gluster/glusterfs
1
0
Fork 0
mirror of https://github.com/gluster/glusterfs.git synced 2026-02-05 06:47:35 +01:00
Code Issues Releases Wiki Activity

gfapi: Move the SECURE_ACCESS_FILE check out of glfs_mgmt_init

Browse Source 
glfs_mgmt_init is only called for glfs_set_volfile_server, but
secure_mgmt is also required to use glfs_set_volfile with SSL.

fixes: #829
Change-Id: Ibc769fe634d805e085232f85ce6e1c48bf4acc66
This commit is contained in:
Môshe van der Sterre
2020-09-28 06:12:32 +02:00
committed by MOHIT AGRAWAL
parent 773aaddc65
commit eb4b2cb003
5 changed files with 223 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/glfs-mgmt.c
View File

@@ -1013,11 +1013,6 @@ glfs_mgmt_init(struct glfs *fs)
if (ret)
goto out;
if (sys_access(SECURE_ACCESS_FILE, F_OK) == 0) {
ctx->secure_mgmt = 1;
ctx->ssl_cert_depth = glusterfs_read_secure_access_file();
}
rpc = rpc_clnt_new(options, THIS, THIS->name, 8);
if (!rpc) {
ret = -1;

5
api/src/glfs.c
View File

@@ -251,6 +251,11 @@ glfs_volumes_init(struct glfs *fs)
if (!vol_assigned(cmd_args))
return -1;
if (sys_access(SECURE_ACCESS_FILE, F_OK) == 0) {
fs->ctx->secure_mgmt = 1;
fs->ctx->ssl_cert_depth = glusterfs_read_secure_access_file();
}
if (cmd_args->volfile_server) {
ret = glfs_mgmt_init(fs);
goto out;

127
tests/basic/gfapi/gfapi-ssl-load-volfile-test.c Normal file
View File

@@ -0,0 +1,127 @@
#include <fcntl.h>
#include <unistd.h>
#include <time.h>
#include <limits.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <glusterfs/api/glfs.h>
#include <glusterfs/api/glfs-handles.h>
#define LOG_ERR(msg) \
do { \
fprintf(stderr, "%s : Error (%s)\n", msg, strerror(errno)); \
} while (0)
glfs_t *
init_glfs(const char *hostname, const char *volname, const char *volfile,
const char *logfile)
{
int ret = -1;
glfs_t *fs = NULL;
fs = glfs_new(volname);
if (!fs) {
LOG_ERR("glfs_new failed");
return NULL;
}
ret = glfs_set_volfile(fs, volfile);
if (ret < 0) {
LOG_ERR("glfs_set_volfile failed");
goto out;
}
ret = glfs_set_logging(fs, logfile, 7);
if (ret < 0) {
LOG_ERR("glfs_set_logging failed");
goto out;
}
ret = glfs_init(fs);
if (ret < 0) {
LOG_ERR("glfs_init failed");
goto out;
}
ret = 0;
out:
if (ret) {
glfs_fini(fs);
fs = NULL;
}
return fs;
}
int
glfs_test_function(const char *hostname, const char *volname,
const char *volfile, const char *logfile)
{
int ret = -1;
int flags = O_CREAT | O_RDWR;
glfs_t *fs = NULL;
glfs_fd_t *glfd = NULL;
const char *buff = "This is from my prog\n";
const char *filename = "glfs_test.txt";
fs = init_glfs(hostname, volname, volfile, logfile);
if (fs == NULL) {
LOG_ERR("init_glfs failed");
return -1;
}
glfd = glfs_creat(fs, filename, flags, 0644);
if (glfd == NULL) {
LOG_ERR("glfs_creat failed");
goto out;
}
ret = glfs_write(glfd, buff, strlen(buff), flags);
if (ret < 0) {
LOG_ERR("glfs_write failed");
goto out;
}
ret = glfs_close(glfd);
if (ret < 0) {
LOG_ERR("glfs_write failed");
goto out;
}
out:
ret = glfs_fini(fs);
if (ret) {
LOG_ERR("glfs_fini failed");
}
return ret;
}
int
main(int argc, char *argv[])
{
int ret = 0;
char *hostname = NULL;
char *volname = NULL;
char *volfile = NULL;
char *logfile = NULL;
if (argc != 5) {
fprintf(stderr, "Invalid argument\n");
exit(1);
}
hostname = argv[1];
volname = argv[2];
volfile = argv[3];
logfile = argv[4];
ret = glfs_test_function(hostname, volname, volfile, logfile);
if (ret) {
LOG_ERR("glfs_test_function failed");
}
return ret;
}

