[Pvfs2-cvs] commit by nlmills in pvfs2/src/common/misc:
pvfs2-debug.c pvfs2-util.c server-config.c server-config.h
CVS commit program
cvs at parl.clemson.edu
Fri May 21 17:38:16 EDT 2010
Update of /projects/cvsroot/pvfs2/src/common/misc
In directory parlweb1:/tmp/cvs-serv30601/src/common/misc
Modified Files:
Tag: cu-security-branch
pvfs2-debug.c pvfs2-util.c server-config.c server-config.h
Log Message:
removed anything and everything related to certificates
Index: pvfs2-debug.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/pvfs2-debug.c,v
diff -p -u -r1.51.4.5 -r1.51.4.6
--- pvfs2-debug.c 21 May 2010 17:34:06 -0000 1.51.4.5
+++ pvfs2-debug.c 21 May 2010 21:38:15 -0000 1.51.4.6
@@ -110,8 +110,6 @@ static __keyword_mask_t s_keyword_mask_m
{ "user_dev", GOSSIP_USER_DEV_DEBUG },
/* Debug security module */
{ "security", GOSSIP_SECURITY_DEBUG },
- /* Debug the getcred state machine */
- { "getcred", GOSSIP_GETCRED_DEBUG },
/* Debug the fsck tool */
{ "fsck", GOSSIP_FSCK_DEBUG },
/* Debug the bstream code */
Index: pvfs2-util.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/pvfs2-util.c,v
diff -p -u -r1.100.2.10 -r1.100.2.11
--- pvfs2-util.c 21 May 2010 17:34:06 -0000 1.100.2.10
+++ pvfs2-util.c 21 May 2010 21:38:15 -0000 1.100.2.11
@@ -286,111 +286,15 @@ int PVFS_util_gen_credentials_defaults(P
return ret;
}
-/* nlmills: WARNING: that damn mutex is held. fix that? */
+
int PVFS_util_gen_credential(PVFS_fs_id fsid,
PVFS_BMI_addr_t addr,
const char *certpath,
const char *keypath,
PVFS_credential *cred)
{
- FILE *certfile, *keyfile;
- char *certbuf, *keybuf;
- PVFS_sysresp_getcred sysresp;
- int ret;
-
- if (!certpath)
- {
- certpath = getenv("PVFS2CERT_FILE");
- if (!certpath)
- {
- certpath = PVFS2_DEFAULT_CERT_FILE;
- }
- }
-
- if (!keypath)
- {
- keypath = getenv("PVFS2KEY_FILE");
- if (!keypath)
- {
- keypath = PVFS2_DEFAULT_KEY_FILE;
- }
- }
-
- certfile = fopen(certpath, "rb");
- if (!certfile)
- {
- /* nlmills: TODO: error handling */
- return -PVFS_ERROR_CODE(errno);
- }
-
- keyfile = fopen(keypath, "rb");
- if (!keyfile)
- {
- /* nlmills: TODO: error handling */
- ret = -PVFS_ERROR_CODE(errno);
- fclose(certfile);
- return ret;
- }
-
- certbuf = calloc(PVFS_REQ_LIMIT_CERTIFICATE+1, 1);
- if (!certbuf)
- {
- /* nlmills: TODO: error handling */
- fclose(keyfile);
- fclose(certfile);
- return -PVFS_ENOMEM;
- }
-
- /* nlmills: TODO: figure out a max size for this buffer */
- keybuf = calloc(4096, 1);
- if (!keybuf)
- {
- /* nlmills: TODO: error handling */
- free(certbuf);
- fclose(keyfile);
- fclose(certfile);
- return -PVFS_ENOMEM;
- }
-
- fread(certbuf, 1, PVFS_REQ_LIMIT_CERTIFICATE, certfile);
- if (ferror(certfile))
- {
- /* nlmills: TODO: error handling */
- ret = -PVFS_ERROR_CODE(errno);
- free(keybuf);
- free(certbuf);
- fclose(keyfile);
- fclose(certfile);
- return ret;
- }
-
- /* nlmills: TODO: replace static size */
- fread(keybuf, 1, 4096, keyfile);
- if (ferror(keyfile))
- {
- /* nlmills: TODO: error handling */
- ret = -PVFS_ERROR_CODE(errno);
- free(keybuf);
- free(certbuf);
- fclose(keyfile);
- fclose(certfile);
- return ret;
- }
-
- ret = PVFS_sys_getcred(fsid, certbuf, keybuf, addr, &sysresp);
- if (ret >= 0)
- {
- *cred = sysresp.credential;
- }
-
- free(keybuf);
- free(certbuf);
- fclose(keyfile);
- fclose(certfile);
-
- /* nlmills: TODO: add last-ditch error handling */
-
- return ret;
+ /* nlmills: TODO: rewrite this function and relatives */
+ return -PVFS_ENOSYS;
}
PVFS_credential *PVFS_util_find_credential_by_fsid(PVFS_fs_id fsid,
Index: server-config.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/server-config.c,v
