diff options
| author | Rajesh Amaravathi <rajesh@redhat.com> | 2013-01-28 18:16:32 +0530 | 
|---|---|---|
| committer | Anand Avati <avati@redhat.com> | 2013-02-06 16:15:54 -0800 | 
| commit | 0b7cdbf50dea9ee77bc8f71526a1566945672c19 (patch) | |
| tree | b574ace1e33b0d234e9986545747e625b614de04 /rpc | |
| parent | 2197c8b41423a7a9a5e55db0d3a5a27131966e72 (diff) | |
rpc: get hostnames of client to allow FQDN based authentication
If FQDNs are used to authenticate clients, then from
this commit forth, the client ip(v4,6) is reverse looked up
using getnameinfo to get a hostname associated with it,
if any, thereby making FQDN-based rpc authentication possible.
Change-Id: I4c5241e7079a2560de79ca15f611e65c0b858f9b
BUG: 903553
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.org/4439
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 20 | 
1 files changed, 20 insertions, 0 deletions
| diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 7cb89db09..c8595ee8e 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1925,10 +1925,13 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)          char                    *addrstr = NULL;          char                    *dup_addrstr = NULL;          char                    *svptr = NULL; +        char                    *fqdn        = NULL;          if ((!options) || (!clstr))                  return -1; +        ret = dict_get_str (options, "client.fqdn", &fqdn); +          if (!dict_get (options, pattern))                  return -1; @@ -1956,6 +1959,17 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)                  if (ret == 0)                          goto err; +                /* compare hostnames if applicable */ +                if (fqdn) { +#ifdef FNM_CASEFOLD +                        ret = fnmatch (addrtok, fqdn, FNM_CASEFOLD); +#else +                        ret = fnmatch (addrtok, fqdn, 0); +#endif +                        if (ret == 0) +                                goto err; +                } +                  addrtok = strtok_r (NULL, ",", &svptr);          } @@ -2174,6 +2188,7 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname,          int     aret = RPCSVC_AUTH_REJECT;          int     rjret = RPCSVC_AUTH_REJECT;          char    clstr[RPCSVC_PEER_STRLEN]; +        char   *hostname    = NULL;          if (!trans)                  return ret; @@ -2186,6 +2201,11 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname,                  goto err;          } +        ret = gf_get_hostname_from_ip (clstr, &hostname); +        if (!ret) +                ret = dict_set_dynstr (options, "client.fqdn", +                                       hostname); +          aret = rpcsvc_transport_peer_check_allow (options, volname, clstr);          rjret = rpcsvc_transport_peer_check_reject (options, volname, clstr); | 