76
tests/basic/gfapi/gfapi-ssl-load-volfile-test.t Executable file
View File

@@ -0,0 +1,76 @@
#!/bin/bash
. $(dirname $0)/../../include.rc
. $(dirname $0)/../../volume.rc
. $(dirname $0)/../../traps.rc
. $(dirname $0)/../../ssl.rc
cleanup;
sed -e "s,@@HOSTNAME@@,${H0},g" -e "s,@@BRICKPATH@@,${B0}/brick1,g" \
-e "s,@@SSL@@,off,g" \
$(dirname ${0})/protocol-client-ssl.vol.in \
> $(dirname ${0})/protocol-client-ssl.vol
TEST create_self_signed_certs
TEST glusterd
TEST $CLI volume create $V0 $H0:$B0/brick1;
EXPECT 'Created' volinfo_field $V0 'Status';
TEST $CLI volume start $V0;
EXPECT 'Started' volinfo_field $V0 'Status';
EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" online_brick_count
logdir=`gluster --print-logdir`
TEST build_tester $(dirname $0)/gfapi-ssl-load-volfile-test.c -lgfapi
# Run test without I/O or management encryption
TEST $(dirname $0)/gfapi-ssl-load-volfile-test $H0 $V0 \
$(dirname ${0})/protocol-client-ssl.vol \
$logdir/gfapi-ssl-load-volfile-test.log
# Enable management encryption
touch $GLUSTERD_WORKDIR/secure-access
killall_gluster
TEST glusterd
EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" online_brick_count
# Run test with management encryption (No I/O encryption)
TEST $(dirname $0)/gfapi-ssl-load-volfile-test $H0 $V0 \
$(dirname ${0})/protocol-client-ssl.vol \
$logdir/gfapi-ssl-load-volfile-test.log
# Enable I/O encryption
TEST $CLI volume set $V0 server.ssl on
killall_gluster
sed -e "s,@@HOSTNAME@@,${H0},g" -e "s,@@BRICKPATH@@,${B0}/brick1,g" \
-e "s,@@SSL@@,on,g" \
$(dirname ${0})/protocol-client-ssl.vol.in \
> $(dirname ${0})/protocol-client-ssl.vol
TEST glusterd
EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" online_brick_count
# Run test without I/O or management encryption
TEST $(dirname $0)/gfapi-ssl-load-volfile-test $H0 $V0 \
$(dirname ${0})/protocol-client-ssl.vol \
$logdir/gfapi-ssl-load-volfile-test.log
cleanup_tester $(dirname $0)/gfapi-ssl-load-volfile-test
TEST $CLI volume stop $V0
TEST $CLI volume delete $V0
cleanup;
# NetBSD build scripts are not up to date therefore this test
# is failing in NetBSD. Therefore skipping the test in NetBSD
# as of now.
#G_TESTDEF_TEST_STATUS_NETBSD7=KNOWN_ISSUE,BUG=000000

15
tests/basic/gfapi/protocol-client-ssl.vol.in Normal file
View File

@@ -0,0 +1,15 @@
#
# This .vol file expects that there is
#
# 1. GlusterD listening on @@HOSTNAME@@
# 2. a volume that provides a brick on @@BRICKPATH@@
# 3. the volume with the brick has been started
#
volume test
type protocol/client
option remote-host @@HOSTNAME@@
option remote-subvolume @@BRICKPATH@@
option transport-type socket
option transport.socket.ssl-enabled @@SSL@@
end-volume