From 581ee51454d70ace694acfdd6a5b8abb12050dc9 Mon Sep 17 00:00:00 2001 From: shishir gowda Date: Mon, 2 May 2011 03:47:19 +0000 Subject: gf_auth also needs to handle server.allow-insecure When server.allow-insecure option is set, the connection from client can be from any port. gf_auth also needs to check for this option Signed-off-by: shishir gowda Signed-off-by: Anand Avati BUG: 2868 (Add xlator-option to support insecure-bind for clients) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2868 --- xlators/protocol/auth/addr/src/addr.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c index 21dfa5e58..5eeab4516 100644 --- a/xlators/protocol/auth/addr/src/addr.c +++ b/xlators/protocol/auth/addr/src/addr.c @@ -63,6 +63,8 @@ gf_auth (dict_t *input_params, dict_t *config_params) char negate = 0; char match = 0; char peer_addr[UNIX_PATH_MAX]; + char *type = NULL; + gf_boolean_t allow_insecure = _gf_false; name = data_to_str (dict_get (input_params, "remote-subvolume")); if (!name) { @@ -137,8 +139,20 @@ gf_auth (dict_t *input_params, dict_t *config_params) ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP; } + ret = dict_get_str (config_params, "rpc-auth-allow-insecure", + &type); + if (ret == 0) { + ret = gf_string2boolean (type, &allow_insecure); + if (ret < 0) { + gf_log ("auth/addr", GF_LOG_WARNING, + "rpc-auth-allow-insecure option %s " + "is not a valid bool option", type); + goto out; + } + } + peer_port = atoi (service); - if (peer_port >= PRIVILEGED_PORT_CEILING) { + if (peer_port >= PRIVILEGED_PORT_CEILING && !allow_insecure) { gf_log ("auth/addr", GF_LOG_ERROR, "client is bound to port %d which is not privileged", peer_port); -- cgit