[Pvfs2-cvs] commit by sampson in
pvfs2/src/client/windows/client-service: config.c
dokan-interface.c ldap-support.c service-main.c user-cache.c
CVS commit program
cvs at parl.clemson.edu
Mon Jun 6 17:27:44 EDT 2011
Update of /projects/cvsroot/pvfs2/src/client/windows/client-service
In directory parlweb1:/tmp/cvs-serv2802/src/client/windows/client-service
Modified Files:
Tag: windows-client
config.c dokan-interface.c ldap-support.c service-main.c
user-cache.c
Log Message:
Windows LDAP support
Index: config.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/config.c,v
diff -p -u -r1.1.2.12 -r1.1.2.13
--- config.c 2 Jun 2011 21:34:50 -0000 1.1.2.12
+++ config.c 6 Jun 2011 21:27:44 -0000 1.1.2.13
@@ -228,7 +228,7 @@ static int parse_ldap_option(PORANGEFS_O
EAT_WS(p);
strncpy(options->ldap.bind_password, p, 32);
- options->ldap.bind_dn[31] = '\0';
+ options->ldap.bind_password[31] = '\0';
ret = strlen(p) > 0 ? 0 : -1;
}
@@ -317,18 +317,9 @@ parse_ldap_option_exit:
return ret;
}
-int get_config(PORANGEFS_OPTIONS options,
- char *error_msg,
- unsigned int error_msg_len)
+void set_defaults(PORANGEFS_OPTIONS options)
{
- FILE *config_file;
- char module_dir[MAX_PATH], line[256], copy[256], *token, *p;
- int ret = 0;
-
- config_file = open_config_file(error_msg, error_msg_len);
- if (config_file == NULL)
- /* config file is required */
- return -1;
+ char module_dir[MAX_PATH];
/* default CA path */
if (get_module_dir(module_dir) == 0)
@@ -344,6 +335,26 @@ int get_config(PORANGEFS_OPTIONS options
strcpy(options->ldap.uid_attr, "uidNumber");
strcpy(options->ldap.gid_attr, "gidNumber");
+ /* default mount point */
+ strcpy(options->mount_point, "Z:");
+
+}
+
+int get_config(PORANGEFS_OPTIONS options,
+ char *error_msg,
+ unsigned int error_msg_len)
+{
+ FILE *config_file;
+ char line[256], copy[256], *token, *p;
+ int ret = 0;
+
+ config_file = open_config_file(error_msg, error_msg_len);
+ if (config_file == NULL)
+ /* config file is required */
+ return -1;
+
+ set_defaults(options);
+
/* parse options from the file */
while (!feof(config_file))
{
@@ -368,23 +379,11 @@ int get_config(PORANGEFS_OPTIONS options
{
/* copy the remaining portion of the line
as the mount point */
- /*
- p = line + strlen(token);
- while (*p && (*p == ' ' || *p == '\t'))
- p++;
- if (*p)
- */
token = strtok(NULL, " \t");
strncpy(options->mount_point, token, MAX_PATH);
}
else if (!stricmp(token, "threads"))
{
- /*
- p = line + strlen(token);
- while (*p && (*p == ' ' || *p == '\t'))
- p++;
- if (*p)
- */
token = strtok(NULL, " \t");
options->threads = atoi(token);
}
@@ -500,14 +499,17 @@ int get_config(PORANGEFS_OPTIONS options
}
if (options->user_mode == USER_MODE_LDAP &&
- (strlen(options->ldap.bind_dn) == 0 ||
- strlen(options->ldap.host) == 0 ||
+ (strlen(options->ldap.host) == 0 ||
strlen(options->ldap.search_root) == 0))
{
_snprintf(error_msg, error_msg_len, "Missing ldap option: ldap-host, "
"ldap-bind-dn, or ldap-search-root\n");
ret = -1;
}
+
+ if (options->user_mode == USER_MODE_LDAP &&
+ options->ldap.port == 0)
+ options->ldap.port = options->ldap.secure ? 636 : 389;
get_config_exit:
Index: dokan-interface.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/dokan-interface.c,v
diff -p -u -r1.1.2.43 -r1.1.2.44
--- dokan-interface.c 1 Jun 2011 21:34:34 -0000 1.1.2.43
+++ dokan-interface.c 6 Jun 2011 21:27:44 -0000 1.1.2.44
@@ -15,6 +15,7 @@
#include "fs.h"
#include "cert.h"
#include "user-cache.h"
+#include "ldap-support.h"
FILE *g_DebugFile = NULL;
BOOL g_UseStdErr;
@@ -459,7 +460,17 @@ static int get_requestor_credentials(PDO
}
else /* user-mode == LDAP */
{
- /* TODO */
+ ret = get_ldap_credentials(user_name, credentials);
+ if (ret == 0)
+ {
+ add_user(user_name, credentials, NULL);
+ }
+ else
+ {
+ /* error reporting has been done through DbgPrint...
