cli/auth : auth.allow and auth.reject does not accept FQDN/host name

Problem : At the time of set FQDN name to "auth.allow/auth.reject" through
           gluster cli,it does not accept FQDN/host name.

Solution: Condition needs to be update in verify_host_name and gf_auth
           to accept FQDN/host name.

Fix : Change the condition to accept FQDN/host Name.
      To verify the patch followed below procedure
      1) Try to set FQDN name for auth.allow or auth.reject parameter
         gluster v set myvol auth.reject <fqdn name>
         It gives error "fqdn-name" is not a valid internet-address-list
      2) After apply the patch it does not give any error.
      3) To verify auth.allow/reject try to mount volume on some client.

Change-Id: Ieb76cbb93d43323fd29c7ca04efe3790edb4281b
BUG: 1321578
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Reviewed-on: https://review.gluster.org/15086
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>

2 files changed, 68 insertions, 8 deletions

diff --git a/tests/bugs/protocol/bug-1321578.t b/tests/bugs/protocol/bug-1321578.t
new file mode 100644
index 00000000000..160fc408fba
--- /dev/null
+++ b/tests/bugs/protocol/bug-1321578.t
@@ -0,0 +1,37 @@
+#!/bin/bash
+. $(dirname $0)/../../include.rc
+. $(dirname $0)/../../volume.rc
+
+check_mounted () {
+	df | grep $1 | wc -l
+}
+
+
+TEST glusterd
+TEST $CLI volume create $V0 $H0:$B0/$V0
+
+# Set auth.allow to dummy hostname so it *doesn't* include ourselves.
+TEST $CLI volume set $V0 auth.allow example.org
+TEST $CLI volume start $V0
+
+# "System getspec" will include the username and password if the request comes
+# from a server (which we are).  Unfortunately, this will cause authentication
+# to succeed in auth.login regardless of whether auth.addr is working properly
+# or not, which is useless to us.  To get a proper test, strip out those lines.
+$CLI system getspec $V0 | sed -e /username/d -e /password/d > fubar.vol
+
+# This mount should fail because auth.allow doesn't include us.
+TEST $GFS -f fubar.vol $M0
+
+# If we had DONT_EXPECT_WITHIN we could use that, but we don't.
+sleep 10
+EXPECT 0 check_mounted $M0
+
+# Set auth.allow to include us.  This mount should therefore succeed.
+TEST $CLI volume set $V0 auth.allow $H0
+
+TEST $GFS -f fubar.vol $M0
+sleep 10
+EXPECT 1 check_mounted $M0
+
+cleanup
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c
index 7ccbb577f48..cafcf28f1e9 100644
--- a/xlators/protocol/auth/addr/src/addr.c
+++ b/xlators/protocol/auth/addr/src/addr.c
@@ -44,6 +44,7 @@ gf_auth (dict_t *input_params, dict_t *config_params)
         char           peer_addr[UNIX_PATH_MAX] = {0,};
         char          *type           = NULL;
         gf_boolean_t   allow_insecure = _gf_false;
+        int            length         = 0;
 
         name = data_to_str (dict_get (input_params, "remote-subvolume"));
         if (!name) {
@@ -158,11 +159,22 @@ gf_auth (dict_t *input_params, dict_t *config_params)
                                 addr_str++;
                         }
 
-                        match = fnmatch (addr_str, peer_addr, 0);
-                        if (negate ? match : !match) {
-                                result = AUTH_REJECT;
-                                goto out;
+                        length = strlen(addr_str);
+                        if ((addr_str[0] != '*') &&
+                                        valid_host_name (addr_str, length)) {
+                                match = gf_is_same_address(addr_str, peer_addr);
+                                if (match) {
+                                        result = AUTH_REJECT;
+                                        goto out;
+                                }
+                        } else {
+                                match = fnmatch (addr_str, peer_addr, 0);
+                                if (negate ? match : !match) {
+                                        result = AUTH_REJECT;
+                                        goto out;
+                                }
                         }
+
                         addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp);
                 }
                 GF_FREE (addr_cpy);
@@ -185,11 +197,22 @@ gf_auth (dict_t *input_params, dict_t *config_params)
                                 addr_str++;
                         }
 
-                        match = fnmatch (addr_str, peer_addr, 0);
-                        if (negate ? match : !match) {
-                                result = AUTH_ACCEPT;
-                                goto out;
+                        length = strlen(addr_str);
+                        if ((addr_str[0] != '*') &&
+                                        valid_host_name (addr_str, length)) {
+                                match = gf_is_same_address(addr_str, peer_addr);
+                                if (match) {
+                                        result = AUTH_ACCEPT;
+                                        goto out;
+                                }
+                        } else {
+                                match = fnmatch (addr_str, peer_addr, 0);
+                                if (negate ? match : !match) {
+                                        result = AUTH_ACCEPT;
+                                        goto out;
+                                }
                         }
+
                         addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp);
                 }
         }