (auth_modules, init, &ret);
- if (ret)
- goto out;
-
- pair = auth_modules->members_list;
- while (pair) {
- handle = data_to_ptr (pair->value);
- if (!handle) {
- pair = pair->next;
- continue;
- }
-
- list_add_tail (&(handle->vol_opt->list),
- &(xl->volume_options));
- ret = xlator_options_validate_list (xl, xl->options,
- handle->vol_opt, NULL);
-
- if (ret)
- gf_log ("authenticate", GF_LOG_ERROR,
- "volume option validation failed");
-
- pair = pair->next;
- }
+ int ret = 0;
+
+ dict_foreach(auth_modules, init, &ret);
+ if (ret)
+ goto out;
+
+ ret = dict_foreach(auth_modules, _gf_auth_option_validate, xl);
out:
- if (ret) {
- gf_log (xl->name, GF_LOG_ERROR, "authentication init failed");
- dict_foreach (auth_modules, fini, &ret);
- ret = -1;
- }
- return ret;
+ if (ret) {
+ gf_msg(xl->name, GF_LOG_ERROR, 0, PS_MSG_AUTH_INIT_FAILED,
+ "authentication init failed");
+ dict_foreach(auth_modules, fini, &ret);
+ ret = -1;
+ }
+ return ret;
}
-static dict_t *__input_params;
-static dict_t *__config_params;
+typedef struct {
+ dict_t *iparams;
+ dict_t *cparams;
+ int64_t result;
+} gf_auth_args_t;
-void
-map (dict_t *this, char *key, data_t *value, void *data)
+static int
+gf_auth_one_method(dict_t *this, char *key, data_t *value, void *data)
{
- dict_t *res = data;
- auth_fn_t authenticate;
- auth_handle_t *handle = NULL;
-
- if (value && (handle = data_to_ptr (value)) &&
- (authenticate = handle->authenticate)) {
- dict_set (res, key,
- int_to_data (authenticate (__input_params,
- __config_params)));
- } else {
- dict_set (res, key, int_to_data (AUTH_DONT_CARE));
- }
-}
+ gf_auth_args_t *args = data;
+ auth_handle_t *handle = NULL;
-void
-reduce (dict_t *this, char *key, data_t *value, void *data)
-{
- int64_t val = 0;
- int64_t *res = data;
- if (!data)
- return;
-
- val = data_to_int64 (value);
- switch (val)
- {
- case AUTH_ACCEPT:
- if (AUTH_DONT_CARE == *res)
- *res = AUTH_ACCEPT;
- break;
+ if (!value) {
+ return 0;
+ }
- case AUTH_REJECT:
- *res = AUTH_REJECT;
- break;
+ handle = data_to_ptr(value);
+ if (!handle || !handle->authenticate) {
+ return 0;
+ }
- case AUTH_DONT_CARE:
- break;
- }
+ switch (handle->authenticate(args->iparams, args->cparams)) {
+ case AUTH_ACCEPT:
+ if (args->result != AUTH_REJECT) {
+ args->result = AUTH_ACCEPT;
+ }
+ /* FALLTHROUGH */
+ default:
+ return 0;
+ case AUTH_REJECT:
+ args->result = AUTH_REJECT;
+ return -1;
+ }
}
-
auth_result_t
-gf_authenticate (dict_t *input_params,
- dict_t *config_params,
- dict_t *auth_modules)
+gf_authenticate(dict_t *input_params, dict_t *config_params,
+ dict_t *auth_modules)
{
- char *name = NULL;
- dict_t *results = NULL;
- int64_t result = AUTH_DONT_CARE;
- data_t *peerinfo_data = NULL;
+ char *name = NULL;
+ data_t *peerinfo_data = NULL;
+ gf_auth_args_t args;
- results = get_new_dict ();
- __input_params = input_params;
- __config_params = config_params;
+ args.iparams = input_params;
+ args.cparams = config_params;
+ args.result = AUTH_DONT_CARE;
- dict_foreach (auth_modules, map, results);
+ dict_foreach(auth_modules, gf_auth_one_method, &args);
- dict_foreach (results, reduce, &result);
- if (AUTH_DONT_CARE == result) {
- peerinfo_data = dict_get (input_params, "peer-info-name");
+ if (AUTH_DONT_CARE == args.result) {
+ peerinfo_data = dict_get(input_params, "peer-info-name");
- if (peerinfo_data) {
- name = peerinfo_data->data;
- }
-
- gf_log ("auth", GF_LOG_ERROR,
- "no authentication module is interested in "
- "accepting remote-client %s", name);
- result = AUTH_REJECT;
+ if (peerinfo_data) {
+ name = peerinfo_data->data;
}
- dict_destroy (results);
- return result;
+ gf_msg("auth", GF_LOG_ERROR, 0, PS_MSG_REMOTE_CLIENT_REFUSED,
+ "no authentication module is interested in "
+ "accepting remote-client %s",
+ name);
+ args.result = AUTH_REJECT;
+ }
+
+ return args.result;
}
void
-gf_auth_fini (dict_t *auth_modules)
+gf_auth_fini(dict_t *auth_modules)
{
- int32_t dummy;
+ int32_t dummy;
- dict_foreach (auth_modules, fini, &dummy);
+ dict_foreach(auth_modules, fini, &dummy);
}
generated by cgit (git 2.34.1) at 2025-12-28 19:26:27 +0000