transport: fix default behavior for SSL authorization

Previously, enabling SSL authentication/encryption but not authorization
required explicitly setting ssl-allow=*.  Now that same behavior is the
default (i.e. when ssl-allow is not set).

Also, there's no reason that a name used for *login* auth (typically a
UUID for internal purposes or a human name when using SSL) should
validate as an RFC-compliant host name or IP address.  Therefore the
validation only occurs when the auth type is "addr" (not "login" or
anything else).

Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d
BUG: 1179208
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9397
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

1 files changed, 6 insertions, 0 deletions

diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c
index 6f6be52ab15..0dfe19a16b4 100644
--- a/xlators/protocol/server/src/server.c
+++ b/xlators/protocol/server/src/server.c
@@ -380,6 +380,12 @@ _check_for_auth_option (dict_t *d, char *k, data_t *v,
         if (!tail)
                 goto out;
 
+        if (strncmp(tail, "addr.", 5) != 0) {
+                gf_log (xl->name, GF_LOG_INFO,
+                        "skip format check for non-addr auth option %s", k);
+                goto out;
+        }
+
         /* fast fwd thru module type */
         tail = strchr (tail, '.');
         if (!tail)