From 47dc8def246c6338cb95e71b4656962a5f74ee90 Mon Sep 17 00:00:00 2001
From: Anand Avati <avati@gluster.com>
Date: Wed, 14 Jul 2010 16:26:17 +0000
Subject: protocol/lib: rename files to standardized names and places

-  move xlators/protocol/lib/* to rpc/xdr/
-  rename CLI and glusterd XDR filenames
-  remove xlators/protocol/lib (libgfproto1.so)

Signed-off-by: Anand V. Avati <avati@blackhole.gluster.com>
Signed-off-by: Anand V. Avati <avati@dev.gluster.com>

BUG: 875 (Implement a new protocol to provide proper backward/forward compatibility)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=875
---
 xlators/protocol/server/src/authenticate.c | 249 +++++++++++++++++++++++++++++
 1 file changed, 249 insertions(+)
 create mode 100644 xlators/protocol/server/src/authenticate.c

(limited to 'xlators/protocol/server/src/authenticate.c')

diff --git a/xlators/protocol/server/src/authenticate.c b/xlators/protocol/server/src/authenticate.c
new file mode 100644
index 00000000000..5205b54df61
--- /dev/null
+++ b/xlators/protocol/server/src/authenticate.c
@@ -0,0 +1,249 @@
+/*
+  Copyright (c) 2007-2010 Gluster, Inc. <http://www.gluster.com>
+  This file is part of GlusterFS.
+
+  GlusterFS is free software; you can redistribute it and/or modify
+  it under the terms of the GNU General Public License as published
+  by the Free Software Foundation; either version 3 of the License,
+  or (at your option) any later version.
+
+  GlusterFS is distributed in the hope that it will be useful, but
+  WITHOUT ANY WARRANTY; without even the implied warranty of
+  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+  General Public License for more details.
+
+  You should have received a copy of the GNU General Public License
+  along with this program.  If not, see
+  <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _CONFIG_H
+#define _CONFIG_H
+#include "config.h"
+#endif
+
+#ifndef _GNU_SOURCE
+#define _GNU_SOURCE
+#endif
+
+#include <stdio.h>
+#include <dlfcn.h>
+#include <errno.h>
+#include "authenticate.h"
+
+static void
+init (dict_t *this,
+      char *key,
+      data_t *value,
+      void *data)
+{
+	void *handle = NULL;
+	char *auth_file = NULL;
+	auth_handle_t *auth_handle = NULL;
+	auth_fn_t authenticate = NULL;
+	int *error = NULL;
+        int  ret = 0;
+
+	/* It gets over written */
+	error = data;
+
+	if (!strncasecmp (key, "ip", strlen ("ip"))) {
+		gf_log ("authenticate", GF_LOG_ERROR,
+			"AUTHENTICATION MODULE \"IP\" HAS BEEN REPLACED "
+			"BY \"ADDR\"");
+		dict_set (this, key, data_from_dynptr (NULL, 0));
+		/* TODO: 1.3.x backword compatibility */
+		// *error = -1;
+		// return;
+		key = "addr";
+	}
+
+	ret = gf_asprintf (&auth_file, "%s/%s.so", LIBDIR, key);
+        if (-1 == ret) {
+                gf_log ("authenticate", GF_LOG_ERROR, "asprintf failed");
+                dict_set (this, key, data_from_dynptr (NULL, 0));
+                *error = -1;
+                return;
+        }
+
+	handle = dlopen (auth_file, RTLD_LAZY);
+	if (!handle) {
+		gf_log ("authenticate", GF_LOG_ERROR, "dlopen(%s): %s\n",
+			auth_file, dlerror ());
+		dict_set (this, key, data_from_dynptr (NULL, 0));
+		GF_FREE (auth_file);
+		*error = -1;
+		return;
+	}
+	GF_FREE (auth_file);
+
+	authenticate = dlsym (handle, "gf_auth");
+	if (!authenticate) {
+		gf_log ("authenticate", GF_LOG_ERROR,
+			"dlsym(gf_auth) on %s\n", dlerror ());
+		dict_set (this, key, data_from_dynptr (NULL, 0));
+		*error = -1;
+		return;
+	}
+
+	auth_handle = GF_CALLOC (1, sizeof (*auth_handle),
