From caa8a4ea50734378e7e19f70b39a837c58e9d229 Mon Sep 17 00:00:00 2001
From: Jeff Darcy <jdarcy@redhat.com>
Date: Thu, 17 Apr 2014 23:21:05 +0000
Subject: rpc/auth: allow SSL identity to be used for authorization

Access to a volume is now controlled by the following options, based on
whether SSL is enabled or not.

 * server.ssl-allow: get identity from certificate, no password needed

 * auth.allow: get identity and matching password from command line

It is not possible to allow both simultaneously, since the connection
itself is either using SSL or it isn't.

Change-Id: I5a5be66520f56778563d62f4b3ab35c66cc41ac0
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/3695
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/protocol/server/src/server-handshake.c | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'xlators/protocol/server/src/server-handshake.c')

diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c
index 6b1a39936f4..98418e77893 100644
--- a/xlators/protocol/server/src/server-handshake.c
+++ b/xlators/protocol/server/src/server-handshake.c
@@ -450,6 +450,13 @@ server_setvolume (rpcsvc_request_t *req)
                 req->trans->xl_private = client;
 
         auth_set_username_passwd (params, config_params, client);
+        if (req->trans->ssl_name) {
+                if (dict_set_str(params,"ssl-name",req->trans->ssl_name) != 0) {
+                        gf_log (this->name, GF_LOG_WARNING,
+                                "failed to set ssl_name %s", req->trans->ssl_name);
+                        /* Not fatal, auth will just fail. */
+                }
+        }
 
         ret = dict_get_int32 (params, "fops-version", &fop_version);
         if (ret < 0) {
-- 
cgit