summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaushal M <kaushal@redhat.com>2012-04-09 12:17:16 +0530
committerVijay Bellur <vijay@gluster.com>2012-04-13 00:55:51 -0700
commit28f373d89fba7266473c952d9c2bf6ec5f02628c (patch)
tree9ae99010e5c2d2add91f4d510d0f2a321d9cee04
parentb19a7fee17ddedfc6692deb5a8dc8df927a2cf7b (diff)
xlator/server,xlator/nfs : Fix authentication for address lists
Fixes authentication problems when address lists are given for auth.{allow,reject} and nfs.rpc-auth-{allow,reject}. Change-Id: I9959ebfa6820aef52c883372e1085660560e1e73 BUG: 810179 Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.com/3104 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Amar Tumballi <amarts@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com>
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c6
-rw-r--r--xlators/nfs/server/src/mount3.c23
-rw-r--r--xlators/protocol/server/src/server.c8
3 files changed, 30 insertions, 7 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index 515ec672732..a4f74d8b5ae 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -1884,6 +1884,7 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)
int ret = -1;
char *addrtok = NULL;
char *addrstr = NULL;
+ char *dup_addrstr = NULL;
char *svptr = NULL;
if ((!options) || (!clstr))
@@ -1903,7 +1904,8 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)
goto err;
}
- addrtok = strtok_r (addrstr, ",", &svptr);
+ dup_addrstr = gf_strdup (addrstr);
+ addrtok = strtok_r (dup_addrstr, ",", &svptr);
while (addrtok) {
/* CASEFOLD not present on Solaris */
@@ -1920,6 +1922,8 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr)
ret = -1;
err:
+ if (dup_addrstr)
+ GF_FREE (dup_addrstr);
return ret;
}
diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c
index cebdf527065..2e482771d38 100644
--- a/xlators/nfs/server/src/mount3.c
+++ b/xlators/nfs/server/src/mount3.c
@@ -754,24 +754,37 @@ mnt3_check_client_net (struct mount3_state *ms, rpcsvc_request_t *req,
xlator_t *targetxl)
{
- rpcsvc_t *svc = NULL;
- int ret = -1;
+ rpcsvc_t *svc = NULL;
+ rpc_transport_t *trans = NULL;
+ struct sockaddr_storage sastorage = {0,};
+ char peer[RPCSVC_PEER_STRLEN] = {0,};
+ int ret = -1;
if ((!ms) || (!req) || (!targetxl))
return -1;
svc = rpcsvc_request_service (req);
+
+ trans = rpcsvc_request_transport (req);
+ ret = rpcsvc_transport_peeraddr (trans, peer, RPCSVC_PEER_STRLEN,
+ &sastorage, sizeof (sastorage));
+ if (ret != 0) {
+ gf_log (GF_MNT, GF_LOG_WARNING, "Failed to get peer addr: %s",
+ gai_strerror (ret));
+ }
+
ret = rpcsvc_transport_peer_check (svc->options, targetxl->name,
- rpcsvc_request_transport (req));
+ trans);
if (ret == RPCSVC_AUTH_REJECT) {
- gf_log (GF_MNT, GF_LOG_TRACE, "Peer not allowed");
+ gf_log (GF_MNT, GF_LOG_INFO, "Peer %s not allowed", peer);
goto err;
}
ret = rpcsvc_transport_privport_check (svc, targetxl->name,
rpcsvc_request_transport (req));
if (ret == RPCSVC_AUTH_REJECT) {
- gf_log (GF_MNT, GF_LOG_TRACE, "Unprivileged port not allowed");
+ gf_log (GF_MNT, GF_LOG_INFO, "Peer %s rejected. Unprivileged "
+ "port not allowed", peer);
goto err;
}
diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c
index b46398afb8a..c54c34091d3 100644
--- a/xlators/protocol/server/src/server.c
+++ b/xlators/protocol/server/src/server.c
@@ -539,6 +539,7 @@ validate_auth_options (xlator_t *this, dict_t *dict)
xlator_list_t *trav = NULL;
data_pair_t *pair = NULL;
char *tail = NULL;
+ char *tmp_addr_list = NULL;
char *addr = NULL;
char *tmp_str = NULL;
@@ -574,7 +575,8 @@ validate_auth_options (xlator_t *this, dict_t *dict)
goto out;
}
- addr = strtok_r (pair->value->data, ",",
+ tmp_addr_list = gf_strdup (pair->value->data);
+ addr = strtok_r (tmp_addr_list, ",",
&tmp_str);
if (!addr)
addr = pair->value->data;
@@ -600,6 +602,8 @@ validate_auth_options (xlator_t *this, dict_t *dict)
addr = NULL;
}
+ GF_FREE (tmp_addr_list);
+ tmp_addr_list = NULL;
}
}
@@ -615,6 +619,8 @@ validate_auth_options (xlator_t *this, dict_t *dict)
}
out:
+ if (tmp_addr_list)
+ GF_FREE (tmp_addr_list);
return error;
}