diff options
| -rw-r--r-- | cli/src/cli-cmd-parser.c | 6 | ||||
| -rw-r--r-- | cli/src/cli-cmd-peer.c | 2 | ||||
| -rw-r--r-- | libglusterfs/src/common-utils.c | 34 | ||||
| -rw-r--r-- | libglusterfs/src/glusterfs/common-utils.h | 3 | ||||
| -rw-r--r-- | libglusterfs/src/options.c | 6 | ||||
| -rw-r--r-- | tests/bugs/bug-1138841.t | 25 | ||||
| -rw-r--r-- | xlators/features/quiesce/src/quiesce.c | 2 | ||||
| -rw-r--r-- | xlators/protocol/auth/addr/src/addr.c | 16 |
8 files changed, 79 insertions, 15 deletions
diff --git a/cli/src/cli-cmd-parser.c b/cli/src/cli-cmd-parser.c index b29b3e9bd29..d9913f678a0 100644 --- a/cli/src/cli-cmd-parser.c +++ b/cli/src/cli-cmd-parser.c @@ -144,7 +144,7 @@ cli_cmd_bricks_parse(const char **words, int wordcount, int brick_index, GF_FREE(tmp_host); goto out; } - if (!valid_internet_address(host_name, _gf_false)) { + if (!valid_internet_address(host_name, _gf_false, _gf_false)) { cli_err( "internet address '%s' does not conform to " "standards", @@ -3615,7 +3615,7 @@ cli_cmd_volume_statedump_options_parse(const char **words, int wordcount, } ip_addr = strtok(tmp, ":"); pid = strtok(NULL, ":"); - if (valid_internet_address(ip_addr, _gf_true) && pid && + if (valid_internet_address(ip_addr, _gf_true, _gf_false) && pid && gf_valid_pid(pid, strlen(pid))) { ret = gf_asprintf(&option_str, "%s %s %s", words[3], ip_addr, pid); if (ret < 0) { @@ -3809,7 +3809,7 @@ extract_hostname_path_from_token(const char *tmp_words, char **hostname, ret = -1; goto out; } - if (!valid_internet_address(host_name, _gf_false)) { + if (!valid_internet_address(host_name, _gf_false, _gf_false)) { cli_err( "internet address '%s' does not conform to " "standards", diff --git a/cli/src/cli-cmd-peer.c b/cli/src/cli-cmd-peer.c index 6c7a7ea2794..e42a1139b87 100644 --- a/cli/src/cli-cmd-peer.c +++ b/cli/src/cli-cmd-peer.c @@ -60,7 +60,7 @@ cli_cmd_peer_probe_cbk(struct cli_state *state, struct cli_cmd_word *word, if (ret) goto out; - ret = valid_internet_address((char *)words[2], _gf_false); + ret = valid_internet_address((char *)words[2], _gf_false, _gf_false); if (ret == 1) { ret = 0; } else { diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c index 6cefb2a439b..4104c576fd2 100644 --- a/libglusterfs/src/common-utils.c +++ b/libglusterfs/src/common-utils.c @@ -2090,7 +2090,7 @@ out: * @ip_str : The IP to check * @network: The network to check the IP against. * - * @return: success: 0 + * @return: success: _gf_true * failure: -EINVAL for bad args, retval of inet_pton otherwise */ gf_boolean_t @@ -2457,6 +2457,31 @@ out: return ret; } +char +valid_cidr_address(char *cidr_address, gf_boolean_t wildcard_acc) +{ + unsigned int net_mask = 0, len = 0; + char *temp = NULL, *cidr_str = NULL, ret = 1; + + cidr_str = strdupa(cidr_address); + temp = strstr(cidr_str, "/"); + if (temp == NULL) + return 0; /* Since Invalid cidr ip address we return 0 */ + + *temp = '\0'; + temp++; + net_mask = (unsigned int)atoi(temp); + + if (net_mask > 32 || net_mask < 1) + return 0; /* Since Invalid cidr ip address we return 0*/ + + len = strlen(cidr_str); + + ret = valid_ipv4_address(cidr_str, len, wildcard_acc); + + return ret; +} + /** * valid_ipv4_subnetwork() takes the pattern and checks if it contains * a valid ipv4 subnetwork pattern i.e. xx.xx.xx.xx/n. IPv4 address @@ -2593,7 +2618,8 @@ out: } char -valid_internet_address(char *address, gf_boolean_t wildcard_acc) +valid_internet_address(char *address, gf_boolean_t wildcard_acc, + gf_boolean_t cidr) { char ret = 0; int length = 0; @@ -2608,6 +2634,10 @@ valid_internet_address(char *address, gf_boolean_t wildcard_acc) if (length == 0) goto out; + if (cidr && valid_cidr_address(address, wildcard_acc)) { + ret = 1; + } + if (valid_ipv4_address(address, length, wildcard_acc) || valid_ipv6_address(address, length, wildcard_acc) || valid_host_name(address, length)) diff --git a/libglusterfs/src/glusterfs/common-utils.h