diff options
author | Kaushal M <kaushal@gluster.com> | 2011-08-23 12:23:53 +0530 |
---|---|---|
committer | Vijay Bellur <vijay@gluster.com> | 2012-02-05 22:19:54 -0800 |
commit | b708b18b833d1f2ba4da394884bc762a821ff56b (patch) | |
tree | 03ad6be7de107e6a5477a1d912a997781b06d57d /libglusterfs/src/common-utils.c | |
parent | 1d77fe2458be6dc567435dc59bb94870cd0fe529 (diff) |
cli, protocol/server : improve validation for the option auth.(allow/reject)
cli now checks validity of address list given for 'volume set auth.*'
Server xlator checks addresses supplied to auth.(allow/reject) option
including wildcards for correctness in case volfile is manually edited.
Original patch done by shylesh@gluster.com
Original patch is at http://patches.gluster.com/patch/7566/
Change-Id: Icf52d6eeef64d6632b15aa90a379fadacdf74fef
BUG: 764197
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.com/306
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Diffstat (limited to 'libglusterfs/src/common-utils.c')
-rw-r--r-- | libglusterfs/src/common-utils.c | 149 |
1 files changed, 124 insertions, 25 deletions
diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c index 42bfd035569..068bd846027 100644 --- a/libglusterfs/src/common-utils.c +++ b/libglusterfs/src/common-utils.c @@ -1529,30 +1529,36 @@ get_nth_word (const char *str, int n) } /* RFC 1123 & 952 */ + +/* The functions below validate given internet addresses and + * wildcard internet address for correctness. + * All return 1 on success and 0 on failure + */ + char valid_host_name (char *address, int length) { - int i = 0; - char ret = 1; + int i = 0; + char ret = 0; + int flag = 0; - if ((length > 75) || (length == 1)) { - ret = 0; + if ((length > 255) || (length == 1)) goto out; - } - if (!isalnum (address[length - 1])) { - ret = 0; + if (!isalnum (address[length - 1])) goto out; - } for (i = 0; i < length; i++) { if (!isalnum (address[i]) && (address[i] != '.') - && (address[i] != '-')) { - ret = 0; + && (address[i] != '-')) goto out; - } + + if (isalpha(address[i])) + flag = 1; } + if (flag) + ret = 1; out: return ret; } @@ -1563,7 +1569,7 @@ valid_ipv4_address (char *address, int length) int octets = 0; int value = 0; char *tmp = NULL, *ptr = NULL, *prev = NULL, *endptr = NULL; - char ret = 1; + char ret = 0; tmp = gf_strdup (address); prev = tmp; @@ -1572,16 +1578,14 @@ valid_ipv4_address (char *address, int length) while (prev != NULL) { octets++; value = strtol (prev, &endptr, 10); - if ((value > 255) || (value < 0) || (endptr != NULL)) { - ret = 0; + if ((value > 255) || (value < 0) || + (endptr != NULL && *endptr != '\0')) goto out; - } prev = strtok_r (NULL, ".", &ptr); } - if (octets != 4) { - ret = 0; - } + if (octets == 4) + ret = 1; out: GF_FREE (tmp); @@ -1594,7 +1598,7 @@ valid_ipv6_address (char *address, int length) int hex_numbers = 0; int value = 0; char *tmp = NULL, *ptr = NULL, *prev = NULL, *endptr = NULL; - char ret = 1; + char ret = 0; tmp = gf_strdup (address); prev = strtok_r (tmp, ":", &ptr); @@ -1603,16 +1607,13 @@ valid_ipv6_address (char *address, int length) hex_numbers++; value = strtol (prev, &endptr, 16); if ((value > 0xffff) || (value < 0) - || (endptr != NULL && *endptr != '\0')) { - ret = 0; + || (endptr != NULL && *endptr != '\0')) goto out; - } prev = strtok_r (NULL, ":", &ptr); } - if (hex_numbers > 8) { - ret = 0; - } + if (hex_numbers <= 8) + ret = 1; out: GF_FREE (tmp); @@ -1643,6 +1644,104 @@ out: return ret; } +char +valid_ipv4_wildcard_check (char *address) +{ + char ret = 0; + int octets = 0; + char *tmp = NULL; + char *prev = NULL; + char *endptr = NULL; + int value = 0; + int is_wildcard = 0; + + tmp = gf_strdup (address); + prev = strtok (tmp, "."); + + while (prev != NULL) { + octets++; + + if (!strcmp (prev, "*")) { + is_wildcard = 1; + } else { + value = strtol (prev, &endptr, 10); + + if ((value > 255) || (value < 0) || + (endptr != NULL && *endptr != '\0')) + goto out; + } + prev = strtok (NULL, "."); + } + + if (is_wildcard && (octets <= 4)) + ret = 1; + +out: + if (tmp) + GF_FREE (tmp); + return ret; + +} + +char +valid_ipv6_wildcard_check (char *address) +{ + char ret = 0; + int hex_numbers = 0; + int value = 0; + char *tmp = NULL; + char *prev = NULL; + char *endptr = NULL; + int is_wildcard = 0; + + tmp = gf_strdup (address); + prev = strtok (tmp, ":"); + + while (prev != NULL) { + hex_numbers++; + + if (!strcmp (prev, "*")) { + is_wildcard = 1; + } else { + value = strtol (prev, &endptr, 16); + + if ((value > 0xffff) || (value < 0) || + (endptr != NULL && *endptr != '\0')) + goto out; + } + prev = strtok (NULL, ":"); + } + + if (is_wildcard && (hex_numbers <= 8)) + ret = 1; +out: + if (tmp) + GF_FREE (tmp); + return ret; +} + +char +valid_wildcard_internet_address (char *address) +{ + char ret = 0; + + if (address == NULL) { + gf_log_callingfn (THIS->name, GF_LOG_WARNING, + "argument invalid"); + goto out; + } + + if (strlen (address) == 0) + goto out; + + if (valid_ipv4_wildcard_check (address) || + valid_ipv6_wildcard_check (address)) + ret = 1; + +out: + return ret; +} + /*Thread safe conversion function*/ char * uuid_utoa (uuid_t uuid) |