From c7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171 Mon Sep 17 00:00:00 2001 From: Mohit Agrawal Date: Thu, 30 Mar 2017 14:45:59 +0530 Subject: cli/auth : auth.allow and auth.reject does not accept FQDN/host name Problem : At the time of set FQDN name to "auth.allow/auth.reject" through gluster cli,it does not accept FQDN/host name. Solution: Condition needs to be update in verify_host_name and gf_auth to accept FQDN/host name. Fix : Change the condition to accept FQDN/host Name. To verify the patch followed below procedure 1) Try to set FQDN name for auth.allow or auth.reject parameter gluster v set myvol auth.reject It gives error "fqdn-name" is not a valid internet-address-list 2) After apply the patch it does not give any error. 3) To verify auth.allow/reject try to mount volume on some client. Change-Id: Ieb76cbb93d43323fd29c7ca04efe3790edb4281b BUG: 1321578 Signed-off-by: Mohit Agrawal Reviewed-on: https://review.gluster.org/15086 Smoke: Gluster Build System NetBSD-regression: NetBSD Build System CentOS-regression: Gluster Build System Reviewed-by: Niels de Vos Reviewed-by: Atin Mukherjee Reviewed-by: Raghavendra G --- xlators/protocol/auth/addr/src/addr.c | 39 ++++++++++++++++++++++++++++------- 1 file changed, 31 insertions(+), 8 deletions(-) (limited to 'xlators/protocol/auth/addr') diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c index 7ccbb577f48..cafcf28f1e9 100644 --- a/xlators/protocol/auth/addr/src/addr.c +++ b/xlators/protocol/auth/addr/src/addr.c @@ -44,6 +44,7 @@ gf_auth (dict_t *input_params, dict_t *config_params) char peer_addr[UNIX_PATH_MAX] = {0,}; char *type = NULL; gf_boolean_t allow_insecure = _gf_false; + int length = 0; name = data_to_str (dict_get (input_params, "remote-subvolume")); if (!name) { @@ -158,11 +159,22 @@ gf_auth (dict_t *input_params, dict_t *config_params) addr_str++; } - match = fnmatch (addr_str, peer_addr, 0); - if (negate ? match : !match) { - result = AUTH_REJECT; - goto out; + length = strlen(addr_str); + if ((addr_str[0] != '*') && + valid_host_name (addr_str, length)) { + match = gf_is_same_address(addr_str, peer_addr); + if (match) { + result = AUTH_REJECT; + goto out; + } + } else { + match = fnmatch (addr_str, peer_addr, 0); + if (negate ? match : !match) { + result = AUTH_REJECT; + goto out; + } } + addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); } GF_FREE (addr_cpy); @@ -185,11 +197,22 @@ gf_auth (dict_t *input_params, dict_t *config_params) addr_str++; } - match = fnmatch (addr_str, peer_addr, 0); - if (negate ? match : !match) { - result = AUTH_ACCEPT; - goto out; + length = strlen(addr_str); + if ((addr_str[0] != '*') && + valid_host_name (addr_str, length)) { + match = gf_is_same_address(addr_str, peer_addr); + if (match) { + result = AUTH_ACCEPT; + goto out; + } + } else { + match = fnmatch (addr_str, peer_addr, 0); + if (negate ? match : !match) { + result = AUTH_ACCEPT; + goto out; + } } + addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); } } -- cgit