+ result is access denied */
+ ret = -ERROR_ACCESS_DENIED;
+ }
}
}
Index: ldap-support.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/ldap-support.c,v
diff -p -u -r1.1.2.1 -r1.1.2.2
--- ldap-support.c 2 Jun 2011 21:34:50 -0000 1.1.2.1
+++ ldap-support.c 6 Jun 2011 21:27:44 -0000 1.1.2.2
@@ -2,12 +2,21 @@
LDAP functions */
#include <Windows.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
#include <ldap.h>
#include <ldap_ssl.h>
#include "ldap-support.h"
+/* 15-second search timeout */
+struct timeval timeout = {15, 0};
+
+extern PORANGEFS_OPTIONS goptions;
+
/* initialize LDAP SSL */
int PVFS_ldap_init()
{
@@ -27,10 +36,178 @@ void PVFS_ldap_cleanup()
ldapssl_client_deinit();
}
+static int check_number(char *s)
+{
+ char *p = s;
+
+ if (s == NULL || *s == '\0')
+ return 0;
+ while (*p)
+ {
+ if (!isdigit(*p++))
+ return 0;
+ }
+
+ return 1;
+}
int get_ldap_credentials(char *userid,
PVFS_credentials *credentials)
{
- return 0;
+ LDAP *ld;
+ int version, ret = -1, bind_ret = 0;
+ char *bind_dn, *password, filter[384],
+ *attrs[3], *attr_name, **values;
+ LDAPMessage *results, *entry;
+ BerElement *ptr;
+
+ DbgPrint(" get_ldap_credentials: enter\n");
+
+ /* connect to LDAP - this will not be encrypted if
+ secure is not set */
+ ld = ldapssl_init(goptions->ldap.host, goptions->ldap.port,
+ goptions->ldap.secure);
+ if (ld == NULL)
+ {
+ DbgPrint(" get_ldap_credentials: ldapssl_init failed\n");
+ goto get_ldap_credentials_exit;
+ }
+
+ /* set the version */
+ version = LDAP_VERSION3;
+ ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &version);
+
+ /* connect to the LDAP host */
+ if (strlen(goptions->ldap.bind_dn) > 0)
+ {
+ bind_dn = goptions->ldap.bind_dn;
+ password = goptions->ldap.bind_password;
+ }
+ else
+ {
+ /* anonymous bind */
+ bind_dn = password = NULL;
+ }
+
+ bind_ret = ldap_simple_bind_s(ld, bind_dn, password);
+ if (bind_ret != 0)
+ {
+ DbgPrint(" get_ldap_credentials: bind failed: %s (%d)\n",
+ ldap_err2string(bind_ret), bind_ret);
+ goto get_ldap_credentials_exit;
+ }
+
+ /* construct the filter in the form
+ (&(objectClass={search-class})({naming-attr}={userid}))
+ */
+ _snprintf(filter, 384, "(&(objectClass=%s)(%s=%s))",
+ goptions->ldap.search_class,
+ goptions->ldap.naming_attr,
+ userid);
+
+ /* set to read uid and gid attrs */
+ attrs[0] = (char *) malloc(32);
+ attrs[1] = (char *) malloc(32);
+ strncpy(attrs[0], goptions->ldap.uid_attr, 32);
+ strncpy(attrs[1], goptions->ldap.gid_attr, 32);
+ attrs[2] = NULL;
+
+ DbgPrint(" get_ldap_credentials: search root: %s\n",
+ goptions->ldap.search_root);
+ DbgPrint(" get_ldap_credentials: search scope: %d\n",
+ goptions->ldap.search_scope);
+ DbgPrint(" get_ldap_credentials: filter: %s\n", filter);
+ DbgPrint(" get_ldap_credentials: attrs: %s/%s\n",
+ goptions->ldap.uid_attr, goptions->ldap.gid_attr);
+ ret = ldap_search_st(ld, goptions->ldap.search_root, goptions->ldap.search_scope,
+ filter, (char **) attrs, 0, &timeout, &results);
+
+ /* retrieve uid/gid values from results */
+ if (ret == 0)
+ {
+ credentials->uid = credentials->gid = -1;
+
+ if (results != NULL)
+ {
+ /* note: we only check the first entry */
+ entry = ldap_first_entry(ld, results);
+ if (entry != NULL)
+ {
+ attr_name = ldap_first_attribute(ld, entry, &ptr);
+ while (attr_name != NULL)
+ {
+ values = ldap_get_values(ld, entry, attr_name);
+ if (values != NULL)
+ {
+ if (check_number(values[0]))
+ {
