glusterfs.git/rpc/rpc-transport/socket/src, branch bug-deprecated Ignore all deprecated warnings for OPENSSL on DARWIN 2015-01-12T20:54:48+00:00 Dennis Schafroth dennis@schafroth.dk 2015-01-12T20:54:48+00:00 1a4195d57e08b7b9b3fee8d7b288b5d30e478572 






rpc/rpcsvc: add peername to log messages
2014-12-11T06:35:03+00:00

Krishnan Parthasarathi
kparthas@redhat.com

2014-08-25T10:51:08+00:00

757394c1d764955f0068dfaf10692ae2d56a2b94

This would allow users/developers to associate rpc layer log messages
to the corresponding connection.

Change-Id: I040f79248dced7174a4364d9f995612ed3540dd4
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/8535
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>





This would allow users/developers to associate rpc layer log messages
to the corresponding connection.

Change-Id: I040f79248dced7174a4364d9f995612ed3540dd4
Signed-off-by: Krishnan Parthasarathi <kparthas@redhat.com>
Reviewed-on: http://review.gluster.org/8535
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>







socket: disallow CBC cipher modes
2014-10-27T11:40:55+00:00

Jeff Darcy
jdarcy@redhat.com

2014-10-21T20:54:48+00:00

378a0a19d95e552220d71b13be685f4772c576cd

This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.  Users can still set their own cipher modes if they
wish.  To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.

Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1155328
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8962
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





This is related to CVE-2014-3566 a.k.a. POODLE.

	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

POODLE is specific to CBC cipher modes in SSLv3.  Because there is no
way to prevent SSLv3 fallback on a system with an unpatched version of
OpenSSL, users of such systems can only be protected by disallowing CBC
modes.  The default cipher-mode specification in our code has been
changed accordingly.  Users can still set their own cipher modes if they
wish.  To support them, the ssl-authz.t test script provides an example
of how to combine the CBC exclusion with other criteria in a script.

Change-Id: Ib1fa547082fbb7de9df94ffd182b1800d6e354e5
BUG: 1155328
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8962
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>







Sane default for SSL on OSX
2014-09-29T08:30:44+00:00

Harshavardhana
harsha@harshavardhana.net

2014-09-26T17:12:47+00:00

37ee11f4d42bff1f46fae7d2755e0d6d8a55e572

- /opt/local is not preferred anymore use /usr/local

Change-Id: I30cad4cbd28850063f26121cace05371e13bb314
BUG: 1129939
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8872
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





- /opt/local is not preferred anymore use /usr/local

Change-Id: I30cad4cbd28850063f26121cace05371e13bb314
BUG: 1129939
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8872
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>







Use sane OS-dependent defaults for SSL configuration
2014-09-26T10:32:42+00:00

Emmanuel Dreyfus
manu@netbsd.org

2014-09-23T05:46:16+00:00

3d36edb00c2adad9a957a445aafac3e800964bb1

Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.

BUG: 1129939
Change-Id: I0f3168f79b8f4275636581041740dfcaf25f3edd
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8790
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





Current code assumes /etc/ssl exists, which may not be the case.
Attempt to guess sane default for a few OS.

BUG: 1129939
Change-Id: I0f3168f79b8f4275636581041740dfcaf25f3edd
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8790
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>







socket: Fixed parsing RPC records containing multi fragments
2014-09-19T12:37:05+00:00

Gu Feng
flygoast@126.com

2014-09-09T10:00:22+00:00

fb6702b7f8ba19333b7ba4af543d908e3f5e1923

In __socket_proto_state_machine(), when parsing RPC records containing
multi fragments, just change the state of parsing process, had not
processed the memory to coalesce the multi fragments.

Change-Id: I5583e578603bd7290814a5d26885b31759c73115
BUG: 1139598
Signed-off-by: Gu Feng <flygoast@126.com>
Reviewed-on: http://review.gluster.org/8662
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>





In __socket_proto_state_machine(), when parsing RPC records containing
multi fragments, just change the state of parsing process, had not
processed the memory to coalesce the multi fragments.

