int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
{
struct auth_glusterfs_parms_v2 au = {0,};
int ret = RPCSVC_AUTH_REJECT;
int i = 0;
if (!req)
return ret;
ret = xdr_to_glusterfs_auth_v2 (req->cred.authdata, &au);
if (ret == -1) {
gf_log ("", GF_LOG_WARNING,
"failed to decode glusterfs credentials");
ret = RPCSVC_AUTH_REJECT;
goto err;
}
req->pid = au.pid;
req->uid = au.uid;
req->gid = au.gid;
req->lk_owner.len = au.lk_owner.lk_owner_len;
req->auxgidcount = au.groups.groups_len;
if (req->auxgidcount > GF_MAX_AUX_GROUPS) {
gf_log ("", GF_LOG_WARNING,
"more than max aux gids found (%d) , truncating it "
"to %d and continuing", au.groups.groups_len,
GF_MAX_AUX_GROUPS);
req->auxgidcount = GF_MAX_AUX_GROUPS;
}
if (req->lk_owner.len > GF_MAX_LOCK_OWNER_LEN) {
gf_log ("", GF_LOG_WARNING,
"lkowner field > 1k, failing authentication");
ret = RPCSVC_AUTH_REJECT;
goto err;
}
for (i = 0; i < req->auxgidcount; ++i)
req->auxgids[i] = au.groups.groups_val[i];
for (i = 0; i < au.lk_owner.lk_owner_len; ++i)
req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i];
gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
", gid: %d, owner: %s",
req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
ret = RPCSVC_AUTH_ACCEPT;
err:
/* TODO: instead use alloca() for these variables */
if (au.groups.groups_val)
free (au.groups.groups_val);
if (au.lk_owner.lk_owner_val)
free (au.lk_owner.lk_owner_val);
return ret;
}
int auth_glusterfs_v2_authenticate (rpcsvc_request_t *req, void *priv)
{
struct auth_glusterfs_parms_v2 au = {0,};
int ret = RPCSVC_AUTH_REJECT;
int i = 0;
int max_groups = 0;
int max_lk_owner_len = 0;
if (!req)
return ret;
ret = xdr_to_glusterfs_auth_v2 (req->cred.authdata, &au);
if (ret == -1) {
gf_log ("", GF_LOG_WARNING,
"failed to decode glusterfs credentials");
ret = RPCSVC_AUTH_REJECT;
goto err;
}
req->pid = au.pid;
req->uid = au.uid;
req->gid = au.gid;
req->lk_owner.len = au.lk_owner.lk_owner_len;
req->auxgidcount = au.groups.groups_len;
/* the number of groups and size of lk_owner depend on each other */
max_groups = GF_AUTH_GLUSTERFS_MAX_GROUPS (req->lk_owner.len);
max_lk_owner_len = GF_AUTH_GLUSTERFS_MAX_LKOWNER (req->auxgidcount);
if (req->auxgidcount > max_groups) {
gf_log ("", GF_LOG_WARNING,
"more than max aux gids found (%d) , truncating it "
"to %d and continuing", au.groups.groups_len,
max_groups);
req->auxgidcount = max_groups;
}
if (req->lk_owner.len > max_lk_owner_len) {
gf_log ("", GF_LOG_WARNING,
"lkowner field to big (%d), depends on the number of "
"groups (%d), failing authentication",
req->lk_owner.len, req->auxgidcount);
ret = RPCSVC_AUTH_REJECT;
goto err;
}
if (req->auxgidcount > SMALL_GROUP_COUNT) {
req->auxgidlarge = GF_CALLOC(req->auxgidcount,
sizeof(req->auxgids[0]),
gf_common_mt_auxgids);
req->auxgids = req->auxgidlarge;
} else {
req->auxgids = req->auxgidsmall;
}
if (!req->auxgids) {
gf_log ("auth-glusterfs-v2", GF_LOG_WARNING,
"cannot allocate gid list");
ret = RPCSVC_AUTH_REJECT;
goto err;
}
for (i = 0; i < req->auxgidcount; ++i)
req->auxgids[i] = au.groups.groups_val[i];
for (i = 0; i < au.lk_owner.lk_owner_len; ++i)
req->lk_owner.data[i] = au.lk_owner.lk_owner_val[i];
gf_log (GF_RPCSVC, GF_LOG_TRACE, "Auth Info: pid: %u, uid: %d"
", gid: %d, owner: %s",
req->pid, req->uid, req->gid, lkowner_utoa (&req->lk_owner));
ret = RPCSVC_AUTH_ACCEPT;
err:
/* TODO: instead use alloca() for these variables */
free (au.groups.groups_val);
free (au.lk_owner.lk_owner_val);
return ret;
}