+ if (!stricmp(attr_name, goptions->ldap.uid_attr))
+ credentials->uid = atoi(values[0]);
+ else if (!stricmp(attr_name, goptions->ldap.gid_attr))
+ credentials->gid = atoi(values[0]);
+ }
+ else
+ {
+ DbgPrint(" get_ldap_credentials: %s: not a number "
+ "(%s)\n", attr_name, values[0]);
+ ret = -1;
+ }
+
+ ldap_value_free(values);
+ }
+ else
+ {
+ DbgPrint(" get_ldap_credentials: %s: no values\n", attr_name);
+ ret = -1;
+ }
+
+ ldap_memfree(attr_name);
+
+ attr_name = ldap_next_attribute(ld, entry, ptr);
+ }
+ ber_free(ptr, 0);
+ }
+ else
+ {
+ ldap_get_option(ld, LDAP_OPT_RESULT_CODE, &ret);
+ DbgPrint(" get_ldap_credentials: no entries: %s (%d)\n",
+ ldap_err2string(ret), ret);
+ ret = -1;
+ }
+
+ ldap_msgfree(results);
+ }
+ else
+ {
+ DbgPrint(" get_ldap_credentials: no results\n");
+ ret = -1;
+ }
+ }
+ else
+ {
+ DbgPrint(" get_ldap_credentials: search: %s (%d)\n",
+ ldap_err2string(ret), ret);
+ }
+
+ free(attrs[0]);
+ free(attrs[1]);
+
+ if (ret == 0 && (credentials->uid == -1 || credentials->gid == -1))
+ {
+ DbgPrint(" ldap_get_credentials: credentials not found\n");
+ ret = -1;
+ }
+
+get_ldap_credentials_exit:
+
+ if (bind_ret != 0)
+ ret = bind_ret;
+
+ if (ld != NULL)
+ ldap_unbind_s(ld);
+
+ DbgPrint(" get_ldap_credentials: exit\n");
+
+ return ret;
}
Index: service-main.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/service-main.c,v
diff -p -u -r1.1.2.15 -r1.1.2.16
--- service-main.c 2 Jun 2011 21:34:50 -0000 1.1.2.15
+++ service-main.c 6 Jun 2011 21:27:44 -0000 1.1.2.16
@@ -47,7 +47,6 @@ FILE *debug_log = NULL;
extern struct qhash_table *user_cache;
extern gen_mutex_t user_cache_mutex;
-
PORANGEFS_OPTIONS goptions;
/* externs */
@@ -137,7 +136,7 @@ DWORD service_install()
SC_HANDLE sch_service;
SC_HANDLE sch_manager;
char *exe_path, *command;
- size_t size;
+ DWORD size;
int err;
/* Get location of executable */
@@ -374,6 +373,9 @@ void WINAPI service_main(DWORD argc, cha
/* stop cache thread */
cache_thread_stop();
+ /* LDAP cleanup */
+ PVFS_ldap_cleanup();
+
/* cleanup OpenSSL */
openssl_cleanup();
@@ -626,10 +628,6 @@ int main(int argc, char **argv, char **e
if (strlen(mount_point) > 0)
strcpy(options->mount_point, mount_point);
- /* use default mount point */
- if (strlen(options->mount_point) == 0)
- strcpy(options->mount_point, "Z:");
-
/* turn debug on if specified on command line */
if (debug)
options->debug = TRUE;
@@ -656,9 +654,9 @@ int main(int argc, char **argv, char **e
printf("main_loop exited: %d\n", err);
- gen_mutex_destroy(&user_cache_mutex);
-
cache_thread_stop();
+
+ gen_mutex_destroy(&user_cache_mutex);
main_exit:
Index: user-cache.c
===================================================================
RCS file: /projects/cvsroot/pvfs2/src/client/windows/client-service/Attic/user-cache.c,v
diff -p -u -r1.1.2.7 -r1.1.2.8
--- user-cache.c 27 May 2011 21:36:25 -0000 1.1.2.7
+++ user-cache.c 6 Jun 2011 21:27:44 -0000 1.1.2.8
@@ -60,8 +60,9 @@ int add_user(char *user_name,
gen_mutex_lock(&user_cache_mutex);
qhash_add(user_cache, &entry->user_name, &entry->hash_link);
- DbgPrint(" add_user: adding user %s (%u:%u) expires %s (entry %08x)\n",
- user_name, credentials->uid, credentials->gid, expires->data, entry);
+ DbgPrint(" add_user: adding user %s (%u:%u) expires %s\n",
+ user_name, credentials->uid, credentials->gid,
+ expires != NULL ? expires->data : "never");
gen_mutex_unlock(&user_cache_mutex);
return 0;
More information about the Pvfs2-cvs
mailing list