[Sblim-commit] sfcb control.c, 1.40, 1.41 httpAdapter.c, 1.93, 1.94 sfcb.cfg.pre.in, 1.27, 1.28 ChangeLog, 1.697, 1.698 NEWS, 1.621, 1.622

[Chris B. <buc...@us...>]

Update of /cvsroot/sblim/sfcb
In directory vz-cvs-3.sog:/tmp/cvs-serv17598

Modified Files:
	control.c httpAdapter.c sfcb.cfg.pre.in ChangeLog NEWS 
Log Message:
[ 3367333 ] New entry point for authentication library

Index: NEWS
===================================================================
RCS file: /cvsroot/sblim/sfcb/NEWS,v
retrieving revision 1.621
retrieving revision 1.622
diff -u -d -r1.621 -r1.622
--- NEWS	8 Nov 2011 05:03:21 -0000	1.621
+++ NEWS	22 Nov 2011 20:41:20 -0000	1.622
@@ -1,6 +1,10 @@
 Changes in 1.3.14
 =================
 
+New features:
+
+- 3367333 New entry point for authentication library
+
 Bugs fixed: 
 
 - 3414700 assocClass ignored for assoc upcalls

Index: control.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/control.c,v
retrieving revision 1.40
retrieving revision 1.41
diff -u -d -r1.40 -r1.41
--- control.c	9 Sep 2011 22:54:18 -0000	1.40
+++ control.c	22 Nov 2011 20:41:19 -0000	1.41
@@ -86,6 +86,7 @@
 #endif
    {"provProcs",        1, "32"},
    {"basicAuthLib",     0, "sfcBasicAuthentication"},
+   {"basicAuthEntry",   0, "_sfcBasicAuthenticate"},
    {"doBasicAuth",      2, "false"},
    {"doUdsAuth",        2, "false"},
    

Index: sfcb.cfg.pre.in
===================================================================
RCS file: /cvsroot/sblim/sfcb/sfcb.cfg.pre.in,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -d -r1.27 -r1.28
--- sfcb.cfg.pre.in	9 Sep 2011 22:54:18 -0000	1.27
+++ sfcb.cfg.pre.in	22 Nov 2011 20:41:20 -0000	1.28
@@ -62,6 +62,11 @@
 ## Default is 5
 #selectTimeout: 5
 
+## Name of the entry point into the authentication library
+## The return code of this function will determine if auth passes or fails
+## Default is: _sfcBasicAuthenticate
+basicAuthEntry: _sfcBasicAuthenticate
+
 ## Maximum time in seconds an sfcb HTTP process will wait between two requests
 ## on one connection before terminating. 0 will disable HTTP keep-alive.
 ## Default is 15

Index: httpAdapter.c
===================================================================
RCS file: /cvsroot/sblim/sfcb/httpAdapter.c,v
retrieving revision 1.93
retrieving revision 1.94
diff -u -d -r1.93 -r1.94
--- httpAdapter.c	9 Sep 2011 22:54:18 -0000	1.93
+++ httpAdapter.c	22 Nov 2011 20:41:20 -0000	1.94
@@ -130,7 +130,16 @@
 static unsigned int sessionId;
 extern char *opsName[];
 
-typedef int (*Authenticate)(char* principal, char* pwd);
+struct auth_extras {
+  void* (*release)(void*);
+  char* clientIp;
+  void* authHandle;
+  const char* role;
+};
+typedef struct auth_extras AuthExtras;
+
+typedef int     (*Authenticate) (char *principal, char *pwd);
+typedef int     (*Authenticate2) (char *principal, char *pwd, AuthExtras *extras);
 
 typedef struct _buffer {
    char *data, *content;
@@ -201,14 +210,16 @@
  * Call the authentication library
  * Return 1 on success, 0 on fail, -1 on expired
  */
-int baValidate(char *cred, char **principal)
+int baValidate(char *cred, char **principal, AuthExtras* extras)
 {
    char *auth,*pw=NULL;
    int i;
    static void *authLib=NULL;
    static Authenticate authenticate=NULL;
+   static Authenticate2 authenticate2=NULL;
    char dlName[512];
    int ret = AUTH_FAIL;
+   char *entry;
 
    if (strncasecmp(cred,"basic ",6)) return AUTH_FAIL;
    auth=decode64(cred+6);
@@ -224,19 +235,28 @@
       char *ln;
       if (getControlChars("basicAuthlib", &ln)==0) {
          libraryName(NULL,ln,dlName, 512);
-        if ((authLib=dlopen(dlName, RTLD_LAZY))) {
-            authenticate= dlsym(authLib, "_sfcBasicAuthenticate");
+	 if ((authLib = dlopen(dlName, RTLD_LAZY)) && (getControlChars("basicAuthEntry", &entry) == 0)) {
+	   if (strcmp(entry, "_sfcBasicAuthenticate2") == 0)
+	     authenticate2 = dlsym(authLib, entry);
+	   else 
+	     authenticate = dlsym(authLib, entry);
+
          }
       }
-      if (authenticate == NULL) {
-	mlogf(M_ERROR,M_SHOW,"--- Authentication exit %s not found or dlsym failed\n",dlName);
-	ret = AUTH_FAIL;
-      }
    }
 
-   if (authenticate) {
+  if (authenticate2 == NULL && authenticate == NULL) {
+    mlogf(M_ERROR, M_SHOW, "--- Authentication exit %s not found\n",
+	  dlName);
+    ret = AUTH_FAIL;
+  }
+  else {
      *principal=strdup(auth);
-     ret = authenticate(auth,pw);
+     if (authenticate2)
+       ret = authenticate2(auth, pw, extras);
+     else 
+       ret = authenticate(auth, pw);
+
      if (ret == AUTH_PASS)  ret = AUTH_PASS;
      else if (ret == AUTH_EXPIRED)  ret = AUTH_EXPIRED;
      else  ret = AUTH_FAIL;
@@ -937,10 +957,12 @@
        }
    }
 #endif
+   AuthExtras      extras = {NULL, NULL, NULL};
+
    if (!authorized && !discardInput && doBa) {
 
      if (inBuf.authorization) {
-       barc = baValidate(inBuf.authorization,&inBuf.principal);
+       barc = baValidate(inBuf.authorization,&inBuf.principal,&extras);
 #ifdef ALLOW_UPDATE_EXPIRED_PW
        if (barc == AUTH_EXPIRED) {
  	 hcrFlags |= HCR_EXPIRED_PW;

Index: ChangeLog
===================================================================
RCS file: /cvsroot/sblim/sfcb/ChangeLog,v
retrieving revision 1.697
retrieving revision 1.698
diff -u -d -r1.697 -r1.698
--- ChangeLog	8 Nov 2011 05:04:31 -0000	1.697
+++ ChangeLog	22 Nov 2011 20:41:20 -0000	1.698
@@ -1,3 +1,8 @@
+2011-11-22  Chris Buccella  <buc...@li...>
+
+	* control.c, httpAdapter.c, sfcb.cfg.pre.in:
+	[ 3367333 ] New entry point for authentication library
+
 2011-11-07 Narasimha Sharoff <nsh...@us...>
 
 	* cimXmlGen.c: