diff options
author | shishir gowda <shishirng@gluster.com> | 2010-08-30 03:54:32 +0000 |
---|---|---|
committer | Vijay Bellur <vijay@dev.gluster.com> | 2010-08-30 03:23:57 -0700 |
commit | 55bbf23b3a608f67b7a05939f4205049e92d081a (patch) | |
tree | b264f2b270b5bd2eb8ea302a29e87db5878548ad | |
parent | 8e4d735b67c78f10fd752f2b48981843595e67b5 (diff) |
Only admin should be able to run gluster command
Checking for port number to fail any requests coming in
from client. if port is >1024, then fail the requests
Signed-off-by: shishir gowda <shishirng@gluster.com>
Signed-off-by: Vijay Bellur <vijay@dev.gluster.com>
BUG: 1403 (only admin (uid 0) should be able to run 'gluster' command)
URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=1403
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index ee3d674c2eb..f76a34e3f54 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -925,10 +925,39 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, rpcsvc_actor_t *actor = NULL; rpcsvc_request_t *req = NULL; int ret = -1; + uint16_t port = 0; if (!trans || !svc) return -1; + switch (trans->peerinfo.sockaddr.ss_family) { + case AF_INET: + port = ((struct sockaddr_in *)&trans->peerinfo.sockaddr)->sin_port; + break; + + case AF_INET6: + port = ((struct sockaddr_in6 *)&trans->peerinfo.sockaddr)->sin6_port; + break; + + default: + gf_log (GF_RPCSVC, GF_LOG_DEBUG, + "invalid address family (%d)", + trans->peerinfo.sockaddr.ss_family); + return -1; + } + + + + port = ntohs (port); + + gf_log ("rpcsvc", GF_LOG_TRACE, "Client port: %d", (int)port); + + if (port > 1024) { //Non-privilaged user, fail request + gf_log ("glusterd", GF_LOG_ERROR, "Request received from non-" + "privileged port. Failing request"); + return -1; + } + req = rpcsvc_request_create (svc, trans, msg); if (!req) goto err; |