From 05f466f6337c56a95fcd090f0f3d286c611cc92b Mon Sep 17 00:00:00 2001 From: Raghavendra G Date: Thu, 2 Jul 2015 05:22:20 -0700 Subject: Revert "rpc: By default set allow-insecure, bind-insecure to on" This reverts commit 243a5b429f225acb8e7132264fe0a0835ff013d5. This patch introduced a regression where client no longer binds to privileged port. This is causing lots of regressions. Hence reverting this patch for now and will be resent after suitable modifications. Change-Id: I302252fd3832b0a5a03b04e30cfa0def37597404 Reviewed-on: http://review.gluster.org/11508 Reviewed-by: Raghavendra G Tested-by: Raghavendra G --- rpc/rpc-lib/src/rpc-transport.c | 3 +-- rpc/rpc-lib/src/rpcsvc-auth.c | 13 +--------- rpc/rpc-lib/src/rpcsvc.c | 6 ++--- rpc/rpc-transport/socket/src/name.c | 51 +++++++++++++------------------------ 4 files changed, 21 insertions(+), 52 deletions(-) (limited to 'rpc') diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 0a791abfddd..23fbf37360d 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -267,8 +267,7 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name) else trans->bind_insecure = 0; } else { - /* By default allow bind insecure */ - trans->bind_insecure = 1; + trans->bind_insecure = 0; } ret = dict_get_str (options, "transport-type", &type); diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index b7d6c2216ef..6b4c7937437 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -221,20 +221,9 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) else svc->allow_insecure = 0; } - } else { - /* By default set allow-insecure to true */ - svc->allow_insecure = 1; - - /* setting in options for the sake of functions that look - * configuration params for allow insecure, eg: gf_auth - */ - ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); - if (ret < 0) - gf_log ("rpc-auth", GF_LOG_DEBUG, - "dict_set failed for 'allow-insecure'"); } - return ret; + return 0; } int diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 8eb38ed8eff..be95d25b1b1 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -636,10 +636,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, gf_log (GF_RPCSVC, GF_LOG_ERROR, "Request received from non-" "privileged port. Failing request"); - req->rpc_status = MSG_DENIED; - req->rpc_err = AUTH_ERROR; - req->auth_err = RPCSVC_AUTH_REJECT; - goto err_reply; + rpcsvc_request_destroy (req); + return -1; } /* DRC */ diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c index 93cb3c461f2..f731bab4b0a 100644 --- a/rpc/rpc-transport/socket/src/name.c +++ b/rpc/rpc-transport/socket/src/name.c @@ -23,21 +23,6 @@ #include "socket.h" #include "common-utils.h" -static void -_assign_port (struct sockaddr *sockaddr, uint16_t port) -{ - switch (sockaddr->sa_family) { - case AF_INET6: - ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); - break; - - case AF_INET_SDP: - case AF_INET: - ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); - break; - } -} - static int32_t af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, socklen_t sockaddr_len, int ceiling) @@ -56,7 +41,17 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, while (port) { - _assign_port (sockaddr, port); + switch (sockaddr->sa_family) + { + case AF_INET6: + ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); + break; + + case AF_INET_SDP: + case AF_INET: + ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); + break; + } // ignore the reserved ports if (ports[port] == _gf_true) { port--; @@ -445,24 +440,12 @@ client_bind (rpc_transport_t *this, if (!this->bind_insecure) { ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr, *sockaddr_len, GF_CLIENT_PORT_CEILING); - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "cannot bind inet socket (%d) to port less than %d (%s)", - sock, GF_CLIENT_PORT_CEILING, strerror (errno)); - ret = 0; - } - } else { - /* A port number of zero will let the bind function to - * pick any available local port dynamically - */ - _assign_port (sockaddr, 0); - ret = bind (sock, sockaddr, *sockaddr_len); - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "failed while binding to available ports (%s)", - strerror (errno)); - ret = 0; - } + } + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "cannot bind inet socket (%d) to port less than %d (%s)", + sock, GF_CLIENT_PORT_CEILING, strerror (errno)); + ret = 0; } break; -- cgit