Change-Id: I5583e578603bd7290814a5d26885b31759c73115
BUG: 1139598
Signed-off-by: Gu Feng <flygoast@126.com>
Reviewed-on: http://review.gluster.org/8662
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>







Fix glustershd detection on volume restart
2014-08-26T06:06:34+00:00

Emmanuel Dreyfus
manu@netbsd.org

2014-08-16T00:32:49+00:00

4bbaf4615be673dec70fc3e1f127139b6d079869

On NetBSD and FreeBSD, doing a 'gluster volume start $volume force' causes
NFS server, quotad, snapd and glustershd to be undetected by glusterd once the
volume has restarted. 'gluster volume status' shows the three processes
as 'N' in the online column, while they have been launched successfully.

This happens because glusterd attempts to connect to its child processes
just between the child does a unlink() on the socket in
__socket_server_bind() and the time it calls bind() and listen().
Different scheduling policy may explain why the problem does not happen
on Linux, but it may pop up some day since we make no guaranteed
assumptions here.

This patchet works this around by introducing a boolean
transport.socket.ignore-enoent option, set by nfs and glustershd,
which prevents ENOENT to be fatal and cause glusterd to retry and
suceed later. Behavior of other clients is unaffected.

BUG: 1129939
Change-Id: Ifdc4d45b2513743ed42ee235a5c61a086321644c
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8403
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





On NetBSD and FreeBSD, doing a 'gluster volume start $volume force' causes
NFS server, quotad, snapd and glustershd to be undetected by glusterd once the
volume has restarted. 'gluster volume status' shows the three processes
as 'N' in the online column, while they have been launched successfully.

This happens because glusterd attempts to connect to its child processes
just between the child does a unlink() on the socket in
__socket_server_bind() and the time it calls bind() and listen().
Different scheduling policy may explain why the problem does not happen
on Linux, but it may pop up some day since we make no guaranteed
assumptions here.

This patchet works this around by introducing a boolean
transport.socket.ignore-enoent option, set by nfs and glustershd,
which prevents ENOENT to be fatal and cause glusterd to retry and
suceed later. Behavior of other clients is unaffected.

BUG: 1129939
Change-Id: Ifdc4d45b2513743ed42ee235a5c61a086321644c
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.org/8403
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>







socket: add boundary checks for iobuf_get2 over rpc_hdr_bytes
2014-08-05T01:54:53+00:00

Harshavardhana
harsha@harshavardhana.net

2014-07-30T01:50:29+00:00

6cc22537b68cb52ebc0101fca7fb232c183b00a1

A malformed packet can cause a OOM while peforming iobuf_get2()
on a large enough packet side.

Such a scenario is observed when running vulnerability tests,
it would look like one of those tests perhaps based on DDOS (Denial
of Service) attacks hand-crafts a RPC packet which is of a large
enough size - since we do not verify the size and do not provide
any boundary checks, there are secenarios where it leads to OOM.

Reproducible consistently with those tests has revealed that we
should be ideally be adding a boundary check.

Limit such an allocation to a 1gigabyte, as it might be sufficient
to handle for all variety of RPC packets.

Change-Id: I5f1411dd96d6f167993d28a1718ffef2fb4e9923
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8384
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>





A malformed packet can cause a OOM while peforming iobuf_get2()
on a large enough packet side.

Such a scenario is observed when running vulnerability tests,
it would look like one of those tests perhaps based on DDOS (Denial
of Service) attacks hand-crafts a RPC packet which is of a large
enough size - since we do not verify the size and do not provide
any boundary checks, there are secenarios where it leads to OOM.

Reproducible consistently with those tests has revealed that we
should be ideally be adding a boundary check.

Limit such an allocation to a 1gigabyte, as it might be sufficient
to handle for all variety of RPC packets.

