diff options
Diffstat (limited to 'xlators/protocol/auth/addr/src/addr.c')
| -rw-r--r-- | xlators/protocol/auth/addr/src/addr.c | 53 |
1 files changed, 26 insertions, 27 deletions
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c index 21dfa5e58..181d091bd 100644 --- a/xlators/protocol/auth/addr/src/addr.c +++ b/xlators/protocol/auth/addr/src/addr.c @@ -1,20 +1,11 @@ /* - Copyright (c) 2007-2010 Gluster, Inc. <http://www.gluster.com> + Copyright (c) 2008-2012 Red Hat, Inc. <http://www.redhat.com> This file is part of GlusterFS. - GlusterFS is free software; you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published - by the Free Software Foundation; either version 3 of the License, - or (at your option) any later version. - - GlusterFS is distributed in the hope that it will be useful, but - WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see - <http://www.gnu.org/licenses/>. + This file is licensed to you under your choice of the GNU Lesser + General Public License, version 3 or any later version (LGPLv3 or + later), or the GNU General Public License, version 2 (GPLv2), in all + cases as published by the Free Software Foundation. */ @@ -28,6 +19,7 @@ #include <netdb.h> #include "authenticate.h" #include "dict.h" +#include "rpc-transport.h" #define ADDR_DELIMITER " ," #define PRIVILEGED_PORT_CEILING 1024 @@ -36,13 +28,6 @@ #define AF_INET_SDP 27 #endif -/* TODO: duplicate declaration */ -typedef struct peer_info { - struct sockaddr_storage sockaddr; - socklen_t sockaddr_len; - char identifier[UNIX_PATH_MAX]; -}peer_info_t; - auth_result_t gf_auth (dict_t *input_params, dict_t *config_params) { @@ -63,6 +48,8 @@ gf_auth (dict_t *input_params, dict_t *config_params) char negate = 0; char match = 0; char peer_addr[UNIX_PATH_MAX]; + char *type = NULL; + gf_boolean_t allow_insecure = _gf_false; name = data_to_str (dict_get (input_params, "remote-subvolume")); if (!name) { @@ -137,8 +124,20 @@ gf_auth (dict_t *input_params, dict_t *config_params) ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP; } + ret = dict_get_str (config_params, "rpc-auth-allow-insecure", + &type); + if (ret == 0) { + ret = gf_string2boolean (type, &allow_insecure); + if (ret < 0) { + gf_log ("auth/addr", GF_LOG_WARNING, + "rpc-auth-allow-insecure option %s " + "is not a valid bool option", type); + goto out; + } + } + peer_port = atoi (service); - if (peer_port >= PRIVILEGED_PORT_CEILING) { + if (peer_port >= PRIVILEGED_PORT_CEILING && !allow_insecure) { gf_log ("auth/addr", GF_LOG_ERROR, "client is bound to port %d which is not privileged", peer_port); @@ -182,6 +181,7 @@ gf_auth (dict_t *input_params, dict_t *config_params) addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); } GF_FREE (addr_cpy); + addr_cpy = NULL; } if (allow_addr) { @@ -210,22 +210,21 @@ gf_auth (dict_t *input_params, dict_t *config_params) } out: - if (addr_cpy) - GF_FREE (addr_cpy); + GF_FREE (addr_cpy); return result; } struct volume_options options[] = { { .key = {"auth.addr.*.allow"}, - .type = GF_OPTION_TYPE_ANY + .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST }, { .key = {"auth.addr.*.reject"}, - .type = GF_OPTION_TYPE_ANY + .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST }, /* Backword compatibility */ { .key = {"auth.ip.*.allow"}, - .type = GF_OPTION_TYPE_ANY + .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST }, { .key = {NULL} } }; |