+                                 gf_common_mt_auth_handle_t);
+	if (!auth_handle) {
+		gf_log ("authenticate", GF_LOG_ERROR, "Out of memory");
+		dict_set (this, key, data_from_dynptr (NULL, 0));
+		*error = -1;
+		return;
+	}
+	auth_handle->vol_opt = GF_CALLOC (1, sizeof (volume_opt_list_t),
+                                       gf_common_mt_volume_opt_list_t);
+	auth_handle->vol_opt->given_opt = dlsym (handle, "options");
+	if (auth_handle->vol_opt->given_opt == NULL) {
+		gf_log ("authenticate", GF_LOG_DEBUG,
+			"volume option validation not specified");
+	}
+
+	auth_handle->authenticate = authenticate;
+	auth_handle->handle = handle;
+
+	dict_set (this, key,
+		  data_from_dynptr (auth_handle, sizeof (*auth_handle)));
+}
+
+static void
+fini (dict_t *this,
+      char *key,
+      data_t *value,
+      void *data)
+{
+	auth_handle_t *handle = data_to_ptr (value);
+	if (handle) {
+		dlclose (handle->handle);
+	}
+}
+
+int32_t
+gf_auth_init (xlator_t *xl, dict_t *auth_modules)
+{
+	int ret = 0;
+	auth_handle_t *handle = NULL;
+	data_pair_t *pair = NULL;
+	dict_foreach (auth_modules, init, &ret);
+	if (!ret) {
+		pair = auth_modules->members_list;
+		while (pair) {
+			handle = data_to_ptr (pair->value);
+			if (handle) {
+				list_add_tail (&(handle->vol_opt->list),
+					       &(xl->volume_options));
+				if (-1 ==
+				    validate_xlator_volume_options (xl,
+								    handle->vol_opt->given_opt)) {
+					gf_log ("authenticate", GF_LOG_ERROR,
+						"volume option validation "
+						"failed");
+					ret = -1;
+				}
+			}
+			pair = pair->next;
+		}
+	}
+	if (ret) {
+		gf_log (xl->name, GF_LOG_ERROR, "authentication init failed");
+		dict_foreach (auth_modules, fini, &ret);
+		ret = -1;
+	}
+	return ret;
+}
+
+static dict_t *__input_params;
+static dict_t *__config_params;
+
+void
+map (dict_t *this,
+     char *key,
+     data_t *value,
+     void *data)
+{
+	dict_t *res = data;
+	auth_fn_t authenticate;
+	auth_handle_t *handle = NULL;
+
+	if (value && (handle = data_to_ptr (value)) &&
+	    (authenticate = handle->authenticate)) {
+		dict_set (res, key,
+			  int_to_data (authenticate (__input_params,
+						     __config_params)));
+	} else {
+		dict_set (res, key, int_to_data (AUTH_DONT_CARE));
+	}
+}
+
+void
+reduce (dict_t *this,
+	char *key,
+	data_t *value,
+	void *data)
+{
+	int64_t val = 0;
+	int64_t *res = data;
+	if (!data)
+		return;
+
+	val = data_to_int64 (value);
+	switch (val)
+	{
+	case AUTH_ACCEPT:
+		if (AUTH_DONT_CARE == *res)
+			*res = AUTH_ACCEPT;
+		break;
+
+	case AUTH_REJECT:
+		*res = AUTH_REJECT;
+		break;
+
+	case AUTH_DONT_CARE:
+		break;
+	}
+}
+
+
+auth_result_t
+gf_authenticate (dict_t *input_params,
+		 dict_t *config_params,
+		 dict_t *auth_modules)
+{
+	dict_t *results = NULL;
+	int64_t result = AUTH_DONT_CARE;
+
+	results = get_new_dict ();
+	__input_params = input_params;
+	__config_params = config_params;
+
+	dict_foreach (auth_modules, map, results);
+
+	dict_foreach (results, reduce, &result);
+	if (AUTH_DONT_CARE == result) {
+		data_t *peerinfo_data = dict_get (input_params, "peer-info-name");
+		char *name = NULL;
+
+		if (peerinfo_data) {
+			name = peerinfo_data->data;
+		}
+
+		gf_log ("auth", GF_LOG_ERROR,
+			"no authentication module is interested in "
+			"accepting remote-client %s", name);
+		result = AUTH_REJECT;
+	}
+
+	dict_destroy (results);
+	return result;
+}
+
+void
+gf_auth_fini (dict_t *auth_modules)
+{
+	int32_t dummy;
+
+	dict_foreach (auth_modules, fini, &dummy);
+}
-- 
cgit