summaryrefslogtreecommitdiffstats
path: root/xlators/mgmt
diff options
context:
space:
mode:
authorJeff Darcy <jdarcy@redhat.com>2014-07-03 13:27:13 +0000
committerVijay Bellur <vbellur@redhat.com>2014-07-04 04:18:00 -0700
commit83c09b75a8fbc3a46fc0e76f805e061e949678f1 (patch)
tree75c91aef9f8af0aa2ea33e192ce6d029fb5c69e9 /xlators/mgmt
parent9a50211cdb3d6decac140a31a035bd6e145f5f2f (diff)
socket: add certificate-depth and cipher-list options for SSL
Change-Id: I82757f8461807301a4a4f28c4f5bf7f0ee315113 BUG: 1114604 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/8040 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Rajesh Joseph <rjoseph@redhat.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/mgmt')
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-volgen.c75
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-volgen.h3
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-volume-set.c12
3 files changed, 90 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index 777e69535df..6ab899a16cf 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -1661,6 +1661,25 @@ server_graph_builder (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
if (NULL == ptranst)
return -1;
+ if (dict_get_str (set_dict, SSL_CERT_DEPTH_OPT, &value) == 0) {
+ ret = xlator_set_option (rbxl, "ssl-cert-depth", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cert-depth");
+ return -1;
+ }
+ }
+
+ if (dict_get_str (set_dict, SSL_CIPHER_LIST_OPT, &value) == 0) {
+ ret = xlator_set_option (rbxl, "ssl-cipher-list",
+ value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cipher-list");
+ return -1;
+ }
+ }
+
if (username) {
ret = xlator_set_option (rbxl, "username", username);
if (ret)
@@ -1798,6 +1817,24 @@ server_graph_builder (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
return -1;
}
+ if (dict_get_str (set_dict, SSL_CERT_DEPTH_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cert-depth", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cert-depth");
+ return -1;
+ }
+ }
+
+ if (dict_get_str (set_dict, SSL_CIPHER_LIST_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cipher-list", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cipher-list");
+ return -1;
+ }
+ }
+
if (username) {
memset (key, 0, sizeof (key));
snprintf (key, sizeof (key), "auth.login.%s.allow", path);
@@ -2225,6 +2262,7 @@ volgen_graph_build_client (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
char *str = NULL;
char *ssl_str = NULL;
gf_boolean_t ssl_bool = _gf_false;
+ char *value = NULL;
GF_ASSERT (graph);
GF_ASSERT (subvol);
@@ -2289,6 +2327,24 @@ volgen_graph_build_client (volgen_graph_t *graph, glusterd_volinfo_t *volinfo,
}
}
+ if (dict_get_str (set_dict, SSL_CERT_DEPTH_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cert-depth", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cert-depth");
+ goto err;
+ }
+ }
+
+ if (dict_get_str (set_dict, SSL_CIPHER_LIST_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cipher-list", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cipher-list");
+ goto err;
+ }
+ }
+
return xl;
err:
return NULL;
@@ -4124,6 +4180,7 @@ glusterd_generate_snapd_volfile (volgen_graph_t *graph,
dict_t *set_dict = NULL;
char *loglevel = NULL;
char *xlator = NULL;
+ char *value = NULL;
set_dict = dict_copy (volinfo->dict, NULL);
if (!set_dict)
@@ -4167,6 +4224,24 @@ glusterd_generate_snapd_volfile (volgen_graph_t *graph,
if (ret)
return -1;
+ if (dict_get_str (set_dict, SSL_CERT_DEPTH_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cert-depth", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cert-depth");
+ return -1;
+ }
+ }
+
+ if (dict_get_str (set_dict, SSL_CIPHER_LIST_OPT, &value) == 0) {
+ ret = xlator_set_option (xl, "ssl-cipher-list", value);
+ if (ret) {
+ gf_log ("glusterd", GF_LOG_WARNING,
+ "failed to set ssl-cipher-list");
+ return -1;
+ }
+ }
+
username = glusterd_auth_get_username (volinfo);
passwd = glusterd_auth_get_password (volinfo);
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.h b/xlators/mgmt/glusterd/src/glusterd-volgen.h
index f4959f1e6c2..71b6a770fac 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.h
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.h
@@ -35,6 +35,9 @@
#define AUTH_REJECT_OPT_KEY "auth.addr.*.reject"
#define NFS_DISABLE_OPT_KEY "nfs.*.disable"
+#define SSL_CERT_DEPTH_OPT "ssl.certificate-depth"
+#define SSL_CIPHER_LIST_OPT "ssl.cipher-list"
+
typedef enum {
GF_CLIENT_TRUSTED,
diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
index 4a0a50dfe66..92ab3d1a3a3 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
@@ -970,6 +970,18 @@ struct volopt_map_entry glusterd_volopt_map[] = {
.op_version = GD_OP_VERSION_3_6_0,
},
+ /* Generic transport options */
+ { .key = SSL_CERT_DEPTH_OPT,
+ .voltype = "rpc-transport/socket",
+ .option = "!ssl-cert-depth",
+ .op_version = GD_OP_VERSION_3_6_0,
+ },
+ { .key = SSL_CIPHER_LIST_OPT,
+ .voltype = "rpc-transport/socket",
+ .option = "!ssl-cipher-list",
+ .op_version = GD_OP_VERSION_3_6_0,
+ },
+
/* Performance xlators enable/disbable options */
{ .key = "performance.write-behind",
.voltype = "performance/write-behind",