diff -p -u -r1.106.8.13 -r1.106.8.14
--- server-config.c 25 Aug 2009 17:56:02 -0000 1.106.8.13
+++ server-config.c 21 May 2010 21:38:15 -0000 1.106.8.14
@@ -113,11 +113,7 @@ static DOTCONF_CB(directio_ops_per_queue
static DOTCONF_CB(directio_timeout);
static DOTCONF_CB(get_key_store);
static DOTCONF_CB(get_server_key);
-static DOTCONF_CB(get_ca_bundle);
static DOTCONF_CB(get_security_timeout);
-static DOTCONF_CB(enter_mappings_context);
-static DOTCONF_CB(exit_mappings_context);
-static DOTCONF_CB(get_security_mapping);
static FUNC_ERRORHANDLER(errorhandler);
const char *contextchecker(command_t *cmd, unsigned long mask);
@@ -128,7 +124,6 @@ static int is_valid_handle_range_descrip
static void free_host_handle_mapping(void *ptr);
static void free_host_alias(void *ptr);
static void free_filesystem(void *ptr);
-static void free_security_mapping(void *ptr);
static void copy_filesystem(
struct filesystem_configuration_s *dest_fs,
struct filesystem_configuration_s *src_fs);
@@ -917,18 +912,9 @@ static const configoption_t options[] =
{"ServerKey", ARG_STR, get_server_key, NULL,
CTX_DEFAULTS|CTX_SERVER_OPTIONS, NULL},
- {"CABundle", ARG_STR, get_ca_bundle, NULL,
- CTX_DEFAULTS|CTX_SERVER_OPTIONS, NULL},
-
{"SecurityTimeout", ARG_INT, get_security_timeout, NULL,
CTX_DEFAULTS, "3600"},
- {"<Mappings>", ARG_NONE, enter_mappings_context, NULL, CTX_GLOBAL, NULL},
-
- {"</Mappings>", ARG_NONE, exit_mappings_context, NULL, CTX_MAPPINGS, NULL},
-
- {"Mapping", ARG_RAW, get_security_mapping, NULL, CTX_MAPPINGS, NULL},
-
LAST_OPTION
};
@@ -1064,12 +1050,6 @@ int PINT_parse_config(
return 1;
}
- if (server_alias_name && !config_s->cabundle_path)
- {
- gossip_err("Configuration file error. No CA bundle path specified.\n");
- return 1;
- }
-
return 0;
}
@@ -2658,21 +2638,6 @@ DOTCONF_CB(get_server_key)
return NULL;
}
-DOTCONF_CB(get_ca_bundle)
-{
- struct server_configuration_s *config_s =
- (struct server_configuration_s*)cmd->context;
- if (config_s->configuration_context == CTX_SERVER_OPTIONS &&
- config_s->my_server_options == 0)
- {
- return NULL;
- }
- free(config_s->cabundle_path);
- config_s->cabundle_path =
- (cmd->data.str ? strdup(cmd->data.str) : NULL);
- return NULL;
-}
-
DOTCONF_CB(get_security_timeout)
{
struct server_configuration_s *config_s =
@@ -2681,132 +2646,6 @@ DOTCONF_CB(get_security_timeout)
return NULL;
}
-DOTCONF_CB(enter_mappings_context)
-{
- struct server_configuration_s *config_s =
- (struct server_configuration_s *)cmd->context;
- config_s->configuration_context = CTX_MAPPINGS;
- return NULL;
-}
-
-DOTCONF_CB(exit_mappings_context)
-{
- struct server_configuration_s *config_s =
- (struct server_configuration_s *)cmd->context;
- config_s->configuration_context = CTX_GLOBAL;
- return NULL;
-}
-
-DOTCONF_CB(get_security_mapping)
-{
- struct server_configuration_s *config_s =
- (struct server_configuration_s*)cmd->context;
- const char *line = cmd->data.str;
- int len;
- int account, keyword, pattern;
- struct security_mapping_s *mapping;
- int i;
-
- len = strlen(line);
- mapping = malloc(sizeof(struct security_mapping_s));
- if (!mapping)
- {
- return strerror(errno);
- }
-
- for (account = 0; (account < len) && isspace(line[account]); account++);
- for (i = account+1; (i < len) && !isspace(line[i]); i++);
- if (i >= len)
- {
- free(mapping);
- return "Unable to parse account field in mapping\n";
- }
-
- mapping->account = malloc(i - account + 1);
- if (!mapping->account)
- {
- free(mapping);
- return strerror(errno);
- }
- strncpy(mapping->account, line + account, i - account);
- mapping->account[i-account] = '\0';
