[Pvfs2-cvs] commit by nlmills in pvfs2/src/common/misc: pvfs2-debug.c pvfs2-util.c server-config.c server-config.h

CVS commit program cvs at parl.clemson.edu
Fri May 21 17:38:16 EDT 2010


Update of /projects/cvsroot/pvfs2/src/common/misc
In directory parlweb1:/tmp/cvs-serv30601/src/common/misc

Modified Files:
      Tag: cu-security-branch
	pvfs2-debug.c pvfs2-util.c server-config.c server-config.h 
Log Message:
removed anything and everything related to certificates


Index: pvfs2-debug.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/pvfs2-debug.c,v
diff -p -u -r1.51.4.5 -r1.51.4.6
--- pvfs2-debug.c	21 May 2010 17:34:06 -0000	1.51.4.5
+++ pvfs2-debug.c	21 May 2010 21:38:15 -0000	1.51.4.6
@@ -110,8 +110,6 @@ static __keyword_mask_t s_keyword_mask_m
     { "user_dev", GOSSIP_USER_DEV_DEBUG },
     /* Debug security module */
     { "security", GOSSIP_SECURITY_DEBUG },
-    /* Debug the getcred state machine */
-    { "getcred", GOSSIP_GETCRED_DEBUG },
     /* Debug the fsck tool */
     { "fsck", GOSSIP_FSCK_DEBUG },
     /* Debug the bstream code */

Index: pvfs2-util.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/pvfs2-util.c,v
diff -p -u -r1.100.2.10 -r1.100.2.11
--- pvfs2-util.c	21 May 2010 17:34:06 -0000	1.100.2.10
+++ pvfs2-util.c	21 May 2010 21:38:15 -0000	1.100.2.11
@@ -286,111 +286,15 @@ int PVFS_util_gen_credentials_defaults(P
     return ret;
 }
 
-/* nlmills: WARNING: that damn mutex is held. fix that? */
+
 int PVFS_util_gen_credential(PVFS_fs_id fsid,
                              PVFS_BMI_addr_t addr,
                              const char *certpath,
                              const char *keypath,
                              PVFS_credential *cred)
 {
-    FILE *certfile, *keyfile;
-    char *certbuf, *keybuf;
-    PVFS_sysresp_getcred sysresp;
-    int ret;
-
-    if (!certpath)
-    {
-        certpath = getenv("PVFS2CERT_FILE");
-        if (!certpath)
-        {
-            certpath = PVFS2_DEFAULT_CERT_FILE;
-        }
-    }
-
-    if (!keypath)
-    {
-        keypath = getenv("PVFS2KEY_FILE");
-        if (!keypath)
-        {
-            keypath = PVFS2_DEFAULT_KEY_FILE;
-        }
-    }
-
-    certfile = fopen(certpath, "rb");
-    if (!certfile)
-    {
-        /* nlmills: TODO: error handling */
-        return -PVFS_ERROR_CODE(errno);
-    }
-
-    keyfile = fopen(keypath, "rb");
-    if (!keyfile)
-    {
-        /* nlmills: TODO: error handling */
-        ret = -PVFS_ERROR_CODE(errno);
-        fclose(certfile);
-        return ret;
-    }
-
-    certbuf = calloc(PVFS_REQ_LIMIT_CERTIFICATE+1, 1);
-    if (!certbuf)
-    {
-        /* nlmills: TODO: error handling */
-        fclose(keyfile);
-        fclose(certfile);
-        return -PVFS_ENOMEM;
-    }
-
-    /* nlmills: TODO: figure out a max size for this buffer */
-    keybuf = calloc(4096, 1);
-    if (!keybuf)
-    {
-        /* nlmills: TODO: error handling */
-        free(certbuf);
-        fclose(keyfile);
-        fclose(certfile);
-        return -PVFS_ENOMEM;
-    }
-
-    fread(certbuf, 1, PVFS_REQ_LIMIT_CERTIFICATE, certfile);
-    if (ferror(certfile))
-    {
-        /* nlmills: TODO: error handling */
-        ret = -PVFS_ERROR_CODE(errno);
-        free(keybuf);
-        free(certbuf);
-        fclose(keyfile);
-        fclose(certfile);
-        return ret;
-    }
-
-    /* nlmills: TODO: replace static size */
-    fread(keybuf, 1, 4096, keyfile);
-    if (ferror(keyfile))
-    {
-        /* nlmills: TODO: error handling */
-        ret = -PVFS_ERROR_CODE(errno);
-        free(keybuf);
-        free(certbuf);
-        fclose(keyfile);
-        fclose(certfile);
-        return ret;
-    }
-
-    ret = PVFS_sys_getcred(fsid, certbuf, keybuf, addr, &sysresp);
-    if (ret >= 0)
-    {
-        *cred = sysresp.credential;
-    }
-
-    free(keybuf);
-    free(certbuf);
-    fclose(keyfile);
-    fclose(certfile);
-
-    /* nlmills: TODO: add last-ditch error handling */
-
-    return ret;
+    /* nlmills: TODO: rewrite this function and relatives */
+    return -PVFS_ENOSYS;
 }
 
