[fedfs-utils] [PATCH 11/11] libnsdb: Remove unused security-related APIs

Chuck Lever chuck.lever at oracle.com
Wed Jan 16 13:53:24 PST 2013 

Clean up.  These functions and data types are now no longer used.

Signed-off-by: Chuck Lever <chuck.lever at oracle.com>
---

 src/include/nsdb.h |   22 ----
 src/libnsdb/nsdb.c |  291 ----------------------------------------------------
 2 files changed, 0 insertions(+), 313 deletions(-)

diff --git a/src/include/nsdb.h b/src/include/nsdb.h
index 1bbe947..4f6aadc 100644
--- a/src/include/nsdb.h
+++ b/src/include/nsdb.h
@@ -40,15 +40,6 @@ struct fedfs_nsdb;
 typedef struct fedfs_nsdb *nsdb_t;
 
 /**
- * Stored connection parameters
- */
-struct fedfs_secdata {
-	FedFsConnectionSec	 type;
-	char			*data;
-	unsigned int		 len;
-};
-
-/**
  * Object that contains FedFS Fileset Name data
  *
  * Derived from the fedfsFsn object class, defined in
@@ -157,12 +148,6 @@ _Bool		 nsdb_is_default_parentdir(void);
 _Bool		 nsdb_init_database(void);
 
 /**
- * Extract contents of a certificate file
- */
-FedFsStatus	 nsdb_read_certfile(const char *pathname,
-				char **certdata, unsigned int *certlen);
-
-/**
  * Generate list of NSDB names we know about
  */
 FedFsStatus	 nsdb_enumerate_nsdbs(char ***nsdblist);
@@ -207,13 +192,6 @@ FedFsStatus	 nsdb_connsec_get_cert_data(nsdb_t host,
 				char **data, unsigned int *len);
 
 /**
- * Update stored connection parameters for an NSDB
- */
-FedFsStatus	 nsdb_update_nsdb(const char *hostname,
-				const unsigned short port,
-				const struct fedfs_secdata *sec);
-
-/**
  * Set connection security parameters for an NSDB to "NONE"
  */
 FedFsStatus	 nsdb_connsec_set_none(const char *hostname,
diff --git a/src/libnsdb/nsdb.c b/src/libnsdb/nsdb.c
index 5b75294..94f9317 100644
--- a/src/libnsdb/nsdb.c
+++ b/src/libnsdb/nsdb.c
@@ -560,138 +560,6 @@ nsdb_new_nsdb(const char *hostname, const unsigned long port, nsdb_t *host)
 }
 
