glusterfs.git/rpc/rpc-lib/src/rpcsvc-auth.c, branch v6.1 libglusterfs: Move devel headers under glusterfs directory 2018-12-05T21:47:04+00:00 ShyamsundarR srangana@redhat.com 2018-11-29T19:08:06+00:00 20ef211cfa5b5fcc437484a879fdc5d4c66bbaf5 libglusterfs devel package headers are referenced in code using include semantics for a program, this while it works can be better especially when dealing with out of tree xlator builds or in general out of tree devel package usage. Towards this, the following changes are done, - moved all devel headers under a glusterfs directory - Included these headers using system header notation <> in all code outside of libglusterfs - Included these headers using own program notation "" within libglusterfs This change although big, is just moving around the headers and making it correct when including these headers from other sources. This helps us correctly include libglusterfs includes without namespace conflicts. Change-Id: Id2a98854e671a7ee5d73be44da5ba1a74252423b Updates: bz#1193929 Signed-off-by: ShyamsundarR <srangana@redhat.com> 
libglusterfs devel package headers are referenced in code using
include semantics for a program, this while it works can be better
especially when dealing with out of tree xlator builds or in
general out of tree devel package usage.

Towards this, the following changes are done,
- moved all devel headers under a glusterfs directory
- Included these headers using system header notation <> in all
code outside of libglusterfs
- Included these headers using own program notation "" within
libglusterfs

This change although big, is just moving around the headers and
making it correct when including these headers from other sources.

This helps us correctly include libglusterfs includes without
namespace conflicts.

Change-Id: Id2a98854e671a7ee5d73be44da5ba1a74252423b
Updates: bz#1193929
Signed-off-by: ShyamsundarR <srangana@redhat.com>
protocol/server: support server.all-squash 2018-12-05T21:45:49+00:00 Xie Changlong xiechanglong@cmss.chinamobile.com 2018-12-03T11:02:32+00:00 ad446dabb88439ba83e2092021b09894351e8e71 We still use gnfs on our side, so do a little work to support server.all-squash. Just like server.root-squash, it's also a volume wide option. Also see bz#1285126 $ gluster volume set <VOLNAME> server.all-squash on Note: If you enable server.root-squash and server.all-squash at the same time, only server.all-squash works. Please refer to following table +---------------+-----------------+---------------------------+ | |all_squash | no_all_squash | +-------------------------------------------------------------+ | | |anonuid/anongid for root | |root_squash |anonuid/anongid |useruid/usergid for no-root| +-------------------------------------------------------------+ |no_root_squash |anonuid/anongid |useruid/usergid | +-------------------------------------------------------------+ Updates bz#1285126 Signed-off-by: Xie Changlong <xiechanglong@cmss.chinamobile.com> Signed-off-by: Xue Chuanyu <xuechuanyu@cmss.chinamobile.com> Change-Id: Iea043318fe6e9a75fa92b396737985062a26b47e 
We still use gnfs on our side, so do a little work to support
server.all-squash. Just like server.root-squash, it's also a
volume wide option. Also see bz#1285126

$ gluster volume set <VOLNAME> server.all-squash on

Note: If you enable server.root-squash and server.all-squash
at the same time, only server.all-squash works. Please refer
to following table

+---------------+-----------------+---------------------------+
|               |all_squash       | no_all_squash             |
+-------------------------------------------------------------+
|               |                 |anonuid/anongid for root   |
|root_squash    |anonuid/anongid  |useruid/usergid for no-root|
+-------------------------------------------------------------+
|no_root_squash |anonuid/anongid  |useruid/usergid            |
+-------------------------------------------------------------+

Updates bz#1285126
Signed-off-by: Xie Changlong <xiechanglong@cmss.chinamobile.com>
Signed-off-by: Xue Chuanyu <xuechuanyu@cmss.chinamobile.com>
Change-Id: Iea043318fe6e9a75fa92b396737985062a26b47e
Land part 2 of clang-format changes 2018-09-12T12:22:45+00:00 Gluster Ant bugzilla-bot@gluster.org 2018-09-12T12:22:45+00:00 e16868dede6455cab644805af6fe1ac312775e13 Change-Id: Ia84cc24c8924e6d22d02ac15f611c10e26db99b4 Signed-off-by: Nigel Babu <nigelb@redhat.com> 
Change-Id: Ia84cc24c8924e6d22d02ac15f611c10e26db99b4
Signed-off-by: Nigel Babu <nigelb@redhat.com>
rpc/*: auth-header changes 2018-01-17T06:00:39+00:00 Amar Tumballi amarts@redhat.com 2017-11-06T18:37:12+00:00 75b063d76d78b5d1e0e53a1be37dc5ad9200f7b2 Introduce another authentication header which can now send more data. This is useful because this data can be common for all the fops, and we don't need to change all the signatures. As part of this, made rpc-clnt.c little more modular to support multiple authentication structures. stack.h changes are placeholder for the ctime etc, can be moved later based on need. updates #384 Change-Id: I6111c13cfd2ec92e2b4e9295896bf62a8a33b2c7 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Introduce another authentication header which can now send more data.
This is useful because this data can be common for all the fops, and
we don't need to change all the signatures.

