summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-lib/src/rpcsvc.c
diff options
context:
space:
mode:
authorRajesh Amaravathi <rajesh@redhat.com>2013-01-28 18:16:32 +0530
committerAnand Avati <avati@redhat.com>2013-02-06 16:15:54 -0800
commit0b7cdbf50dea9ee77bc8f71526a1566945672c19 (patch)
treeb574ace1e33b0d234e9986545747e625b614de04 /rpc/rpc-lib/src/rpcsvc.c
parent2197c8b41423a7a9a5e55db0d3a5a27131966e72 (diff)
rpc: get hostnames of client to allow FQDN based authentication
If FQDNs are used to authenticate clients, then from this commit forth, the client ip(v4,6) is reverse looked up using getnameinfo to get a hostname associated with it, if any, thereby making FQDN-based rpc authentication possible. Change-Id: I4c5241e7079a2560de79ca15f611e65c0b858f9b BUG: 903553 Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com> Reviewed-on: http://review.gluster.org/4439 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src/rpcsvc.c')
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c20
1 files changed, 20 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index 7cb89db0946..c8595ee8ed1 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -1925,10 +1925,13 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)
char *addrstr = NULL;
char *dup_addrstr = NULL;
char *svptr = NULL;
+ char *fqdn = NULL;
if ((!options) || (!clstr))
return -1;
+ ret = dict_get_str (options, "client.fqdn", &fqdn);
+
if (!dict_get (options, pattern))
return -1;
@@ -1956,6 +1959,17 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)
if (ret == 0)
goto err;
+ /* compare hostnames if applicable */
+ if (fqdn) {
+#ifdef FNM_CASEFOLD
+ ret = fnmatch (addrtok, fqdn, FNM_CASEFOLD);
+#else
+ ret = fnmatch (addrtok, fqdn, 0);
+#endif
+ if (ret == 0)
+ goto err;
+ }
+
addrtok = strtok_r (NULL, ",", &svptr);
}
@@ -2174,6 +2188,7 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname,
int aret = RPCSVC_AUTH_REJECT;
int rjret = RPCSVC_AUTH_REJECT;
char clstr[RPCSVC_PEER_STRLEN];
+ char *hostname = NULL;
if (!trans)
return ret;
@@ -2186,6 +2201,11 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname,
goto err;
}
+ ret = gf_get_hostname_from_ip (clstr, &hostname);
+ if (!ret)
+ ret = dict_set_dynstr (options, "client.fqdn",
+ hostname);
+
aret = rpcsvc_transport_peer_check_allow (options, volname, clstr);
rjret = rpcsvc_transport_peer_check_reject (options, volname, clstr);