 PVFS_credential *PVFS_util_find_credential_by_fsid(PVFS_fs_id fsid,

Index: server-config.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/server-config.c,v
diff -p -u -r1.106.8.13 -r1.106.8.14
--- server-config.c	25 Aug 2009 17:56:02 -0000	1.106.8.13
+++ server-config.c	21 May 2010 21:38:15 -0000	1.106.8.14
@@ -113,11 +113,7 @@ static DOTCONF_CB(directio_ops_per_queue
 static DOTCONF_CB(directio_timeout);
 static DOTCONF_CB(get_key_store);
 static DOTCONF_CB(get_server_key);
-static DOTCONF_CB(get_ca_bundle);
 static DOTCONF_CB(get_security_timeout);
-static DOTCONF_CB(enter_mappings_context);
-static DOTCONF_CB(exit_mappings_context);
-static DOTCONF_CB(get_security_mapping);
 
 static FUNC_ERRORHANDLER(errorhandler);
 const char *contextchecker(command_t *cmd, unsigned long mask);
@@ -128,7 +124,6 @@ static int is_valid_handle_range_descrip
 static void free_host_handle_mapping(void *ptr);
 static void free_host_alias(void *ptr);
 static void free_filesystem(void *ptr);
-static void free_security_mapping(void *ptr);
 static void copy_filesystem(
     struct filesystem_configuration_s *dest_fs,
     struct filesystem_configuration_s *src_fs);
@@ -917,18 +912,9 @@ static const configoption_t options[] =
     {"ServerKey", ARG_STR, get_server_key, NULL,
         CTX_DEFAULTS|CTX_SERVER_OPTIONS, NULL},
 
-    {"CABundle", ARG_STR, get_ca_bundle, NULL,
-        CTX_DEFAULTS|CTX_SERVER_OPTIONS, NULL},
-
     {"SecurityTimeout", ARG_INT, get_security_timeout, NULL,
         CTX_DEFAULTS, "3600"},
 
-    {"<Mappings>", ARG_NONE, enter_mappings_context, NULL, CTX_GLOBAL, NULL},
-
-    {"</Mappings>", ARG_NONE, exit_mappings_context, NULL, CTX_MAPPINGS, NULL},
-
-    {"Mapping", ARG_RAW, get_security_mapping, NULL, CTX_MAPPINGS, NULL},
-    
     LAST_OPTION
 };
 
@@ -1064,12 +1050,6 @@ int PINT_parse_config(
         return 1;
     }
 
-    if (server_alias_name && !config_s->cabundle_path)
-    {
-        gossip_err("Configuration file error. No CA bundle path specified.\n");
-        return 1;
-    }
-
     return 0;
 }
 
@@ -2658,21 +2638,6 @@ DOTCONF_CB(get_server_key)
     return NULL;
 }
 
-DOTCONF_CB(get_ca_bundle)
-{
-    struct server_configuration_s *config_s =
-        (struct server_configuration_s*)cmd->context;
-    if (config_s->configuration_context == CTX_SERVER_OPTIONS &&
-        config_s->my_server_options == 0)
-    {
-        return NULL;
-    }
-    free(config_s->cabundle_path);
-    config_s->cabundle_path =
-        (cmd->data.str ? strdup(cmd->data.str) : NULL);
-    return NULL;
-}
-
 DOTCONF_CB(get_security_timeout)
 {
     struct server_configuration_s *config_s = 
@@ -2681,132 +2646,6 @@ DOTCONF_CB(get_security_timeout)
     return NULL;
 }
 