-
- for (keyword = i; (keyword < len) && isspace(line[keyword]); keyword++);
- for (i = keyword+1; (i < len) && !isspace(line[i]); i++);
- if (i >= len)
- {
- free(mapping->account);
- free(mapping);
- return "Unable to parse keyword field in mapping\n";
- }
-
- if (!strncasecmp(line+keyword, "Email", i-keyword))
- {
- mapping->keyword = SECURITY_KEYWORD_EMAIL;
- }
- else if (!strncasecmp(line+keyword, "EmailRegex", i-keyword))
- {
- mapping->keyword = SECURITY_KEYWORD_EMAIL_REGEX;
- }
- else if (!strncasecmp(line+keyword, "Subject", i-keyword))
- {
- mapping->keyword = SECURITY_KEYWORD_SUBJECT;
- }
- else if (!strncasecmp(line+keyword, "SubjectRegex", i-keyword))
- {
- mapping->keyword = SECURITY_KEYWORD_SUBJECT_REGEX;
- }
- else
- {
- free(mapping->account);
- free(mapping);
- return "Invalid or unrecognized keyword field\n";
- }
-
- for (pattern = i; (pattern < len) && isspace(line[pattern]); pattern++);
- if (pattern >= len)
- {
- free(mapping->account);
- free(mapping);
- return "Unable to parse pattern field in mapping\n";
- }
-
- if (line[len-1] == '\n')
- {
- i = len - 1;
- }
- else
- {
- i = len;
- }
-
- /* TODO: consider the effects of whitespace in regexps */
- mapping->pattern = malloc(i - pattern + 1);
- if (!mapping->pattern)
- {
- free(mapping->account);
- free(mapping);
- return strerror(errno);
- }
- strncpy(mapping->pattern, line + pattern, i - pattern);
- mapping->pattern[i-pattern] = '\0';
-
- if (!config_s->security_mappings)
- {
- config_s->security_mappings = PINT_llist_new();
- if (!config_s->security_mappings)
- {
- free(mapping->pattern);
- free(mapping->account);
- free(mapping);
- return strerror(errno);
- }
- }
- PINT_llist_add_to_tail(config_s->security_mappings, mapping);
-
- return NULL;
-}
-
/*
* Function: PINT_config_release
*
@@ -2922,15 +2761,6 @@ void PINT_config_release(struct server_c
config_s->keystore_path = NULL;
free(config_s->serverkey_path);
config_s->serverkey_path = NULL;
- free(config_s->cabundle_path);
- config_s->cabundle_path = NULL;
-
- if (config_s->security_mappings)
- {
- PINT_llist_free(config_s->security_mappings,free_security_mapping);
- config_s->security_mappings = NULL;
- }
-
}
}
@@ -3151,18 +2981,6 @@ static void free_filesystem(void *ptr)
}
free(fs);
fs = NULL;
- }
-}
-
-static void free_security_mapping(void *ptr)
-{
- security_mapping_s *mapping = (security_mapping_s*)ptr;
-
- if (mapping)
- {
- free(mapping->account);
- free(mapping->pattern);
- free(mapping);
}
}
Index: server-config.h
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/common/misc/server-config.h,v
diff -p -u -r1.60.8.7 -r1.60.8.8
--- server-config.h 25 Aug 2009 17:56:02 -0000 1.60.8.7
+++ server-config.h 21 May 2010 21:38:15 -0000 1.60.8.8
@@ -28,7 +28,6 @@ enum
CTX_SECURITY = (1 << 9),
CTX_EXPORT = (1 << 10),
CTX_SERVER_OPTIONS = (1 << 11),
- CTX_MAPPINGS = (1 << 12),
};
typedef struct phys_server_desc
@@ -133,13 +132,6 @@ enum security_keyword
SECURITY_KEYWORD_SUBJECT_REGEX,
};
-typedef struct security_mapping_s
-{
- char *account;
- enum security_keyword keyword;
- char *pattern;
-} security_mapping_s;
-
typedef struct server_configuration_s
{
char *host_id;
@@ -204,10 +196,8 @@ typedef struct server_configuration_s
char *keystore_path; /* location of trusted server public keys */
char *serverkey_path; /* location of server private key */
- char *cabundle_path; /* location of trusted CA bundle */
int security_timeout;
- PINT_llist *security_mappings; /* ptrs are type security_mapping_s */
void *private_data;
} server_configuration_s;
More information about the Pvfs2-cvs
mailing list