From b708b18b833d1f2ba4da394884bc762a821ff56b Mon Sep 17 00:00:00 2001
From: Kaushal M <kaushal@gluster.com>
Date: Tue, 23 Aug 2011 12:23:53 +0530
Subject: cli, protocol/server : improve validation for the option
 auth.(allow/reject)

cli now checks validity of address list given for 'volume set auth.*'

Server xlator checks addresses supplied to auth.(allow/reject) option
including wildcards for correctness in case volfile is manually edited.

Original patch done by shylesh@gluster.com
Original patch  is at http://patches.gluster.com/patch/7566/

Change-Id: Icf52d6eeef64d6632b15aa90a379fadacdf74fef
BUG: 764197
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.com/306
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
---
 cli/src/cli-cmd-parser.c | 50 +++++++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 47 insertions(+), 3 deletions(-)

(limited to 'cli')

diff --git a/cli/src/cli-cmd-parser.c b/cli/src/cli-cmd-parser.c
index ef69235d673..b169b77c68d 100644
--- a/cli/src/cli-cmd-parser.c
+++ b/cli/src/cli-cmd-parser.c
@@ -36,7 +36,6 @@
 #include "protocol-common.h"
 #include "cli1-xdr.h"
 
-
 static const char *
 id_sel (void *wcon)
 {
@@ -635,6 +634,43 @@ out:
         return ret;
 }
 
+int32_t
+cli_cmd_valid_ip_list (char *iplist)
+{
+        int     ret = 0;
+        char    *duplist = NULL;
+        char    *addr = NULL;
+        char    *saveptr = NULL;
+
+        GF_ASSERT (iplist);
+        duplist = gf_strdup (iplist);
+
+        if (!duplist) {
+                ret = -1;
+                goto out;
+        }
+
+        addr = strtok_r (duplist, ",", &saveptr);
+        if (!addr) {
+                ret = -1;
+                goto out;
+        }
+        while (addr) {
+                if (!valid_internet_address (addr) &&
+                    !valid_wildcard_internet_address (addr)) {
+                        cli_out ("Invalid ip or wildcard : %s", addr);
+                        ret= -1;
+                        goto out;
+                }
+                addr = strtok_r (NULL, ",", &saveptr);
+        }
+out:
+        if (duplist)
+                GF_FREE (duplist);
+        gf_log ("cli", GF_LOG_INFO, "Returning %d", ret);
+        return ret;
+}
+
 int32_t
 cli_cmd_volume_set_parse (const char **words, int wordcount, dict_t **options)
 {
@@ -691,10 +727,18 @@ cli_cmd_volume_set_parse (const char **words, int wordcount, dict_t **options)
 		if ( !key || !value) {
 			ret = -1;
 			goto out;
-        	}
+	        }
 
                 count++;
-
+                if (!strncmp ("auth.allow", key, sizeof (key)) ||
+                    !strncmp ("auth.reject", key, sizeof (key))) {
+                        ret = cli_cmd_valid_ip_list (value);
+                        if (ret) {
+                                gf_log ("cli", GF_LOG_ERROR,
+                                        "invalid ips given");
+                                goto out;
+                        }
+                }
                 sprintf (str, "key%d", count);
                 ret = dict_set_str (dict, str, key);
                 if (ret)
-- 
cgit