Change-Id: I5f1411dd96d6f167993d28a1718ffef2fb4e9923
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/8384
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>







socket/glusterd/client: enable SSL for management
2014-07-10T14:37:12+00:00

Jeff Darcy
jdarcy@redhat.com

2014-07-03T14:01:20+00:00

b42688786f25420de671ea06030edf4371058433

The feature is controlled by presence of the following file:

	/var/lib/glusterd/secure-access

See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h
for the rationale.  With this enabled, the following rules apply to
connections:

	UNIX-domain sockets never have SSL.

	Management-port sockets (both connecting and accepting, in
	daemons and CLI) have SSL based on presence of the file.

	Other IP sockets have SSL based on the existing client.ssl and
	server.ssl volume options.

Transport multi-threading is explicitly turned off in glusterd (it would
otherwise be turned on when SSL is) due to multi-threading issues.
Tests have been elided to avoid risk of leaving a file which will cause
all subsequent tests to run with management SSL still enabled.

IMPLEMENTATION NOTE
The implementation is a bit messy, and consists of two stages.  First we
decide whether to set the relevant fields in our context structure, based
on presence of the sentinel file OR a command-line override.  Later we
decide whether a particular connection should actually use SSL, based on the
context flags plus what kind of connection we're making[1] and what kind of
daemon we're in[2].

[1] inbound, outbound to glusterd port, other outbound
[2] glusterd, glusterfsd, other

TESTING NOTE
Instead of just running one special test for this feature, the ideal
would be to run all tests with management SSL enabled.  However, it
would be inappropriate or premature to set up an optional feature in the
patch itself.  Therefore, the method of choice is to submit a separate
patch on top, which modifies "cleanup" in include.rc to recreate the
secure-access file and associated SSL certificate/key files before each
test.

Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8094
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





The feature is controlled by presence of the following file:

	/var/lib/glusterd/secure-access

See the comment near the definition of SECURE_ACCESS_FILE in glusterfs.h
for the rationale.  With this enabled, the following rules apply to
connections:

	UNIX-domain sockets never have SSL.

	Management-port sockets (both connecting and accepting, in
	daemons and CLI) have SSL based on presence of the file.

	Other IP sockets have SSL based on the existing client.ssl and
	server.ssl volume options.

Transport multi-threading is explicitly turned off in glusterd (it would
otherwise be turned on when SSL is) due to multi-threading issues.
Tests have been elided to avoid risk of leaving a file which will cause
all subsequent tests to run with management SSL still enabled.

IMPLEMENTATION NOTE
The implementation is a bit messy, and consists of two stages.  First we
decide whether to set the relevant fields in our context structure, based
on presence of the sentinel file OR a command-line override.  Later we
decide whether a particular connection should actually use SSL, based on the
context flags plus what kind of connection we're making[1] and what kind of
daemon we're in[2].

[1] inbound, outbound to glusterd port, other outbound
[2] glusterd, glusterfsd, other

TESTING NOTE
Instead of just running one special test for this feature, the ideal
would be to run all tests with management SSL enabled.  However, it
would be inappropriate or premature to set up an optional feature in the
patch itself.  Therefore, the method of choice is to submit a separate
patch on top, which modifies "cleanup" in include.rc to recreate the
secure-access file and associated SSL certificate/key files before each
test.

Change-Id: I0e04d6d08163893e24ec8c031748c5c447d7f780
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8094
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>







socket: add certificate-depth and cipher-list options for SSL
2014-07-04T11:18:00+00:00

Jeff Darcy
jdarcy@redhat.com

2014-07-03T13:27:13+00:00

83c09b75a8fbc3a46fc0e76f805e061e949678f1

Change-Id: I82757f8461807301a4a4f28c4f5bf7f0ee315113
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8040
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>





Change-Id: I82757f8461807301a4a4f28c4f5bf7f0ee315113
BUG: 1114604
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/8040
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Rajesh Joseph <rjoseph@redhat.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>