diff options
-rw-r--r-- | tests/bugs/protocol/bug-1433815-auth-allow.t | 1 | ||||
-rw-r--r-- | xlators/protocol/client/src/client-handshake.c | 3 | ||||
-rw-r--r-- | xlators/protocol/server/src/server-handshake.c | 41 |
3 files changed, 29 insertions, 16 deletions
diff --git a/tests/bugs/protocol/bug-1433815-auth-allow.t b/tests/bugs/protocol/bug-1433815-auth-allow.t index fa22ad8afd5..a78c0eb7111 100644 --- a/tests/bugs/protocol/bug-1433815-auth-allow.t +++ b/tests/bugs/protocol/bug-1433815-auth-allow.t @@ -17,6 +17,7 @@ TEST $CLI volume create $V0 $H0:$B0/$V0 # Set auth.allow so it *doesn't* include ourselves. TEST $CLI volume set $V0 auth.allow 1.2.3.4 TEST $CLI volume start $V0 +EXPECT_WITHIN $CHILD_UP_TIMEOUT "1" online_brick_count # "System getspec" will include the username and password if the request comes # from a server (which we are). Unfortunately, this will cause authentication diff --git a/xlators/protocol/client/src/client-handshake.c b/xlators/protocol/client/src/client-handshake.c index 01505587243..e561f4c21f6 100644 --- a/xlators/protocol/client/src/client-handshake.c +++ b/xlators/protocol/client/src/client-handshake.c @@ -1031,8 +1031,7 @@ client_setvolume_cbk(struct rpc_req *req, struct iovec *iov, int count, "SETVOLUME on remote-host failed: %s", remote_error); errno = op_errno; - if (remote_error && - (strcmp("Authentication failed", remote_error) == 0)) { + if (remote_error && (op_errno == EACCES)) { auth_fail = _gf_true; op_ret = 0; } diff --git a/xlators/protocol/server/src/server-handshake.c b/xlators/protocol/server/src/server-handshake.c index a0ff16349b3..82d7409035b 100644 --- a/xlators/protocol/server/src/server-handshake.c +++ b/xlators/protocol/server/src/server-handshake.c @@ -249,6 +249,7 @@ server_setvolume(rpcsvc_request_t *req) char *subdir_mount = NULL; char *client_name = NULL; gf_boolean_t cleanup_starting = _gf_false; + gf_boolean_t xlator_in_graph = _gf_true; params = dict_new(); reply = dict_new(); @@ -310,8 +311,10 @@ server_setvolume(rpcsvc_request_t *req) LOCK(&ctx->volfile_lock); { xl = get_xlator_by_name(this, name); - if (!xl) + if (!xl) { + xlator_in_graph = _gf_false; xl = this; + } } UNLOCK(&ctx->volfile_lock); if (xl == NULL) { @@ -567,20 +570,30 @@ server_setvolume(rpcsvc_request_t *req) "failed to set error " "msg"); } else { - gf_event(EVENT_CLIENT_AUTH_REJECT, - "client_uid=%s;" - "client_identifier=%s;server_identifier=%s;" - "brick_path=%s", - client->client_uid, req->trans->peerinfo.identifier, - req->trans->myinfo.identifier, name); - gf_msg(this->name, GF_LOG_ERROR, EACCES, PS_MSG_AUTHENTICATE_ERROR, - "Cannot authenticate client" - " from %s %s", - client->client_uid, (clnt_version) ? clnt_version : "old"); - op_ret = -1; - op_errno = EACCES; - ret = dict_set_str(reply, "ERROR", "Authentication failed"); + if (!xlator_in_graph) { + gf_msg(this->name, GF_LOG_ERROR, ENOENT, PS_MSG_AUTHENTICATE_ERROR, + "Cannot authenticate client" + " from %s %s because brick is not attached in graph", + client->client_uid, (clnt_version) ? clnt_version : "old"); + + op_errno = ENOENT; + ret = dict_set_str(reply, "ERROR", "Brick not found"); + } else { + gf_event(EVENT_CLIENT_AUTH_REJECT, + "client_uid=%s;" + "client_identifier=%s;server_identifier=%s;" + "brick_path=%s", + client->client_uid, req->trans->peerinfo.identifier, + req->trans->myinfo.identifier, name); + gf_msg(this->name, GF_LOG_ERROR, EACCES, PS_MSG_AUTHENTICATE_ERROR, + "Cannot authenticate client" + " from %s %s", + client->client_uid, (clnt_version) ? clnt_version : "old"); + + op_errno = EACCES; + ret = dict_set_str(reply, "ERROR", "Authentication failed"); + } if (ret < 0) gf_msg_debug(this->name, 0, "failed to set error " |