b/libglusterfs/src/glusterfs/common-utils.h index 76d1e5feee5..b688981617d 100644 --- a/libglusterfs/src/glusterfs/common-utils.h +++ b/libglusterfs/src/glusterfs/common-utils.h @@ -875,7 +875,8 @@ valid_ipv4_address(char *address, int length, gf_boolean_t wildcard_acc); char valid_ipv6_address(char *address, int length, gf_boolean_t wildcard_acc); char -valid_internet_address(char *address, gf_boolean_t wildcard_acc); +valid_internet_address(char *address, gf_boolean_t wildcard_acc, + gf_boolean_t cidr); gf_boolean_t valid_mount_auth_address(char *address); gf_boolean_t diff --git a/libglusterfs/src/options.c b/libglusterfs/src/options.c index ccb8975b33b..da24122205e 100644 --- a/libglusterfs/src/options.c +++ b/libglusterfs/src/options.c @@ -551,7 +551,7 @@ xlator_option_validate_addr(xlator_t *xl, const char *key, const char *value, int ret = -1; char errstr[256]; - if (!valid_internet_address((char *)value, _gf_false)) { + if (!valid_internet_address((char *)value, _gf_false, _gf_false)) { snprintf(errstr, 256, "option %s %s: Can not parse %s address", key, value, value); gf_msg(xl->name, GF_LOG_ERROR, 0, LG_MSG_INVALID_ENTRY, "%s", errstr); @@ -592,7 +592,7 @@ xlator_option_validate_addr_list(xlator_t *xl, const char *key, /* Possible old format, handle it for back-ward compatibility */ addr_tok = strtok_r(dup_val, ",", &save_ptr); while (addr_tok) { - if (!valid_internet_address(addr_tok, _gf_true)) + if (!valid_internet_address(addr_tok, _gf_true, _gf_true)) goto out; addr_tok = strtok_r(NULL, ",", &save_ptr); @@ -627,7 +627,7 @@ xlator_option_validate_addr_list(xlator_t *xl, const char *key, if (addr_tok == NULL) goto out; while (addr_tok) { - if (!valid_internet_address(addr_tok, _gf_true)) + if (!valid_internet_address(addr_tok, _gf_true, _gf_true)) goto out; addr_tok = strtok_r(NULL, "|", &save_ptr); diff --git a/tests/bugs/bug-1138841.t b/tests/bugs/bug-1138841.t new file mode 100644 index 00000000000..abec5e89d56 --- /dev/null +++ b/tests/bugs/bug-1138841.t @@ -0,0 +1,25 @@ +#!/bin/bash +. $(dirname $0)/../include.rc +. $(dirname $0)/../volume.rc +. $(dirname $0)/../dht.rc +cleanup; + +TEST glusterd +TEST pidof glusterd + +## Create a volume and set auth.allow using cidr format ip + +TEST $CLI volume create $V0 $H0:$B0/${V0}{0,1} +TEST $CLI volume set $V0 auth.allow 127.0.0.1/20 +TEST $CLI volume start $V0 + + +## mount the volume and create a file on the mount point + +TEST $GFS --volfile-server=$H0 --volfile-id=$V0 $M0 +TEST touch $M0/tmp1 + +## Stop the volume and do the cleanup + +TEST $CLI volume stop $V0 +cleanup diff --git a/xlators/features/quiesce/src/quiesce.c b/xlators/features/quiesce/src/quiesce.c index abdb901f356..bfd1116a568 100644 --- a/xlators/features/quiesce/src/quiesce.c +++ b/xlators/features/quiesce/src/quiesce.c @@ -95,7 +95,7 @@ gf_quiesce_populate_failover_hosts(xlator_t *this, quiesce_priv_t *priv, __gf_quiesce_cleanup_failover_hosts(this, priv); addr_tok = strtok_r(dup_val, ",", &save_ptr); while (addr_tok) { - if (!valid_internet_address(addr_tok, _gf_true)) { + if (!valid_internet_address(addr_tok, _gf_true, _gf_false)) { gf_msg(this->name, GF_LOG_INFO, 0, QUIESCE_MSG_INVAL_HOST, "Specified " "invalid internet address:%s", diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c index 0d995862de4..bf12c455d7c 100644 --- a/xlators/protocol/auth/addr/src/addr.c +++ b/xlators/protocol/auth/addr/src/addr.c @@ -65,10 +65,18 @@ compare_addr_and_update(char *option_str, char *peer_addr, char *subvol, goto out; } } else { - match = fnmatch(addr_str, peer_addr, 0); - if (negate ? match : !match) { - *result = status; - goto out; + if (strstr(addr_str, "/")) { + match = gf_is_ip_in_net(addr_str, peer_addr); + if (negate ? !match : match) { + *result = status; + goto out; + } + } else { + match = fnmatch(addr_str, peer_addr, 0); + if (negate ? match : !match) { + *result = status; + goto out; + } } } |