/
zOMGdev
/
glusterfs
GigaCode
beta
ОбзорЦентр заботыВойти

glusterfs

Форк
0
Ветки: 49Коммиты: 16797Теги: 580
glusterfs
/xlators
/protocol
/server
/src
/
authenticate.c 
247 строк · 6.2 Кб
1
/*
2
  Copyright (c) 2007-2013 Red Hat, Inc. <http://www.redhat.com>
3
  This file is part of GlusterFS.
4


5
  This file is licensed to you under your choice of the GNU Lesser
6
  General Public License, version 3 or any later version (LGPLv3 or
7
  later), or the GNU General Public License, version 2 (GPLv2), in all
8
  cases as published by the Free Software Foundation.
9
*/
10


11
#ifndef _GNU_SOURCE
12
#define _GNU_SOURCE
13
#endif
14


15
#include <stdio.h>
16
#include <dlfcn.h>
17
#include <errno.h>
18
#include "authenticate.h"
19
#include "server-messages.h"
20


21
static int
22
init(dict_t *this, char *key, data_t *value, void *data)
23
{
24
    void *handle = NULL;
25
    char *auth_file = NULL;
26
    auth_handle_t *auth_handle = NULL;
27
    auth_fn_t authenticate = NULL;
28
    int *error = NULL;
29
    int ret = 0;
30


31
    /* It gets over written */
32
    error = data;
33


34
    if (!strncasecmp(key, "ip", SLEN("ip"))) {
35
        gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
36
               "AUTHENTICATION MODULE "
37
               "\"IP\" HAS BEEN REPLACED BY \"ADDR\"");
38
        dict_set(this, key, data_from_dynptr(NULL, 0));
39
        /* TODO: 1.3.x backward compatibility */
40
        // *error = -1;
41
        // return;
42
        key = "addr";
43
    }
44


45
    /* Check if the authentication module has already been initialzied. */
46
    if ((dict_get_ptr(this, key, &handle) == 0) && (handle != NULL)) {
47
        return 0;
48
    }
49


50
    ret = gf_asprintf(&auth_file, "%s/%s.so", LIBDIR, key);
51
    if (-1 == ret) {
52
        dict_set(this, key, data_from_dynptr(NULL, 0));
53
        *error = -1;
54
        return -1;
55
    }
56


57
    handle = dlopen(auth_file, RTLD_LAZY);
58
    if (!handle) {
59
        gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
60
               "dlopen(%s): %s\n", auth_file, dlerror());
61
        dict_set(this, key, data_from_dynptr(NULL, 0));
62
        GF_FREE(auth_file);
63
        *error = -1;
64
        return -1;
65
    }
66
    GF_FREE(auth_file);
67


68
    authenticate = dlsym(handle, "gf_auth");
69
    if (!authenticate) {
70
        gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_AUTHENTICATE_ERROR,
71
               "dlsym(gf_auth) on %s\n", dlerror());
72
        dict_set(this, key, data_from_dynptr(NULL, 0));
73
        dlclose(handle);
74
        *error = -1;
75
        return -1;
76
    }
77


78
    auth_handle = GF_CALLOC(1, sizeof(*auth_handle),
79
                            gf_common_mt_auth_handle_t);
80
    if (!auth_handle) {
81
        dict_set(this, key, data_from_dynptr(NULL, 0));
82
        *error = -1;
83
        dlclose(handle);
84
        return -1;
85
    }
86


87
    auth_handle->given_opt = dlsym(handle, "options");
88
    if (auth_handle->given_opt == NULL) {
89
        gf_msg_debug("authenticate", 0,
90
                     "volume option validation "
91
                     "not specified");
92
    }
93


94
    auth_handle->authenticate = authenticate;
95
    auth_handle->handle = handle;
96


97
    dict_set(this, key, data_from_dynptr(auth_handle, sizeof(*auth_handle)));
98
    return 0;
99
}
100


101
static int
102
fini(dict_t *this, char *key, data_t *value, void *data)
103
{
104
    auth_handle_t *handle = data_to_ptr(value);
105


106
    if (handle) {
107
        dlclose(handle->handle);
108
    }
109
    return 0;
110
}
111


