diff options
author | Kaushal M <kaushal@redhat.com> | 2012-04-09 12:17:16 +0530 |
---|---|---|
committer | Vijay Bellur <vijay@gluster.com> | 2012-04-13 00:55:51 -0700 |
commit | 28f373d89fba7266473c952d9c2bf6ec5f02628c (patch) | |
tree | 9ae99010e5c2d2add91f4d510d0f2a321d9cee04 | |
parent | b19a7fee17ddedfc6692deb5a8dc8df927a2cf7b (diff) |
xlator/server,xlator/nfs : Fix authentication for address lists
Fixes authentication problems when address lists are given for
auth.{allow,reject} and nfs.rpc-auth-{allow,reject}.
Change-Id: I9959ebfa6820aef52c883372e1085660560e1e73
BUG: 810179
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.com/3104
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Amar Tumballi <amarts@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 6 | ||||
-rw-r--r-- | xlators/nfs/server/src/mount3.c | 23 | ||||
-rw-r--r-- | xlators/protocol/server/src/server.c | 8 |
3 files changed, 30 insertions, 7 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 515ec672732..a4f74d8b5ae 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1884,6 +1884,7 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr) int ret = -1; char *addrtok = NULL; char *addrstr = NULL; + char *dup_addrstr = NULL; char *svptr = NULL; if ((!options) || (!clstr)) @@ -1903,7 +1904,8 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr) goto err; } - addrtok = strtok_r (addrstr, ",", &svptr); + dup_addrstr = gf_strdup (addrstr); + addrtok = strtok_r (dup_addrstr, ",", &svptr); while (addrtok) { /* CASEFOLD not present on Solaris */ @@ -1920,6 +1922,8 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr) ret = -1; err: + if (dup_addrstr) + GF_FREE (dup_addrstr); return ret; } diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c index cebdf527065..2e482771d38 100644 --- a/xlators/nfs/server/src/mount3.c +++ b/xlators/nfs/server/src/mount3.c @@ -754,24 +754,37 @@ mnt3_check_client_net (struct mount3_state *ms, rpcsvc_request_t *req, xlator_t *targetxl) { - rpcsvc_t *svc = NULL; - int ret = -1; + rpcsvc_t *svc = NULL; + rpc_transport_t *trans = NULL; + struct sockaddr_storage sastorage = {0,}; + char peer[RPCSVC_PEER_STRLEN] = {0,}; + int ret = -1; if ((!ms) || (!req) || (!targetxl)) return -1; svc = rpcsvc_request_service (req); + + trans = rpcsvc_request_transport (req); + ret = rpcsvc_transport_peeraddr (trans, peer, RPCSVC_PEER_STRLEN, + &sastorage, sizeof (sastorage)); + if (ret != 0) { + gf_log (GF_MNT, GF_LOG_WARNING, "Failed to get peer addr: %s", + gai_strerror (ret)); + } + ret = rpcsvc_transport_peer_check (svc->options, targetxl->name, - rpcsvc_request_transport (req)); + trans); if (ret == RPCSVC_AUTH_REJECT) { - gf_log (GF_MNT, GF_LOG_TRACE, "Peer not allowed"); + gf_log (GF_MNT, GF_LOG_INFO, "Peer %s not allowed", peer); goto err; } ret = rpcsvc_transport_privport_check (svc, targetxl->name, rpcsvc_request_transport (req)); if (ret == RPCSVC_AUTH_REJECT) { - gf_log (GF_MNT, GF_LOG_TRACE, "Unprivileged port not allowed"); + gf_log (GF_MNT, GF_LOG_INFO, "Peer %s rejected. Unprivileged " + "port not allowed", peer); goto err; } diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index b46398afb8a..c54c34091d3 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -539,6 +539,7 @@ validate_auth_options (xlator_t *this, dict_t *dict) xlator_list_t *trav = NULL; data_pair_t *pair = NULL; char *tail = NULL; + char *tmp_addr_list = NULL; char *addr = NULL; char *tmp_str = NULL; @@ -574,7 +575,8 @@ validate_auth_options (xlator_t *this, dict_t *dict) goto out; } - addr = strtok_r (pair->value->data, ",", + tmp_addr_list = gf_strdup (pair->value->data); + addr = strtok_r (tmp_addr_list, ",", &tmp_str); if (!addr) addr = pair->value->data; @@ -600,6 +602,8 @@ validate_auth_options (xlator_t *this, dict_t *dict) addr = NULL; } + GF_FREE (tmp_addr_list); + tmp_addr_list = NULL; } } @@ -615,6 +619,8 @@ validate_auth_options (xlator_t *this, dict_t *dict) } out: + if (tmp_addr_list) + GF_FREE (tmp_addr_list); return error; } |