gf_auth also needs to handle server.allow-insecure

When server.allow-insecure option is set, the connection from client
can be from any port. gf_auth also needs to check for this option

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Anand Avati <avati@gluster.com>

BUG: 2868 (Add xlator-option to support insecure-bind for clients)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2868

1 files changed, 15 insertions, 1 deletions

diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c
index 3b326715ee0..feb1bd38295 100644
--- a/xlators/protocol/auth/addr/src/addr.c
+++ b/xlators/protocol/auth/addr/src/addr.c
@@ -54,6 +54,8 @@ gf_auth (dict_t *input_params, dict_t *config_params)
   peer_info_t *peer_info = NULL;
   data_t *allow_addr = NULL, *reject_addr = NULL;
   char is_inet_sdp = 0;
+  char *type = NULL;
+  gf_boolean_t allow_insecure = _gf_false;
 
   name = data_to_str (dict_get (input_params, "remote-subvolume"));
   if (!name) {
@@ -133,8 +135,20 @@ gf_auth (dict_t *input_params, dict_t *config_params)
 	  ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP;
 	}
 
+        ret = dict_get_str (config_params, "rpc-auth-allow-insecure",
+                            &type);
+        if (ret == 0) {
+                ret = gf_string2boolean (type, &allow_insecure);
+                if (ret < 0) {
+                        gf_log ("auth/addr", GF_LOG_WARNING,
+                                "rpc-auth-allow-insecure option %s "
+                                "is not a valid bool option", type);
+                        return AUTH_DONT_CARE;
+                }
+        }
+
 	peer_port = atoi (service);
-	if (peer_port >= PRIVILEGED_PORT_CEILING) {
+	if (peer_port >= PRIVILEGED_PORT_CEILING && !allow_insecure) {
 	  gf_log ("auth/addr", GF_LOG_ERROR,
 		  "client is bound to port %d which is not privileged",
 		  peer_port);