From 4e92c58d27b5cea9d7346d6dd88be9b3479c9e3b Mon Sep 17 00:00:00 2001
From: Csaba Henk <csaba@gluster.com>
Date: Fri, 13 Jan 2012 06:12:11 +0100
Subject: rpc: extend actors with flag signing if privilege is required

Currently we allow the following RPC messages for unprivileged users:
GLUSTER_CLI_GETWD, GLUSTER_CLI_MOUNT, GLUSTER_CLI_UMOUNT

Change-Id: I05414f3ca7cbe47de45c5e5cfba1537efc774e6c
BUG: 781256
Signed-off-by: Csaba Henk <csaba@gluster.com>
Reviewed-on: http://review.gluster.com/2641
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
---
 rpc/rpc-lib/src/rpcsvc.c | 27 ++++++++++++++++-----------
 1 file changed, 16 insertions(+), 11 deletions(-)

(limited to 'rpc/rpc-lib/src/rpcsvc.c')

diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index 125d52fc7..5805f8a5c 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -438,6 +438,7 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
         int                     ret = -1;
         uint16_t                port = 0;
         gf_boolean_t            is_unix = _gf_false;
+        gf_boolean_t            unprivileged = _gf_false;
 
         if (!trans || !svc)
                 return -1;
@@ -467,13 +468,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
 
                 gf_log ("rpcsvc", GF_LOG_TRACE, "Client port: %d", (int)port);
 
-                if ((port > 1024) && (0 == svc->allow_insecure)) {
-                        /* Non-privileged user, fail request */
-                        gf_log ("glusterd", GF_LOG_ERROR,
-                                "Request received from non-"
-                                "privileged port. Failing request");
-                        return -1;
-                }
+                if (port > 1024)
+                        unprivileged = _gf_true;
         }
 
         req = rpcsvc_request_create (svc, trans, msg);
@@ -487,7 +483,16 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
         if (!actor)
                 goto err_reply;
 
-        if (actor && (req->rpc_err == SUCCESS)) {
+        if (0 == svc->allow_insecure && unprivileged && !actor->unprivileged) {
+                        /* Non-privileged user, fail request */
+                        gf_log ("glusterd", GF_LOG_ERROR,
+                                "Request received from non-"
+                                "privileged port. Failing request");
+                        rpcsvc_request_destroy (req);
+                        return -1;
+        }
+
+        if (req->rpc_err == SUCCESS) {
                 /* Before going to xlator code, set the THIS properly */
                 THIS = svc->mydata;
 
@@ -2378,9 +2383,9 @@ out:
 
 
 rpcsvc_actor_t gluster_dump_actors[] = {
-        [GF_DUMP_NULL] = {"NULL", GF_DUMP_NULL, NULL, NULL, NULL },
-        [GF_DUMP_DUMP] = {"DUMP", GF_DUMP_DUMP, rpcsvc_dump, NULL, NULL },
-        [GF_DUMP_MAXVALUE] = {"MAXVALUE", GF_DUMP_MAXVALUE, NULL, NULL, NULL },
+        [GF_DUMP_NULL] = {"NULL", GF_DUMP_NULL, NULL, NULL, NULL, 0},
+        [GF_DUMP_DUMP] = {"DUMP", GF_DUMP_DUMP, rpcsvc_dump, NULL, NULL, 0},
+        [GF_DUMP_MAXVALUE] = {"MAXVALUE", GF_DUMP_MAXVALUE, NULL, NULL, NULL, 0},
 };
 
 
-- 
cgit