 /**
- * Read security data from an existing cert file
- *
- * @param pathname NUL-terminated C string containing pathname of certificate file
- * @param certdata OUT: pointer to buffer containing certificate; caller must free the buffer with free(3)
- * @param certlen OUT: length of buffer containing certificate
- * @return a FedFsStatus code
- */
-FedFsStatus
-nsdb_read_certfile(const char *pathname, char **certdata,
-		unsigned int *certlen)
-{
-	FedFsStatus retval;
-	struct stat stb;
-	ssize_t size;
-	char *buf;
-	int fd;
-
-	retval = FEDFS_ERR_SVRFAULT;
-	if (lstat(pathname, &stb) == -1) {
-		xlog(D_GENERAL, "%s: Failed to stat %s: %m",
-			__func__, pathname);
-		goto out;
-	}
-
-	buf = malloc((size_t)stb.st_size);
-	if (buf == NULL) {
-		xlog(D_GENERAL, "%s: Failed to allocate buffer for %s: %m",
-			__func__, pathname);
-		goto out;
-	}
-
-	fd = open(pathname, O_RDONLY);
-	if (fd == -1) {
-		xlog(D_GENERAL, "%s: Failed to open %s: %m",
-			__func__, pathname);
-		free(buf);
-		goto out;
-	}
-
-	size = read(fd, buf, stb.st_size);
-	if (size < 0 || (off_t)size != stb.st_size) {
-		xlog(D_GENERAL, "%s: Failed to read %s: %m",
-			__func__, pathname);
-		free(buf);
-		(void)close(fd);
-		goto out;
-	}
-
-	xlog(D_CALL, "%s: Successfully read %s", __func__, pathname);
-
-	(void)close(fd);
-	*certdata = buf;
-	*certlen = stb.st_size;
-	retval = FEDFS_OK;
-
-out:
-	return retval;
-}
-
-/**
- * Create a new cert file and store the security data in it
- *
- * @param certdata pointer to buffer containing certificate
- * @param certlen length of certificate in "certdata"
- * @param pathname OUT: pointer to C string containing pathname of new certificate file; caller must free the pathname with free(3)
- * @return a FedFsStatus value
- *
- * On success, FEDFS_OK is returned, a new cert file is created, and the
- * pathname is filled in.
- */
-static FedFsStatus
-nsdb_new_certfile(const char *certdata, const unsigned int certlen,
-		char **pathname)
-{
-	char pathbuf[PATH_MAX], uuidbuf[FEDFS_UUID_STRLEN];
-	FedFsStatus retval;
-	ssize_t size;
-	int fd, len;
-	uuid_t uu;
-
-	/*
-	 * We require a guaranteed unique file name for each
-	 * new cert.  Use uuid_generate_time(3) to avoid
-	 * depleting the local entropy pool.
-	 */
-	uuid_generate_time(uu);
-	uuid_unparse(uu, uuidbuf);
-
-	retval = FEDFS_ERR_SVRFAULT;
-	len = snprintf(pathbuf, sizeof(pathbuf), "%s/%s",
-				fedfs_nsdbcerts_dirname, uuidbuf);
-	if (len > PATH_MAX) {
-		xlog(L_ERROR, "Fedfsd cert directory pathname is too long");
-		goto out;
-	}
-
-	if (mkdir(fedfs_nsdbcerts_dirname, FEDFS_BASE_DIRMODE) == -1) {
-		if (errno != EEXIST) {
-			xlog(L_ERROR, "Failed to create certfile directory: %m");
-			return FEDFS_ERR_SVRFAULT;
-		}
-	}
-
-	fd = open(pathbuf, O_WRONLY | O_SYNC | O_CREAT | O_EXCL,
-						FEDFS_CERTFILE_MODE);
-	if (fd == -1) {
-		xlog(D_GENERAL, "%s: Failed to open %s: %m",
-			__func__, pathbuf);
-		goto out;
-	}
-
-	size = write(fd, certdata, certlen);
-	if (size < 0 || (unsigned int)size != certlen) {
-		xlog(D_GENERAL, "%s: Failed to write %s: %m",
-			__func__, pathbuf);
-		(void)unlink(pathbuf);
-		(void)close(fd);
-		goto out;
-	}
-
-	(void)close(fd);
-
-	*pathname = strdup(pathbuf);
-	if (*pathname == NULL)
-		goto out;
-
-	retval = FEDFS_OK; 
-out:
-	return retval;
-}
-
-/**
  * Read information about an NSDB from our NSDB database
  *
  * @param db an open sqlite3 database descriptor
@@ -848,79 +716,6 @@ out:
 }
 
