From 55bbf23b3a608f67b7a05939f4205049e92d081a Mon Sep 17 00:00:00 2001
From: shishir gowda <shishirng@gluster.com>
Date: Mon, 30 Aug 2010 03:54:32 +0000
Subject: Only admin should be able to run gluster command

Checking for port number to fail any requests coming in
from client. if port is >1024, then fail the requests

Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>

BUG: 1403 (only admin (uid 0) should be able to run 'gluster' command)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1403
---
 rpc/rpc-lib/src/rpcsvc.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'rpc')

diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index ee3d674c2eb..f76a34e3f54 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -925,10 +925,39 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
         rpcsvc_actor_t          *actor = NULL;
         rpcsvc_request_t        *req = NULL;
         int                     ret = -1;
+        uint16_t                port = 0;
 
         if (!trans || !svc)
                 return -1;
 
+        switch (trans->peerinfo.sockaddr.ss_family) {
+        case AF_INET:
+                port = ((struct sockaddr_in *)&trans->peerinfo.sockaddr)->sin_port;
+                break;
+
+        case AF_INET6:
+                port = ((struct sockaddr_in6 *)&trans->peerinfo.sockaddr)->sin6_port;
+                break;
+
+        default:
+                gf_log (GF_RPCSVC, GF_LOG_DEBUG,
+                        "invalid address family (%d)",
+                        trans->peerinfo.sockaddr.ss_family);
+                return -1;
+        }
+
+
+
+        port = ntohs (port);
+
+        gf_log ("rpcsvc", GF_LOG_TRACE, "Client port: %d", (int)port);
+
+        if (port > 1024) {  //Non-privilaged user, fail request
+                gf_log ("glusterd", GF_LOG_ERROR, "Request received from non-"
+                        "privileged port. Failing request");
+                return -1;
+        }
+
         req = rpcsvc_request_create (svc, trans, msg);
         if (!req)
                 goto err;
-- 
cgit