summaryrefslogtreecommitdiffstats
path: root/xlators/protocol/server/src/server-handshake.c
diff options
context:
space:
mode:
authorJeff Darcy <jdarcy@redhat.com>2014-04-17 23:21:05 +0000
committerVijay Bellur <vbellur@redhat.com>2014-07-02 02:47:05 -0700
commitcaa8a4ea50734378e7e19f70b39a837c58e9d229 (patch)
treea06a99e143a1dd8c99cc10e84e9d3bca72a63cf7 /xlators/protocol/server/src/server-handshake.c
parent831efecf927788f26b630cb82d5d6ff4af411a3d (diff)
rpc/auth: allow SSL identity to be used for authorization
Access to a volume is now controlled by the following options, based on whether SSL is enabled or not. * server.ssl-allow: get identity from certificate, no password needed * auth.allow: get identity and matching password from command line It is not possible to allow both simultaneously, since the connection itself is either using SSL or it isn't. Change-Id: I5a5be66520f56778563d62f4b3ab35c66cc41ac0 BUG: 1114604 Signed-off-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-on: http://review.gluster.org/3695 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/protocol/server/src/server-handshake.c')
-rw-r--r--xlators/protocol/server/src/server-handshake.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c
index 6b1a399..98418e7 100644
--- a/xlators/protocol/server/src/server-handshake.c
+++ b/xlators/protocol/server/src/server-handshake.c
@@ -450,6 +450,13 @@ server_setvolume (rpcsvc_request_t *req)
req->trans->xl_private = client;
auth_set_username_passwd (params, config_params, client);
+ if (req->trans->ssl_name) {
+ if (dict_set_str(params,"ssl-name",req->trans->ssl_name) != 0) {
+ gf_log (this->name, GF_LOG_WARNING,
+ "failed to set ssl_name %s", req->trans->ssl_name);
+ /* Not fatal, auth will just fail. */
+ }
+ }
ret = dict_get_int32 (params, "fops-version", &fop_version);
if (ret < 0) {