2
Copyright (c) 2007-2013 Red Hat, Inc. <http://www.redhat.com>
3
This file is part of GlusterFS.
5
This file is licensed to you under your choice of the GNU Lesser
6
General Public License, version 3 or any later version (LGPLv3 or
7
later), or the GNU General Public License, version 2 (GPLv2), in all
8
cases as published by the Free Software Foundation.
18
#include "authenticate.h"
19
#include "server-messages.h"
22
init(dict_t *this, char *key, data_t *value, void *data)
25
char *auth_file = NULL;
26
auth_handle_t *auth_handle = NULL;
27
auth_fn_t authenticate = NULL;
31
/* It gets over written */
34
if (!strncasecmp(key, "ip", SLEN("ip"))) {
35
gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
36
"AUTHENTICATION MODULE "
37
"\"IP\" HAS BEEN REPLACED BY \"ADDR\"");
38
dict_set(this, key, data_from_dynptr(NULL, 0));
39
/* TODO: 1.3.x backward compatibility */
45
/* Check if the authentication module has already been initialzied. */
46
if ((dict_get_ptr(this, key, &handle) == 0) && (handle != NULL)) {
50
ret = gf_asprintf(&auth_file, "%s/%s.so", LIBDIR, key);
52
dict_set(this, key, data_from_dynptr(NULL, 0));
57
handle = dlopen(auth_file, RTLD_LAZY);
59
gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
60
"dlopen(%s): %s\n", auth_file, dlerror());
61
dict_set(this, key, data_from_dynptr(NULL, 0));
68
authenticate = dlsym(handle, "gf_auth");
70
gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
71
"dlsym(gf_auth) on %s\n", dlerror());
72
dict_set(this, key, data_from_dynptr(NULL, 0));
78
auth_handle = GF_CALLOC(1, sizeof(*auth_handle),
79
gf_common_mt_auth_handle_t);
81
dict_set(this, key, data_from_dynptr(NULL, 0));
87
auth_handle->given_opt = dlsym(handle, "options");
88
if (auth_handle->given_opt == NULL) {
89
gf_msg_debug("authenticate", 0,
90
"volume option validation "
94
auth_handle->authenticate = authenticate;
95
auth_handle->handle = handle;
97
dict_set(this, key, data_from_dynptr(auth_handle, sizeof(*auth_handle)));
102
fini(dict_t *this, char *key, data_t *value, void *data)
104
auth_handle_t *handle = data_to_ptr(value);
107
dlclose(handle->handle);
113
_gf_auth_option_validate(dict_t *d, char *k, data_t *v, void *tmp)
115
auth_handle_t *handle = NULL;
117
volume_opt_list_t *vol_opt;
122
handle = data_to_ptr(v);
126
/* TODO: This is very ineficient, but we must be sure that we aren't adding
127
* the same set of options more than once. */
128
list_for_each_entry(vol_opt, &xl->volume_options, list) {
129
if (vol_opt->given_opt == handle->given_opt) {
134
vol_opt = GF_CALLOC(1, sizeof(volume_opt_list_t),
135
gf_common_mt_volume_opt_list_t);
140
vol_opt->given_opt = handle->given_opt;
141
list_add_tail(&vol_opt->list, &xl->volume_options);
144
ret = xlator_options_validate_list(xl, xl->options, vol_opt, NULL);
146
gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_VOL_VALIDATE_FAILED,
147
"volume option validation "
155
gf_auth_init(xlator_t *xl, dict_t *auth_modules)
159
dict_foreach(auth_modules, init, &ret);
163
ret = dict_foreach(auth_modules, _gf_auth_option_validate, xl);
167
gf_msg(xl->name, GF_LOG_ERROR, 0, PS_MSG_AUTH_INIT_FAILED,
168
"authentication init failed");
169
dict_foreach(auth_modules, fini, &ret);
182
gf_auth_one_method(dict_t *this, char *key, data_t *value, void *data)
184
gf_auth_args_t *args = data;
185
auth_handle_t *handle = NULL;
191
handle = data_to_ptr(value);
192
if (!handle || !handle->authenticate) {
196
switch (handle->authenticate(args->iparams, args->cparams)) {
198
if (args->result != AUTH_REJECT) {
199
args->result = AUTH_ACCEPT;
205
args->result = AUTH_REJECT;
211
gf_authenticate(dict_t *input_params, dict_t *config_params,
212
dict_t *auth_modules)
215
data_t *peerinfo_data = NULL;
218
args.iparams = input_params;
219
args.cparams = config_params;
220
args.result = AUTH_DONT_CARE;
222
dict_foreach(auth_modules, gf_auth_one_method, &args);
224
if (AUTH_DONT_CARE == args.result) {
225
peerinfo_data = dict_get(input_params, "peer-info-name");
228
name = peerinfo_data->data;
231
gf_msg("auth", GF_LOG_ERROR, 0, PS_MSG_REMOTE_CLIENT_REFUSED,
232
"no authentication module is interested in "
233
"accepting remote-client %s",
235
args.result = AUTH_REJECT;
242
gf_auth_fini(dict_t *auth_modules)
246
dict_foreach(auth_modules, fini, &dummy);