implement sharded services (client side)

c9f890a5 · ale · ce40618d · c9f890a5 · c9f890a5 · c9f890a5
Commit c9f890a5 authored 10 years ago by ale
--- a/pam/auth_client.c
+++ b/pam/auth_client.c
@@ -192,7 +192,8 @@ int auth_client_authenticate(auth_client_t ac,
                             const char *username,
                             const char *password,
                             const char *otp_token,
-                             const char *source_ip) {
+                             const char *source_ip,
+			     const char *shard) {
  struct curl_slist *headers = NULL;
  struct cbuf form;
  struct cbuf responsebuf;
@@ -212,6 +213,9 @@ int auth_client_authenticate(auth_client_t ac,
  if (source_ip) {
    post_field_add(&form, "source_ip", source_ip);
  }
+  if (shard) {
+    post_field_add(&form, "shard", shard);
+  }
  curl_easy_setopt(ac->c, CURLOPT_POSTFIELDS, form.buf);

  // Set request headers.

--- a/pam/auth_client.h
+++ b/pam/auth_client.h
@@ -27,6 +27,7 @@ int auth_client_authenticate(auth_client_t ac,
                             const char *username,
                             const char *password,
                             const char *otp_token,
-                             const char *source_ip);
+                             const char *source_ip,
+			     const char *shard);

 #endif
--- a/pam/auth_client_test.cc
+++ b/pam/auth_client_test.cc
@@ -54,7 +54,7 @@ TEST_F(AuthClientTest, AuthOK) {
  result = auth_client_set_certificate(ac, ssl_ca, ssl_cert, ssl_key);
  EXPECT_EQ(AC_OK, result) << "set_certificate() error: " << auth_client_strerror(result);

-  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1");
+  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1", NULL);
  EXPECT_EQ(AC_OK, result) << "authenticate() error: " << auth_client_strerror(result)
                           << ", server=" << server;
 }
@@ -65,7 +65,7 @@ TEST_F(AuthClientTest, AuthFail) {
  result = auth_client_set_certificate(ac, ssl_ca, ssl_cert, ssl_key);
  EXPECT_EQ(AC_OK, result) << "set_certificate() error: " << auth_client_strerror(result);

-  result = auth_client_authenticate(ac, "user", "bad_password", NULL, "127.0.0.1");
+  result = auth_client_authenticate(ac, "user", "bad_password", NULL, "127.0.0.1", NULL);
  EXPECT_NE(AC_OK, result) << "authenticate() didn't fail"
                           << ", server=" << server;
 }
@@ -82,7 +82,7 @@ TEST_F(AuthClientTest, SSLFailsWithBadCertificate) {
  result = auth_client_set_certificate(ac, ssl_ca, ssl_ca, ssl_key);
  EXPECT_EQ(AC_OK, result) << "set_certificate() error: " << auth_client_strerror(result);

-  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1");
+  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1", NULL);
  EXPECT_NE(AC_OK, result) << "authenticate() didn't fail, server=" << server;
 }

@@ -93,7 +93,7 @@ TEST_F(AuthClientTest, SSLFailsWithBadCAClientSide) {
  result = auth_client_set_certificate(ac, ssl_bad_ca, ssl_cert, ssl_key);
  EXPECT_EQ(AC_OK, result) << "set_certificate() error: " << auth_client_strerror(result);

-  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1");
+  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1", NULL);
  EXPECT_NE(AC_OK, result) << "authenticate() didn't fail, server=" << server;
 }

@@ -104,7 +104,7 @@ TEST_F(AuthClientTest, SSLFailsWithBadCAServerSide) {
  result = auth_client_set_certificate(ac, ssl_ca, ssl_bad_cert, ssl_bad_key);
  EXPECT_EQ(AC_OK, result) << "set_certificate() error: " << auth_client_strerror(result);

-  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1");
+  result = auth_client_authenticate(ac, "user", "pass", NULL, "127.0.0.1", NULL);
  EXPECT_NE(AC_OK, result) << "authenticate() didn't fail, server=" << server;
 }


--- a/pam/pam_authclient.c
+++ b/pam/pam_authclient.c
@@ -55,6 +55,7 @@ struct cfg {
  char *ssl_crt;
  char *ssl_key;
  char *ca_file;
+  char *shard;
 };

 static void parse_cfg(int argc, const char **argv, struct cfg *cfg) {
@@ -76,6 +77,8 @@ static void parse_cfg(int argc, const char **argv, struct cfg *cfg) {
      cfg->ssl_key = (char *)(argv[i] + 8);
    } else if (!strncmp(argv[i], "ca=", 3)) {
      cfg->ca_file = (char *)(argv[i] + 3);
+    } else if (!strncmp(argv[i], "shard=", 6)) {
+      cfg->shard = (char *)(argv[i] + 6);
    }
  }
 }
@@ -155,7 +158,7 @@ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh,
  // Allow two authentication attempts in case we receive an
  // OTP_REQUIRED response from the server.
  for (i = 0; i < 2; i++) {
-    int ac_err = auth_client_authenticate(ac, username, password, otp_token, source_ip);
+    int ac_err = auth_client_authenticate(ac, username, password, otp_token, source_ip, cfg.shard);
    if (ac_err == AC_OK) {
      retval = PAM_SUCCESS;
    } else if (ac_err == AC_ERR_OTP_REQUIRED) {