int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv) { struct auth_glusterfs_parms_v2 au = {0,}; int ret = RPCSVC_AUTH_REJECT; int i = 0; if (!req) return ret; ret = xdr_to_glusterfs_auth_v2 (req->cred.authdata, &au); if (ret == -1) { gf_log ("", GF_LOG_WARNING, "failed to decode glusterfs credentials"); ret = RPCSVC_AUTH_REJECT; goto err; } req->pid = au.pid; req->uid = au.uid; req->gid = au.gid; req->lk_owner.len = au.lk_owner.lk_owner_len; req->auxgidcount = au.groups.groups_len; if (req->auxgidcount > GF_MAX_AUX_GROUPS) { gf_log ("", GF_LOG_WARNING, "more than max aux gids found (%d) , truncating it " "to %d and continuing", au.groups.groups_len, GF_MAX_AUX_GROUPS); req->auxgidcount = GF_MAX_AUX_GROUPS; } if (req->lk_owner.len > GF_MAX_LOCK_OWNER_LEN) { gf_log ("", GF_LOG_WARNING, "lkowner field > 1k, failing authentication"); ret = RPCSVC_AUTH_REJECT; goto err; } for (i = 0; i < req->auxgidcount; ++i) req->auxgids[i] = au.groups.groups_val[i]; for (i = 0; i < au.lk_owner.lk_owner_len; ++i) req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i]; gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d" ", gid: %d, owner: %s", req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner)); ret = RPCSVC_AUTH_ACCEPT; err: /* TODO: instead use alloca() for these variables */ if (au.groups.groups_val) free (au.groups.groups_val); if (au.lk_owner.lk_owner_val) free (au.lk_owner.lk_owner_val); return ret; }
int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv) { struct auth_glusterfs_parms_v2 au = {0,}; int ret = RPCSVC_AUTH_REJECT; int i = 0; int max_groups = 0; int max_lk_owner_len = 0; if (!req) return ret; ret = xdr_to_glusterfs_auth_v2 (req->cred.authdata, &au); if (ret == -1) { gf_log ("", GF_LOG_WARNING, "failed to decode glusterfs credentials"); ret = RPCSVC_AUTH_REJECT; goto err; } req->pid = au.pid; req->uid = au.uid; req->gid = au.gid; req->lk_owner.len = au.lk_owner.lk_owner_len; req->auxgidcount = au.groups.groups_len; /* the number of groups and size of lk_owner depend on each other */ max_groups = GF_AUTH_GLUSTERFS_MAX_GROUPS (req->lk_owner.len); max_lk_owner_len = GF_AUTH_GLUSTERFS_MAX_LKOWNER (req->auxgidcount); if (req->auxgidcount > max_groups) { gf_log ("", GF_LOG_WARNING, "more than max aux gids found (%d) , truncating it " "to %d and continuing", au.groups.groups_len, max_groups); req->auxgidcount = max_groups; } if (req->lk_owner.len > max_lk_owner_len) { gf_log ("", GF_LOG_WARNING, "lkowner field to big (%d), depends on the number of " "groups (%d), failing authentication", req->lk_owner.len, req->auxgidcount); ret = RPCSVC_AUTH_REJECT; goto err; } if (req->auxgidcount > SMALL_GROUP_COUNT) { req->auxgidlarge = GF_CALLOC(req->auxgidcount, sizeof(req->auxgids[0]), gf_common_mt_auxgids); req->auxgids = req->auxgidlarge; } else { req->auxgids = req->auxgidsmall; } if (!req->auxgids) { gf_log ("auth-glusterfs-v2", GF_LOG_WARNING, "cannot allocate gid list"); ret = RPCSVC_AUTH_REJECT; goto err; } for (i = 0; i < req->auxgidcount; ++i) req->auxgids[i] = au.groups.groups_val[i]; for (i = 0; i < au.lk_owner.lk_owner_len; ++i) req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i]; gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d" ", gid: %d, owner: %s", req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner)); ret = RPCSVC_AUTH_ACCEPT; err: /* TODO: instead use alloca() for these variables */ free (au.groups.groups_val); free (au.lk_owner.lk_owner_val); return ret; }