[Sblim-commit] Git: SFCB - Small Footprint CIM Broker branch, master, updated. SFCB_1_4_0-204-g8a4d2ac

[Chris B. <buc...@us...>]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "SFCB - Small Footprint CIM Broker".

The branch, master has been updated
       via  8a4d2ac5f2ec94bc0cac69926a18aa07152984b9 (commit)
      from  7c4a2806905e2684394f33d4ffebd9fd72fd4b50 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8a4d2ac5f2ec94bc0cac69926a18aa07152984b9
Author: buccella <buc...@li...>
Date:   Fri Mar 9 23:44:33 2012 -0500

    [ 3367333 ] New entry point for authentication library

-----------------------------------------------------------------------

Summary of changes:
diff --git a/ChangeLog b/ChangeLog
index 3693efb..9544754 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-03-09  Chris Buccella  <buc...@li...>
+
+	* httpAdapter.c, control.c, sfcb.cfg.pre.in:
+	[ 3367333 ] New entry point for authentication library
+
 2012-03-08  Chris Buccella  <buc...@li...>
 
 	* fileRepository.c:
diff --git a/NEWS b/NEWS
index ab28e81..3fb9b19 100644
--- a/NEWS
+++ b/NEWS
@@ -95,6 +95,7 @@ New Features:
 - 3493493 Add sfcbsem
 - 3498932 Implement ModifyInstance for CIM_ListenerDestination
 - 3440300 Allow forced chunked responses
+- 3367333 New entry point for authentication library
 
 Bugs Fixed: 
 
diff --git a/control.c b/control.c
index 0c5f30f..d84810d 100644
--- a/control.c
+++ b/control.c
@@ -76,6 +76,7 @@ Control         init[] = {
 #endif
   {"provProcs", 1, "32"},
   {"basicAuthLib", 0, "sfcBasicAuthentication"},
+  {"basicAuthEntry",   0, "_sfcBasicAuthenticate"},
   {"doBasicAuth", 2, "false"},
   {"doUdsAuth", 2, "false"},
 
diff --git a/httpAdapter.c b/httpAdapter.c
index 4602878..a5a68d7 100644
--- a/httpAdapter.c
+++ b/httpAdapter.c
@@ -148,7 +148,16 @@ static unsigned int sessionId;
 extern char    *opsName[];
 char	       *nicname = NULL; /* Network Interface */
 
+struct auth_extras {
+  void* (*release)(void*);
+  char* clientIp;
+  void* authHandle;
+  const char* role;
+};
+typedef struct auth_extras AuthExtras;
+
 typedef int     (*Authenticate) (char *principal, char *pwd);
+typedef int     (*Authenticate2) (char *principal, char *pwd, AuthExtras *extras);
 
 typedef struct _buffer {
   char           *data,
@@ -242,15 +251,17 @@ remProcCtl()
  * Return 1 on success, 0 on fail, -1 on expired
  */
 int
-baValidate(char *cred, char **principal)
+baValidate(char *cred, char **principal, AuthExtras* extras)
 {
   char           *auth,
                  *pw = NULL;
   int             i;
   static void    *authLib = NULL;
   static Authenticate authenticate = NULL;
+  static Authenticate2 authenticate2=NULL;
   char            dlName[512];
   int             ret = AUTH_FAIL;
+  char *entry;
 
   if (strncasecmp(cred, "basic ", 6))
     return AUTH_FAIL;
@@ -267,20 +278,27 @@ baValidate(char *cred, char **principal)
     char           *ln;
     if (getControlChars("basicAuthlib", &ln) == 0) {
       libraryName(NULL, ln, dlName, 512);
-      if ((authLib = dlopen(dlName, RTLD_LAZY))) {
-        authenticate = dlsym(authLib, "_sfcBasicAuthenticate");
-      }
-    }
-    if (authenticate == NULL) {
-      mlogf(M_ERROR, M_SHOW, "--- Authentication exit %s not found\n",
-            dlName);
-      ret = AUTH_FAIL;
+         if ((authLib = dlopen(dlName, RTLD_LAZY)) && (getControlChars("basicAuthEntry", &entry) == 0)) {
+           if (strcmp(entry, "_sfcBasicAuthenticate2") == 0)
+             authenticate2 = dlsym(authLib, entry);
+           else 
+             authenticate = dlsym(authLib, entry);
+         }
     }
   }
 
-  if (authenticate) {
+  if (authenticate2 == NULL && authenticate == NULL) {
+    mlogf(M_ERROR, M_SHOW, "--- Authentication exit %s not found\n",
+          dlName);
+    ret = AUTH_FAIL;
+  }
+  else {
     *principal = strdup(auth);
-    ret = authenticate(auth, pw);
+    if (authenticate2)
+      ret = authenticate2(auth, pw, extras);
+    else 
+      ret = authenticate(auth, pw);
+
     if (ret == AUTH_PASS)  ret = AUTH_PASS;
     else if (ret == AUTH_EXPIRED)  ret = AUTH_EXPIRED;
     else  ret = AUTH_FAIL;
@@ -1043,9 +1061,13 @@ doHttpRequest(CommHndl conn_fd)
     }
   }
 #endif
+
+  AuthExtras      extras = {NULL, NULL, NULL};
+
   if (!authorized && !discardInput && doBa) {
     if (inBuf.authorization) {
-      barc = baValidate(inBuf.authorization,&inBuf.principal);
+      barc = baValidate(inBuf.authorization,&inBuf.principal,&extras);
+
 #ifdef ALLOW_UPDATE_EXPIRED_PW
       if (barc == AUTH_EXPIRED) {
 	hcrFlags |= HCR_EXPIRED_PW;
diff --git a/sfcb.cfg.pre.in b/sfcb.cfg.pre.in
index ac4ad1f..47a2acb 100644
--- a/sfcb.cfg.pre.in
+++ b/sfcb.cfg.pre.in
@@ -64,6 +64,11 @@ doBasicAuth:    false
 ## Default is: sfcBasicAuthentication
 basicAuthLib:   @SFCB_CONF_BASICAUTHLIB@
 
+## Name of the entry point into the authentication library
+## The return code of this function will determine if auth passes or fails
+## Default is: _sfcBasicAuthenticate
+basicAuthEntry: _sfcBasicAuthenticate
+
 ## Maximum time in seconds an sfcb HTTP process will wait for select.
 ## Default is 5
 #selectTimeout: 5


hooks/post-receive
-- 
SFCB - Small Footprint CIM Broker