[11/11] libnsdb: Remove unused security-related APIs

Message ID	20130116215324.21683.30378.stgit@seurat.1015granger.net
State	Accepted
Headers	show Return-Path: <fedfs-utils-devel-bounces@oss.oracle.com> From: Chuck Lever <chuck.lever@oracle.com> To: fedfs-utils-devel@oss.oracle.com Date: Wed, 16 Jan 2013 16:53:24 -0500 Message-ID: <20130116215324.21683.30378.stgit@seurat.1015granger.net> In-Reply-To: <20130116214757.21683.47697.stgit@seurat.1015granger.net> References: <20130116214757.21683.47697.stgit@seurat.1015granger.net> User-Agent: StGIT/0.14.3 MIME-Version: 1.0 Subject: [fedfs-utils] [PATCH 11/11] libnsdb: Remove unused security-related APIs Precedence: list Reply-To: fedfs-utils Developers <fedfs-utils-devel@oss.oracle.com> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: fedfs-utils-devel-bounces@oss.oracle.com Errors-To: fedfs-utils-devel-bounces@oss.oracle.com

diff --git a/src/include/nsdb.h b/src/include/nsdb.h index 1bbe947..4f6aadc 100644 --- a/src/include/nsdb.h +++ b/src/include/nsdb.h @@ -40,15 +40,6 @@ struct fedfs_nsdb; typedef struct fedfs_nsdb *nsdb_t; /** - * Stored connection parameters - */ -struct fedfs_secdata { - FedFsConnectionSec type; - char *data; - unsigned int len; -}; - -/** * Object that contains FedFS Fileset Name data * * Derived from the fedfsFsn object class, defined in @@ -157,12 +148,6 @@ _Bool nsdb_is_default_parentdir(void); _Bool nsdb_init_database(void); /** - * Extract contents of a certificate file - */ -FedFsStatus nsdb_read_certfile(const char *pathname, - char **certdata, unsigned int *certlen); - -/** * Generate list of NSDB names we know about */ FedFsStatus nsdb_enumerate_nsdbs(char ***nsdblist); @@ -207,13 +192,6 @@ FedFsStatus nsdb_connsec_get_cert_data(nsdb_t host, char **data, unsigned int *len); /** - * Update stored connection parameters for an NSDB - */ -FedFsStatus nsdb_update_nsdb(const char *hostname, - const unsigned short port, - const struct fedfs_secdata *sec); - -/** * Set connection security parameters for an NSDB to "NONE" */ FedFsStatus nsdb_connsec_set_none(const char *hostname, diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c index 5b75294..94f9317 100644 --- a/src/libnsdb/nsdb.c +++ b/src/libnsdb/nsdb.c @@ -560,138 +560,6 @@ nsdb_new_nsdb(const char *hostname, const unsigned long port, nsdb_t *host) } /** - * Read security data from an existing cert file - * - * @param pathname NUL-terminated C string containing pathname of certificate file - * @param certdata OUT: pointer to buffer containing certificate; caller must free the buffer with free(3) - * @param certlen OUT: length of buffer containing certificate - * @return a FedFsStatus code - */ -FedFsStatus -nsdb_read_certfile(const char *pathname, char **certdata, - unsigned int *certlen) -{ - FedFsStatus retval; - struct stat stb; - ssize_t size; - char *buf; - int fd; - - retval = FEDFS_ERR_SVRFAULT; - if (lstat(pathname, &stb) == -1) { - xlog(D_GENERAL, "%s: Failed to stat %s: %m", - __func__, pathname); - goto out; - } - - buf = malloc((size_t)stb.st_size); - if (buf == NULL) { - xlog(D_GENERAL, "%s: Failed to allocate buffer for %s: %m", - __func__, pathname); - goto out; - } - - fd = open(pathname, O_RDONLY); - if (fd == -1) { - xlog(D_GENERAL, "%s: Failed to open %s: %m", - __func__, pathname); - free(buf); - goto out; - } - - size = read(fd, buf, stb.st_size); - if (size < 0 || (off_t)size != stb.st_size) { - xlog(D_GENERAL, "%s: Failed to read %s: %m", - __func__, pathname); - free(buf); - (void)close(fd); - goto out; - } - - xlog(D_CALL, "%s: Successfully read %s", __func__, pathname); - - (void)close(fd); - *certdata = buf; - *certlen = stb.st_size; - retval = FEDFS_OK; - -out: - return retval; -} - -/** - * Create a new cert file and store the security data in it - * - * @param certdata pointer to buffer containing certificate - * @param certlen length of certificate in "certdata" - * @param pathname OUT: pointer to C string containing pathname of new certificate file; caller must free the pathname with free(3) - * @return a FedFsStatus value - * - * On success, FEDFS_OK is returned, a new cert file is created, and the - * pathname is filled in. - */ -static FedFsStatus -nsdb_new_certfile(const char *certdata, const unsigned int certlen, - char **pathname) -{ - char pathbuf[PATH_MAX], uuidbuf[FEDFS_UUID_STRLEN]; - FedFsStatus retval; - ssize_t size; - int fd, len; - uuid_t uu; - - /* - * We require a guaranteed unique file name for each - * new cert. Use uuid_generate_time(3) to avoid - * depleting the local entropy pool. - */ - uuid_generate_time(uu); - uuid_unparse(uu, uuidbuf); - - retval = FEDFS_ERR_SVRFAULT; - len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s", - fedfs_nsdbcerts_dirname, uuidbuf); - if (len > PATH_MAX) { - xlog(L_ERROR, "Fedfsd cert directory pathname is too long"); - goto out; - } - - if (mkdir(fedfs_nsdbcerts_dirname, FEDFS_BASE_DIRMODE) == -1) { - if (errno != EEXIST) { - xlog(L_ERROR, "Failed to create certfile directory: %m"); - return FEDFS_ERR_SVRFAULT; - } - } - - fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL, - FEDFS_CERTFILE_MODE); - if (fd == -1) { - xlog(D_GENERAL, "%s: Failed to open %s: %m", - __func__, pathbuf); - goto out; - } - - size = write(fd, certdata, certlen); - if (size < 0 || (unsigned int)size != certlen) { - xlog(D_GENERAL, "%s: Failed to write %s: %m", - __func__, pathbuf); - (void)unlink(pathbuf); - (void)close(fd); - goto out; - } - - (void)close(fd); - - *pathname = strdup(pathbuf); - if (*pathname == NULL) - goto out; - - retval = FEDFS_OK; -out: - return retval; -} - -/** * Read information about an NSDB from our NSDB database * * @param db an open sqlite3 database descriptor @@ -848,79 +716,6 @@ out: } /** - * Update information about an NSDB in our NSDB database - * - * @param db an open sqlite3 database descriptor - * @param host an instantiated nsdb_t object - * @param sectype an integer value representing the security type - * @param certfile a NUL-terminated UTF-8 C string containing the name of a file containing an x.509 certificate - * @return a FedFsStatus code - * - * Information is copied from the nsdb_t object to the cert store. - */ -static FedFsStatus -nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host, - unsigned int sectype, const char *certfile) -{ - const char *domainname = host->fn_hostname; - const int port = host->fn_port; - sqlite3_stmt *stmt; - FedFsStatus retval; - int rc; - - retval = FEDFS_ERR_IO; - if (!nsdb_prepare_stmt(db, &stmt, "UPDATE nsdbs " - " SET securityType=?,securityFilename=?" - "WHERE nsdbName=? and nsdbPort=?;")) - goto out; - - rc = sqlite3_bind_int(stmt, 1, sectype); - if (rc != SQLITE_OK) { - xlog(L_ERROR, "Failed to bind connection security value: %s", - sqlite3_errmsg(db)); - goto out_finalize; - } - - rc = sqlite3_bind_text(stmt, 2, certfile, -1, SQLITE_STATIC); - if (rc != SQLITE_OK) { - xlog(L_ERROR, "Failed to bind security data value: %s", - sqlite3_errmsg(db)); - goto out_finalize; - } - - rc = sqlite3_bind_text(stmt, 3, domainname, -1, SQLITE_STATIC); - if (rc != SQLITE_OK) { - xlog(L_ERROR, "Failed to bind NSDB hostname %s: %s", - domainname, sqlite3_errmsg(db)); - goto out_finalize; - } - - rc = sqlite3_bind_int(stmt, 4, port); - if (rc != SQLITE_OK) { - xlog(L_ERROR, "Failed to bind port number: %s", - sqlite3_errmsg(db)); - goto out_finalize; - } - - rc = sqlite3_step(stmt); - switch (rc) { - case SQLITE_DONE: - xlog(D_CALL, "%s: Updated NSDB info record for '%s:%u' " - "to nsdbs table", __func__, domainname, port); - retval = FEDFS_OK; - break; - default: - xlog(L_ERROR, "Failed to update NSDB info record for '%s:%u': %s", - domainname, port, sqlite3_errmsg(db)); - } - -out_finalize: - nsdb_finalize_stmt(stmt); -out: - return retval; -} - -/** * Update security information about an NSDB in our NSDB database * * @param db an open sqlite3 database descriptor @@ -1395,92 +1190,6 @@ nsdb_create_nsdb(const char *hostname, const unsigned short port) } /** - * Update connection parameters for an NSDB - * - * @param host an instantiated nsdb_t object - * @param sec new connection parameters - * @return a FedFsStatus code - */ -static FedFsStatus -nsdb_update_nsdbparams(nsdb_t host, const struct fedfs_secdata *sec) -{ - FedFsStatus retval; - char *certfile; - sqlite3 *db; - - xlog(D_CALL, "%s: writing parameters for NSDB '%s'", - __func__, host->fn_hostname); - - switch (sec->type) { - case FEDFS_SEC_NONE: - certfile = strdup(""); - break; - case FEDFS_SEC_TLS: - retval = nsdb_new_certfile(sec->data, sec->len, - &certfile); - if (retval != FEDFS_OK) - goto out; - break; - default: - retval = FEDFS_ERR_INVAL; - goto out; - } - - retval = FEDFS_ERR_IO; - db = nsdb_open_db(fedfs_db_filename, SQLITE_OPEN_READWRITE); - if (db == NULL) { - free(certfile); - goto out; - } - - retval = nsdb_new_nsdbname(db, host); - if (retval != FEDFS_OK) { - free(certfile); - goto out_close; - } - - retval = nsdb_update_nsdbname(db, host, sec->type, certfile); - if (retval != FEDFS_OK) { - free(certfile); - goto out_close; - } - - host->fn_sectype = (unsigned int)sec->type; - host->fn_certfile = certfile; - retval = FEDFS_OK; - -out_close: - nsdb_close_db(db); -out: - return retval; -} - -/** - * Update connection parameters for an NSDB - * - * @param hostname NUL-terminated UTF-8 string containing NSDB hostname - * @param port integer port number of NSDB - * @param sec buffer containing new connection data - * @return a FedFsStatus code - */ -FedFsStatus -nsdb_update_nsdb(const char *hostname, const unsigned short port, - const struct fedfs_secdata *sec) -{ - nsdb_t host; - FedFsStatus retval; - - retval = nsdb_new_nsdb(hostname, port, &host); - if (retval != FEDFS_OK) - return retval; - - retval = nsdb_update_nsdbparams(host, sec); - - nsdb_free_nsdb(host); - return retval; -} - -/** * Update connection security parameters for an NSDB * * @param host an instantiated nsdb_t object

[11/11] libnsdb: Remove unused security-related APIs

Commit Message

Patch