rpc: By default set allow-insecure, bind-insecure to on

        Backport of http://review.gluster.org/11039

since we now use SSL (Secure Sockets Layer) for the security issues, the patch
changes the default setting to allow connections/requests from non-privilaged
ports by setting allow-insecure and bind-insecure to 1

Also added bind functionality for insecure binding which can select from
available local ports dynamically

BUG: 1232660
Change-Id: I927e112223f33611452093e38cd846a0b9347e57
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11274
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>

1 files changed, 34 insertions, 17 deletions

diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c
index f731bab4b0a..93cb3c461f2 100644
--- a/rpc/rpc-transport/socket/src/name.c
+++ b/rpc/rpc-transport/socket/src/name.c
@@ -23,6 +23,21 @@
 #include "socket.h"
 #include "common-utils.h"
 
+static void
+_assign_port (struct sockaddr *sockaddr, uint16_t port)
+{
+        switch (sockaddr->sa_family) {
+        case AF_INET6:
+                ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
+                break;
+
+        case AF_INET_SDP:
+        case AF_INET:
+                ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
+                break;
+        }
+}
+
 static int32_t
 af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
                                  socklen_t sockaddr_len, int ceiling)
@@ -41,17 +56,7 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
 
         while (port)
         {
-                switch (sockaddr->sa_family)
-                {
-                case AF_INET6:
-                        ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
-                        break;
-
-                case AF_INET_SDP:
-                case AF_INET:
-                        ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
-                        break;
-                }
+                _assign_port (sockaddr, port);
                 // ignore the reserved ports
                 if (ports[port] == _gf_true) {
                         port--;
@@ -440,12 +445,24 @@ client_bind (rpc_transport_t *this,
                 if (!this->bind_insecure) {
                         ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
                                                        *sockaddr_len, GF_CLIENT_PORT_CEILING);
-                }
-                if (ret == -1) {
-                        gf_log (this->name, GF_LOG_DEBUG,
-                                "cannot bind inet socket (%d) to port less than %d (%s)",
-                                sock, GF_CLIENT_PORT_CEILING, strerror (errno));
-                        ret = 0;
+                        if (ret == -1) {
+                                gf_log (this->name, GF_LOG_DEBUG,
+                                        "cannot bind inet socket (%d) to port less than %d (%s)",
+                                        sock, GF_CLIENT_PORT_CEILING, strerror (errno));
+                                ret = 0;
+                        }
+                } else {
+                        /* A port number of zero will let the bind function to
+                         * pick any available local port dynamically
+                         */
+                        _assign_port (sockaddr, 0);
+                        ret = bind (sock, sockaddr, *sockaddr_len);
+                        if (ret == -1) {
+                                gf_log (this->name, GF_LOG_DEBUG,
+                                        "failed while binding to available ports (%s)",
+                                        strerror (errno));
+                                ret = 0;
+                        }
                 }
                 break;