summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorshishir gowda <shishirng@gluster.com>2010-08-30 03:54:32 +0000
committerVijay Bellur <vijay@dev.gluster.com>2010-08-30 03:23:57 -0700
commit55bbf23b3a608f67b7a05939f4205049e92d081a (patch)
treeb264f2b270b5bd2eb8ea302a29e87db5878548ad
parent8e4d735b67c78f10fd752f2b48981843595e67b5 (diff)
Only admin should be able to run gluster command
Checking for port number to fail any requests coming in from client. if port is >1024, then fail the requests Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Vijay Bellur <vijay@dev.gluster.com> BUG: 1403 (only admin (uid 0) should be able to run 'gluster' command) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1403
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c29
1 files changed, 29 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index ee3d674c2eb..f76a34e3f54 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -925,10 +925,39 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
rpcsvc_actor_t *actor = NULL;
rpcsvc_request_t *req = NULL;
int ret = -1;
+ uint16_t port = 0;
if (!trans || !svc)
return -1;
+ switch (trans->peerinfo.sockaddr.ss_family) {
+ case AF_INET:
+ port = ((struct sockaddr_in *)&trans->peerinfo.sockaddr)->sin_port;
+ break;
+
+ case AF_INET6:
+ port = ((struct sockaddr_in6 *)&trans->peerinfo.sockaddr)->sin6_port;
+ break;
+
+ default:
+ gf_log (GF_RPCSVC, GF_LOG_DEBUG,
+ "invalid address family (%d)",
+ trans->peerinfo.sockaddr.ss_family);
+ return -1;
+ }
+
+
+
+ port = ntohs (port);
+
+ gf_log ("rpcsvc", GF_LOG_TRACE, "Client port: %d", (int)port);
+
+ if (port > 1024) { //Non-privilaged user, fail request
+ gf_log ("glusterd", GF_LOG_ERROR, "Request received from non-"
+ "privileged port. Failing request");
+ return -1;
+ }
+
req = rpcsvc_request_create (svc, trans, msg);
if (!req)
goto err;