As part of this, made rpc-clnt.c little more modular to support multiple
authentication structures.

stack.h changes are placeholder for the ctime etc, can be moved later
based on need.

updates #384

Change-Id: I6111c13cfd2ec92e2b4e9295896bf62a8a33b2c7
Signed-off-by: Amar Tumballi <amarts@redhat.com>
rpc-lib: coverity fixes 2017-11-22T16:58:39+00:00 Milind Changire mchangir@redhat.com 2017-11-22T11:33:11+00:00 50a480701f4bf6885d3811e245a47d99661695d8 Scan URL: https://download.gluster.org/pub/gluster/glusterfs/static-analysis/master/glusterfs-coverity/2017-11-10-0f524f07/html/ ID: 9 (BAD_SHIFT) ID: 58 (CHECKED_RETURN) ID: 98 (DEAD_CODE) ID: 249, 250, 251, 252 (MIXED_ENUMS) ID: 289, 297 (NULL_RETURNS) ID: 609, 613, 622, 644, 653, 655 (UNUSED_VALUE) ID: 432 (RESOURCE_LEAK) Change-Id: I2349877214dd38b789e08b74be05539f09b751b9 BUG: 789278 Signed-off-by: Milind Changire <mchangir@redhat.com> 
Scan URL:
https://download.gluster.org/pub/gluster/glusterfs/static-analysis/master/glusterfs-coverity/2017-11-10-0f524f07/html/

ID: 9                            (BAD_SHIFT)
ID: 58                           (CHECKED_RETURN)
ID: 98                           (DEAD_CODE)
ID: 249, 250, 251, 252           (MIXED_ENUMS)
ID: 289, 297                     (NULL_RETURNS)
ID: 609, 613, 622, 644, 653, 655 (UNUSED_VALUE)
ID: 432                          (RESOURCE_LEAK)

Change-Id: I2349877214dd38b789e08b74be05539f09b751b9
BUG: 789278
Signed-off-by: Milind Changire <mchangir@redhat.com>
rpc: fix binding brick issue while bind-insecure is enabled 2015-07-27T04:31:39+00:00 Prasanna Kumar Kalever prasanna.kalever@redhat.com 2015-06-24T06:51:02+00:00 9442e7bf80f5c2189140918bb5588868204521ed problem: When bind-insecure is turned on (which is the default now), it may happen that brick is not able to bind to port assigned by Glusterd for example 49192-49195... It seems to occur because the rpc_clnt connections are binding to ports in the same range. so brick fails to bind to a port which is already used by someone else solution: fix for now is to make rpc_clnt to get port numbers from 65535 in a descending order, as a result port clash is minimized other fixes: previously rdma binds to port >= 1024 if it cannot find a free port < 1024, even when bind insecure was turned off(ref to commit '0e3fd04e'), this patch add's a check for bind-insecure in gf_rdma_client_bind function This patch also re-enable bind-insecure and allow insecure by default which was reverted (ref: commit cef1720) previously Change-Id: Ia1cfa93c5454e2ae0ff57813689b75de282ebd07 BUG: 1238661 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-on: http://review.gluster.org/11512 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> 
problem:

When bind-insecure is turned on (which is the default now), it may happen
that brick is not able to bind to port assigned by Glusterd for example
49192-49195...

It seems to occur because the rpc_clnt connections are binding to ports in
the same range. so brick fails to bind to a port which is already used by
someone else

solution:

fix for now is to  make rpc_clnt to get port numbers from 65535 in a descending
order, as a result port clash is minimized

other fixes:

previously rdma binds to port >= 1024 if it cannot find a free port < 1024,
even when bind insecure was turned off(ref to commit '0e3fd04e'), this patch
add's a check for bind-insecure in gf_rdma_client_bind function

This patch also re-enable bind-insecure and allow insecure by default which was
reverted (ref: commit cef1720) previously

Change-Id: Ia1cfa93c5454e2ae0ff57813689b75de282ebd07
BUG: 1238661
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11512
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Revert "rpc: By default set allow-insecure, bind-insecure to on" 2015-07-02T15:44:38+00:00 Raghavendra G rgowdapp@redhat.com 2015-07-02T12:19:19+00:00 cef17206141be2d4d8d6700afb6701e7f97cacab This reverts commit 5bf6522562990f7490d9fc226d58f19891bfb7a4. This patch introduced a regression where client no longer binds to privileged port. This is causing lots of regressions. Hence reverting this patch for now and will be resent after suitable modifications. Change-Id: Id697013ca6474e9c192e8f58c8179522fa5d397e Reviewed-on: http://review.gluster.org/11507 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> Tested-by: Raghavendra G <rgowdapp@redhat.com> 
This reverts commit 5bf6522562990f7490d9fc226d58f19891bfb7a4.

This patch introduced a regression where client no longer binds to 
privileged port. This is causing lots of regressions. Hence reverting 
this patch for now and will be resent after suitable modifications.

