diff options
| author | Raghavendra G <rgowdapp@redhat.com> | 2015-07-02 05:19:19 -0700 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2015-07-02 08:44:38 -0700 |
| commit | cef17206141be2d4d8d6700afb6701e7f97cacab (patch) | |
| tree | b5c5721ebfb7bef418382552a1e222a7fea7e8b6 /rpc | |
| parent | 2f5355f76a8168bc504cba8237f0825fc181fce8 (diff) | |
Revert "rpc: By default set allow-insecure, bind-insecure to on"
This reverts commit 5bf6522562990f7490d9fc226d58f19891bfb7a4.
This patch introduced a regression where client no longer binds to
privileged port. This is causing lots of regressions. Hence reverting
this patch for now and will be resent after suitable modifications.
Change-Id: Id697013ca6474e9c192e8f58c8179522fa5d397e
Reviewed-on: http://review.gluster.org/11507
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/rpc-lib/src/rpc-transport.c | 3 | ||||
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc-auth.c | 13 | ||||
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 6 | ||||
| -rw-r--r-- | rpc/rpc-transport/socket/src/name.c | 51 |
4 files changed, 21 insertions, 52 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 4ade6b7d0b3..149a831951d 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -262,8 +262,7 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name) else trans->bind_insecure = 0; } else { - /* By default allow bind insecure */ - trans->bind_insecure = 1; + trans->bind_insecure = 0; } ret = dict_get_str (options, "transport-type", &type); diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index b7d6c2216ef..6b4c7937437 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -221,20 +221,9 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) else svc->allow_insecure = 0; } - } else { - /* By default set allow-insecure to true */ - svc->allow_insecure = 1; - - /* setting in options for the sake of functions that look - * configuration params for allow insecure, eg: gf_auth - */ - ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); - if (ret < 0) - gf_log ("rpc-auth", GF_LOG_DEBUG, - "dict_set failed for 'allow-insecure'"); } - return ret; + return 0; } int diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index a108ea56a5d..d151d541cee 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -631,10 +631,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, gf_log (GF_RPCSVC, GF_LOG_ERROR, "Request received from non-" "privileged port. Failing request"); - req->rpc_status = MSG_DENIED; - req->rpc_err = AUTH_ERROR; - req->auth_err = RPCSVC_AUTH_REJECT; - goto err_reply; + rpcsvc_request_destroy (req); + return -1; } /* DRC */ diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c index 93cb3c461f2..f731bab4b0a 100644 --- a/rpc/rpc-transport/socket/src/name.c +++ b/rpc/rpc-transport/socket/src/name.c @@ -23,21 +23,6 @@ #include "socket.h" #include "common-utils.h" -static void -_assign_port (struct sockaddr *sockaddr, uint16_t port) -{ - switch (sockaddr->sa_family) { - case AF_INET6: - ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); - break; - - case AF_INET_SDP: - case AF_INET: - ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); - break; - } -} - static int32_t af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, socklen_t sockaddr_len, int ceiling) @@ -56,7 +41,17 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, while (port) { - _assign_port (sockaddr, port); + switch (sockaddr->sa_family) + { + case AF_INET6: + ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); + break; + + case AF_INET_SDP: + case AF_INET: + ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); + break; + } // ignore the reserved ports if (ports[port] == _gf_true) { port--; @@ -445,24 +440,12 @@ client_bind (rpc_transport_t *this, if (!this->bind_insecure) { ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr, *sockaddr_len, GF_CLIENT_PORT_CEILING); - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "cannot bind inet socket (%d) to port less than %d (%s)", - sock, GF_CLIENT_PORT_CEILING, strerror (errno)); - ret = 0; - } - } else { - /* A port number of zero will let the bind function to - * pick any available local port dynamically - */ - _assign_port (sockaddr, 0); - ret = bind (sock, sockaddr, *sockaddr_len); - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "failed while binding to available ports (%s)", - strerror (errno)); - ret = 0; - } + } + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "cannot bind inet socket (%d) to port less than %d (%s)", + sock, GF_CLIENT_PORT_CEILING, strerror (errno)); + ret = 0; } break; |