112
static int
113
_gf_auth_option_validate(dict_t *d, char *k, data_t *v, void *tmp)
114
{
115
    auth_handle_t *handle = NULL;
116
    xlator_t *xl = NULL;
117
    volume_opt_list_t *vol_opt;
118
    int ret = 0;
119


120
    xl = tmp;
121


122
    handle = data_to_ptr(v);
123
    if (!handle)
124
        return 0;
125


126
    /* TODO: This is very ineficient, but we must be sure that we aren't adding
127
     *       the same set of options more than once. */
128
    list_for_each_entry(vol_opt, &xl->volume_options, list) {
129
        if (vol_opt->given_opt == handle->given_opt) {
130
            goto validate;
131
        }
132
    }
133


134
    vol_opt = GF_CALLOC(1, sizeof(volume_opt_list_t),
135
                        gf_common_mt_volume_opt_list_t);
136
    if (!vol_opt) {
137
        return -1;
138
    }
139


140
    vol_opt->given_opt = handle->given_opt;
141
    list_add_tail(&vol_opt->list, &xl->volume_options);
142


143
validate:
144
    ret = xlator_options_validate_list(xl, xl->options, vol_opt, NULL);
145
    if (ret) {
146
        gf_msg("authenticate", GF_LOG_ERROR, 0, PS_MSG_VOL_VALIDATE_FAILED,
147
               "volume option validation "
148
               "failed");
149
        return -1;
150
    }
151
    return 0;
152
}
153


154
int32_t
155
gf_auth_init(xlator_t *xl, dict_t *auth_modules)
156
{
157
    int ret = 0;
158


159
    dict_foreach(auth_modules, init, &ret);
160
    if (ret)
161
        goto out;
162


163
    ret = dict_foreach(auth_modules, _gf_auth_option_validate, xl);
164


165
out:
166
    if (ret) {
167
        gf_msg(xl->name, GF_LOG_ERROR, 0, PS_MSG_AUTH_INIT_FAILED,
168
               "authentication init failed");
169
        dict_foreach(auth_modules, fini, &ret);
170
        ret = -1;
171
    }
172
    return ret;
173
}
174


175
typedef struct {
176
    dict_t *iparams;
177
    dict_t *cparams;
178
    int64_t result;
179
} gf_auth_args_t;
180


181
static int
182
gf_auth_one_method(dict_t *this, char *key, data_t *value, void *data)
183
{
184
    gf_auth_args_t *args = data;
185
    auth_handle_t *handle = NULL;
186


187
    if (!value) {
188
        return 0;
189
    }
190


191
    handle = data_to_ptr(value);
192
    if (!handle || !handle->authenticate) {
193
        return 0;
194
    }
195


196
    switch (handle->authenticate(args->iparams, args->cparams)) {
197
        case AUTH_ACCEPT:
198
            if (args->result != AUTH_REJECT) {
199
                args->result = AUTH_ACCEPT;
200
            }
201
            /* FALLTHROUGH */
202
        default:
203
            return 0;
204
        case AUTH_REJECT:
205
            args->result = AUTH_REJECT;
206
            return -1;
207
    }
208
}
209


210
auth_result_t
211
gf_authenticate(dict_t *input_params, dict_t *config_params,
212
                dict_t *auth_modules)
213
{
214
    char *name = NULL;
215
    data_t *peerinfo_data = NULL;
216
    gf_auth_args_t args;
217


218
    args.iparams = input_params;
219
    args.cparams = config_params;
220
    args.result = AUTH_DONT_CARE;
221


222
    dict_foreach(auth_modules, gf_auth_one_method, &args);
223


224
    if (AUTH_DONT_CARE == args.result) {
225
        peerinfo_data = dict_get(input_params, "peer-info-name");
226


227
        if (peerinfo_data) {
228
            name = peerinfo_data->data;
229
        }
230


231
        gf_msg("auth", GF_LOG_ERROR, 0, PS_MSG_REMOTE_CLIENT_REFUSED,
232
               "no authentication module is interested in "
233
               "accepting remote-client %s",
234
               name);
235
        args.result = AUTH_REJECT;
236
    }
237


238
    return args.result;
239
}
240


241
void
242
gf_auth_fini(dict_t *auth_modules)
243
{
244
    int32_t dummy;
245


246
    dict_foreach(auth_modules, fini, &dummy);
247
}
248

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.