 /**
- * Update information about an NSDB in our NSDB database
- *
- * @param db an open sqlite3 database descriptor
- * @param host an instantiated nsdb_t object
- * @param sectype an integer value representing the security type
- * @param certfile a NUL-terminated UTF-8 C string containing the name of a file containing an x.509 certificate
- * @return a FedFsStatus code
- *
- * Information is copied from the nsdb_t object to the cert store.
- */
-static FedFsStatus
-nsdb_update_nsdbname(sqlite3 *db, const nsdb_t host,
-		unsigned int sectype, const char *certfile)
-{
-	const char *domainname = host->fn_hostname;
-	const int port = host->fn_port;
-	sqlite3_stmt *stmt;
-	FedFsStatus retval;
-	int rc;
-
-	retval = FEDFS_ERR_IO;
-	if (!nsdb_prepare_stmt(db, &stmt, "UPDATE nsdbs "
-			" SET securityType=?,securityFilename=?"
-			"WHERE nsdbName=? and nsdbPort=?;"))
-		goto out;
-
-	rc = sqlite3_bind_int(stmt, 1, sectype);
-	if (rc != SQLITE_OK) {
-		xlog(L_ERROR, "Failed to bind connection security value: %s",
-			sqlite3_errmsg(db));
-		goto out_finalize;
-	}
-
-	rc = sqlite3_bind_text(stmt, 2, certfile, -1, SQLITE_STATIC);
-	if (rc != SQLITE_OK) {
-		xlog(L_ERROR, "Failed to bind security data value: %s",
-			sqlite3_errmsg(db));
-		goto out_finalize;
-	}
-
-	rc = sqlite3_bind_text(stmt, 3, domainname, -1, SQLITE_STATIC);
-	if (rc != SQLITE_OK) {
-		xlog(L_ERROR, "Failed to bind NSDB hostname %s: %s",
-			domainname, sqlite3_errmsg(db));
-		goto out_finalize;
-	}
-
-	rc = sqlite3_bind_int(stmt, 4, port);
-	if (rc != SQLITE_OK) {
-		xlog(L_ERROR, "Failed to bind port number: %s",
-			sqlite3_errmsg(db));
-		goto out_finalize;
-	}
-
-	rc = sqlite3_step(stmt);
-	switch (rc) {
-	case SQLITE_DONE:
-		xlog(D_CALL, "%s: Updated NSDB info record for '%s:%u' "
-			"to nsdbs table", __func__, domainname, port);
-		retval = FEDFS_OK;
-		break;
-	default:
-		xlog(L_ERROR, "Failed to update NSDB info record for '%s:%u': %s",
-			domainname, port, sqlite3_errmsg(db));
-	}
-
-out_finalize:
-	nsdb_finalize_stmt(stmt);
-out:
-	return retval;
-}
-
-/**
  * Update security information about an NSDB in our NSDB database
  *
  * @param db an open sqlite3 database descriptor
@@ -1395,92 +1190,6 @@ nsdb_create_nsdb(const char *hostname, const unsigned short port)
 }
 
 /**
- * Update connection parameters for an NSDB
- *
- * @param host an instantiated nsdb_t object
- * @param sec new connection parameters
- * @return a FedFsStatus code
- */
-static FedFsStatus
-nsdb_update_nsdbparams(nsdb_t host, const struct fedfs_secdata *sec)
-{
-	FedFsStatus retval;
-	char *certfile;
-	sqlite3 *db;
-
-	xlog(D_CALL, "%s: writing parameters for NSDB '%s'",
-			__func__, host->fn_hostname);
-
-	switch (sec->type) {
-	case FEDFS_SEC_NONE:
-		certfile = strdup("");
-		break;
-	case FEDFS_SEC_TLS:
-		retval = nsdb_new_certfile(sec->data, sec->len,
-							&certfile);
-		if (retval != FEDFS_OK)
-			goto out;
-		break;
-	default:
-		retval = FEDFS_ERR_INVAL;
-		goto out;
-	}
-
-	retval = FEDFS_ERR_IO;
-	db = nsdb_open_db(fedfs_db_filename, SQLITE_OPEN_READWRITE);
-	if (db == NULL) {
-		free(certfile);
-		goto out;
-	}
-
-	retval = nsdb_new_nsdbname(db, host);
-	if (retval != FEDFS_OK) {
-		free(certfile);
-		goto out_close;
-	}
-
-	retval = nsdb_update_nsdbname(db, host, sec->type, certfile);
-	if (retval != FEDFS_OK) {
-		free(certfile);
-		goto out_close;
-	}
-
-	host->fn_sectype = (unsigned int)sec->type;
-	host->fn_certfile = certfile;
-	retval = FEDFS_OK;
-
-out_close:
-	nsdb_close_db(db);
-out:
-	return retval;
-}
-
-/**
- * Update connection parameters for an NSDB
- *
- * @param hostname NUL-terminated UTF-8 string containing NSDB hostname
- * @param port integer port number of NSDB
- * @param sec buffer containing new connection data
- * @return a FedFsStatus code
- */
-FedFsStatus
-nsdb_update_nsdb(const char *hostname, const unsigned short port,
-		const struct fedfs_secdata *sec)
-{
-	nsdb_t host;
-	FedFsStatus retval;
-
-	retval = nsdb_new_nsdb(hostname, port, &host);
-	if (retval != FEDFS_OK)
-		return retval;
-
-	retval = nsdb_update_nsdbparams(host, sec);
-
-	nsdb_free_nsdb(host);
-	return retval;
-}
-
-/**
  * Update connection security parameters for an NSDB
  *
  * @param host an instantiated nsdb_t object

More information about the fedfs-utils-devel mailing list