Change-Id: Id697013ca6474e9c192e8f58c8179522fa5d397e
Reviewed-on: http://review.gluster.org/11507
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
rpc: By default set allow-insecure, bind-insecure to on 2015-06-30T08:58:13+00:00 Prasanna Kumar Kalever prasanna.kalever@redhat.com 2015-06-24T06:51:02+00:00 5bf6522562990f7490d9fc226d58f19891bfb7a4 since we now use SSL (Secure Sockets Layer) for the security issues, the patch changes the default setting to allow connections/requests from non-privilaged ports by setting allow-insecure and bind-insecure to 1 Also added bind functionality for insecure binding which can select from available local ports dynamically BUG: 1232658 Change-Id: I927e112223f33611452093e38cd846a0b9347e57 Signed-off-by: Pranith Kumar K <pkarampu@redhat.com> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-on: http://review.gluster.org/11039 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> 
since we now use SSL (Secure Sockets Layer) for the security issues, the patch
changes the default setting to allow connections/requests from non-privilaged
ports by setting allow-insecure and bind-insecure to 1

Also added bind functionality for insecure binding which can select from
available local ports dynamically

BUG: 1232658
Change-Id: I927e112223f33611452093e38cd846a0b9347e57
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11039
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
rpc-lib: Fixing the coverity issues 2015-04-10T11:29:42+00:00 Nandaja Varma nandaja.varma@gmail.com 2015-02-06T06:14:22+00:00 26cbd3bdf5dad190559afbdf0ac125262c4e90a6 Coverity CIDs: 1210973 1124887 1124888 1124682 1124849 1124503 Change-Id: I012f6cf9d14753f572ab94aae6d442d1ef8df79a BUG: 789278 Signed-off-by: Nandaja Varma <nandaja.varma@gmail.com> Reviewed-on: http://review.gluster.org/9600 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Coverity CIDs:
1210973
1124887
1124888
1124682
1124849
1124503

Change-Id: I012f6cf9d14753f572ab94aae6d442d1ef8df79a
BUG: 789278
Signed-off-by: Nandaja Varma <nandaja.varma@gmail.com>
Reviewed-on: http://review.gluster.org/9600
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
rpc/auth: Avoid NULL dereference in rpcsvc_auth_request_init() 2014-01-09T04:42:15+00:00 Harshavardhana harsha@harshavardhana.net 2013-12-24T16:23:13+00:00 2b05c1588ac60af26e1b16f9f27ef8d5e4e50a5f Code section is bogus! ------------------------------------------ 370: if (!auth->authops->request_init) 371: ret = auth->authops->request_init (req, auth->authprivate); ------------------------------------------ Seems to have been never been used historically since logically above code has never been true to actually execute "authops->request_init() --> auth_glusterfs_{v2,}_request_init()" On top of that under "rpcsvc_request_init()" verf.flavour and verf.datalen are initialized from what is provided through 'callmsg'. ------------------------------------------ req->verf.flavour = rpc_call_verf_flavour (callmsg); req->verf.datalen = rpc_call_verf_len (callmsg); /* AUTH */ rpcsvc_auth_request_init (req); return req; ------------------------------------------ So the code in 'auth_glusterfs_{v2,}_request_init()' performing this operation will over-write the original flavour and datalen. ------------------------------------------ if (!req) return -1; memset (req->verf.authdata, 0, GF_MAX_AUTH_BYTES); req->verf.datalen = 0; req->verf.flavour = AUTH_NULL; ------------------------------------------ Refactoring the whole code into a more understandable version and also avoiding a potential NULL dereference Change-Id: I1a430fcb4d26de8de219bd0cb3c46c141649d47d BUG: 1049735 Signed-off-by: Harshavardhana <harsha@harshavardhana.net> Reviewed-on: http://review.gluster.org/6591 Reviewed-by: Santosh Pradhan <spradhan@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com> 
Code section is bogus!
------------------------------------------
370:       if (!auth->authops->request_init)
371:              ret = auth->authops->request_init (req, auth->authprivate);
------------------------------------------

Seems to have been never been used historically since
logically above code has never been true to actually execute
"authops->request_init() --> auth_glusterfs_{v2,}_request_init()"

On top of that under "rpcsvc_request_init()"
verf.flavour and verf.datalen are initialized from what is
provided through 'callmsg'.
------------------------------------------
        req->verf.flavour = rpc_call_verf_flavour (callmsg);
        req->verf.datalen = rpc_call_verf_len (callmsg);

        /* AUTH */
        rpcsvc_auth_request_init (req);
        return req;
------------------------------------------

So the code in 'auth_glusterfs_{v2,}_request_init()'
performing this operation will over-write the original
flavour and datalen.

------------------------------------------
      if (!req)
                return -1;
        memset (req->verf.authdata, 0, GF_MAX_AUTH_BYTES);
        req->verf.datalen = 0;
        req->verf.flavour = AUTH_NULL;
------------------------------------------

Refactoring the whole code into a more understandable version
and also avoiding a potential NULL dereference

Change-Id: I1a430fcb4d26de8de219bd0cb3c46c141649d47d
BUG: 1049735
Signed-off-by: Harshavardhana <harsha@harshavardhana.net>
Reviewed-on: http://review.gluster.org/6591
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>