summaryrefslogtreecommitdiffstats
path: root/cli
diff options
context:
space:
mode:
authorKaushal M <kaushal@gluster.com>2011-08-23 12:23:53 +0530
committerVijay Bellur <vijay@gluster.com>2012-02-05 22:19:54 -0800
commitb708b18b833d1f2ba4da394884bc762a821ff56b (patch)
tree03ad6be7de107e6a5477a1d912a997781b06d57d /cli
parent1d77fe2458be6dc567435dc59bb94870cd0fe529 (diff)
cli, protocol/server : improve validation for the option auth.(allow/reject)
cli now checks validity of address list given for 'volume set auth.*' Server xlator checks addresses supplied to auth.(allow/reject) option including wildcards for correctness in case volfile is manually edited. Original patch done by shylesh@gluster.com Original patch is at http://patches.gluster.com/patch/7566/ Change-Id: Icf52d6eeef64d6632b15aa90a379fadacdf74fef BUG: 764197 Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.com/306 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com>
Diffstat (limited to 'cli')
-rw-r--r--cli/src/cli-cmd-parser.c50
1 files changed, 47 insertions, 3 deletions
diff --git a/cli/src/cli-cmd-parser.c b/cli/src/cli-cmd-parser.c
index ef69235..b169b77 100644
--- a/cli/src/cli-cmd-parser.c
+++ b/cli/src/cli-cmd-parser.c
@@ -36,7 +36,6 @@
#include "protocol-common.h"
#include "cli1-xdr.h"
-
static const char *
id_sel (void *wcon)
{
@@ -636,6 +635,43 @@ out:
}
int32_t
+cli_cmd_valid_ip_list (char *iplist)
+{
+ int ret = 0;
+ char *duplist = NULL;
+ char *addr = NULL;
+ char *saveptr = NULL;
+
+ GF_ASSERT (iplist);
+ duplist = gf_strdup (iplist);
+
+ if (!duplist) {
+ ret = -1;
+ goto out;
+ }
+
+ addr = strtok_r (duplist, ",", &saveptr);
+ if (!addr) {
+ ret = -1;
+ goto out;
+ }
+ while (addr) {
+ if (!valid_internet_address (addr) &&
+ !valid_wildcard_internet_address (addr)) {
+ cli_out ("Invalid ip or wildcard : %s", addr);
+ ret= -1;
+ goto out;
+ }
+ addr = strtok_r (NULL, ",", &saveptr);
+ }
+out:
+ if (duplist)
+ GF_FREE (duplist);
+ gf_log ("cli", GF_LOG_INFO, "Returning %d", ret);
+ return ret;
+}
+
+int32_t
cli_cmd_volume_set_parse (const char **words, int wordcount, dict_t **options)
{
dict_t *dict = NULL;
@@ -691,10 +727,18 @@ cli_cmd_volume_set_parse (const char **words, int wordcount, dict_t **options)
if ( !key || !value) {
ret = -1;
goto out;
- }
+ }
count++;
-
+ if (!strncmp ("auth.allow", key, sizeof (key)) ||
+ !strncmp ("auth.reject", key, sizeof (key))) {
+ ret = cli_cmd_valid_ip_list (value);
+ if (ret) {
+ gf_log ("cli", GF_LOG_ERROR,
+ "invalid ips given");
+ goto out;
+ }
+ }
sprintf (str, "key%d", count);
ret = dict_set_str (dict, str, key);
if (ret)