-DOTCONF_CB(enter_mappings_context)
-{
-    struct server_configuration_s *config_s = 
-        (struct server_configuration_s *)cmd->context;
-    config_s->configuration_context = CTX_MAPPINGS;
-    return NULL;
-}
-
-DOTCONF_CB(exit_mappings_context)
-{
-    struct server_configuration_s *config_s = 
-        (struct server_configuration_s *)cmd->context;
-    config_s->configuration_context = CTX_GLOBAL;
-    return NULL;
-}
-
-DOTCONF_CB(get_security_mapping)
-{
-    struct server_configuration_s *config_s =
-        (struct server_configuration_s*)cmd->context;
-    const char *line = cmd->data.str;
-    int len;
-    int account, keyword, pattern;
-    struct security_mapping_s *mapping;
-    int i;
-    
-    len = strlen(line);
-    mapping = malloc(sizeof(struct security_mapping_s));
-    if (!mapping)
-    {
-        return strerror(errno);
-    }
-    
-    for (account = 0; (account < len) && isspace(line[account]); account++);
-    for (i = account+1; (i < len) && !isspace(line[i]); i++);
-    if (i >= len)
-    {
-        free(mapping);
-        return "Unable to parse account field in mapping\n";
-    }
-    
-    mapping->account = malloc(i - account + 1);
-    if (!mapping->account)
-    {
-        free(mapping);
-        return strerror(errno);
-    }
-    strncpy(mapping->account, line + account, i - account);
-    mapping->account[i-account] = '\0';
-    
-    for (keyword = i; (keyword < len) && isspace(line[keyword]); keyword++);
-    for (i = keyword+1; (i < len) && !isspace(line[i]); i++);
-    if (i >= len)
-    {
-        free(mapping->account);
-        free(mapping);
-        return "Unable to parse keyword field in mapping\n";
-    }
-    
-    if (!strncasecmp(line+keyword, "Email", i-keyword))
-    {
-        mapping->keyword = SECURITY_KEYWORD_EMAIL;
-    }
-    else if (!strncasecmp(line+keyword, "EmailRegex", i-keyword))
-    {
-        mapping->keyword = SECURITY_KEYWORD_EMAIL_REGEX;
-    }
-    else if (!strncasecmp(line+keyword, "Subject", i-keyword))
-    {
-        mapping->keyword = SECURITY_KEYWORD_SUBJECT;
-    }
-    else if (!strncasecmp(line+keyword, "SubjectRegex", i-keyword))
-    {
-        mapping->keyword = SECURITY_KEYWORD_SUBJECT_REGEX;
-    }
-    else
-    {
-        free(mapping->account);
-        free(mapping);
-        return "Invalid or unrecognized keyword field\n";
-    }
-    
-    for (pattern = i; (pattern < len) && isspace(line[pattern]); pattern++);
-    if (pattern >= len)
-    {
-        free(mapping->account);
-        free(mapping);
-        return "Unable to parse pattern field in mapping\n";
-    }
-    
-    if (line[len-1] == '\n')
-    {
-        i = len - 1;
-    }
-    else
-    {
-        i = len;
-    }
-    
-    /* TODO: consider the effects of whitespace in regexps */
-    mapping->pattern = malloc(i - pattern + 1);
-    if (!mapping->pattern)
-    {
-        free(mapping->account);
-        free(mapping);
-        return strerror(errno);
-    }
-    strncpy(mapping->pattern, line + pattern, i - pattern);
-    mapping->pattern[i-pattern] = '\0';
-    
-    if (!config_s->security_mappings)
-    {
-        config_s->security_mappings = PINT_llist_new();
-        if (!config_s->security_mappings)
-        {
-            free(mapping->pattern);
-            free(mapping->account);
-            free(mapping);
-            return strerror(errno);
-        }
-    }
-    PINT_llist_add_to_tail(config_s->security_mappings, mapping);
-    
-    return NULL;
-}
-
 /*
  * Function: PINT_config_release
  *
@@ -2922,15 +2761,6 @@ void PINT_config_release(struct server_c
         config_s->keystore_path = NULL;
         free(config_s->serverkey_path);
         config_s->serverkey_path = NULL;
-        free(config_s->cabundle_path);
-        config_s->cabundle_path = NULL;
-
-        if (config_s->security_mappings)
-        {
-            PINT_llist_free(config_s->security_mappings,free_security_mapping);
-            config_s->security_mappings = NULL;
-        }
-
     }
 }
 
@@ -3151,18 +2981,6 @@ static void free_filesystem(void *ptr)
         }
         free(fs);
         fs = NULL;
-    }
-}
-
-static void free_security_mapping(void *ptr)
-{
-    security_mapping_s *mapping = (security_mapping_s*)ptr;
-
-    if (mapping)
-    {
-        free(mapping->account);
-        free(mapping->pattern);
-        free(mapping);
     }
 }
 

Index: server-config.h
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/server-config.h,v
diff -p -u -r1.60.8.7 -r1.60.8.8
--- server-config.h	25 Aug 2009 17:56:02 -0000	1.60.8.7
+++ server-config.h	21 May 2010 21:38:15 -0000	1.60.8.8
@@ -28,7 +28,6 @@ enum
     CTX_SECURITY         = (1 << 9),
     CTX_EXPORT           = (1 << 10),
     CTX_SERVER_OPTIONS   = (1 << 11),
-    CTX_MAPPINGS         = (1 << 12),
 };
 
 typedef struct phys_server_desc
@@ -133,13 +132,6 @@ enum security_keyword
     SECURITY_KEYWORD_SUBJECT_REGEX,
 };
 
-typedef struct security_mapping_s
-{
-    char *account;
-    enum security_keyword keyword;
-    char *pattern;
-} security_mapping_s;
-
 typedef struct server_configuration_s
 {
     char *host_id;
@@ -204,10 +196,8 @@ typedef struct server_configuration_s
 	
     char *keystore_path;             /* location of trusted server public keys */
     char *serverkey_path;            /* location of server private key */
-    char *cabundle_path;             /* location of trusted CA bundle */
 
     int security_timeout;
-    PINT_llist *security_mappings;   /* ptrs are type security_mapping_s */
 
     void *private_data;
 } server_configuration_s;



More information about the Pvfs2-cvs mailing list