rpc: By default set allow-insecure, bind-insecure to on

since we now use SSL (Secure Sockets Layer) for the security issues, the patch
changes the default setting to allow connections/requests from non-privilaged
ports by setting allow-insecure and bind-insecure to 1

Also added bind functionality for insecure binding which can select from
available local ports dynamically

BUG: 1232658
Change-Id: I927e112223f33611452093e38cd846a0b9347e57
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11039
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>

1 files changed, 12 insertions, 1 deletions

diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c
index 6b4c7937437..b7d6c2216ef 100644
--- a/rpc/rpc-lib/src/rpcsvc-auth.c
+++ b/rpc/rpc-lib/src/rpcsvc-auth.c
@@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options)
                         else
                                 svc->allow_insecure = 0;
                 }
+        } else {
+                /* By default set allow-insecure to true */
+                svc->allow_insecure = 1;
+
+                /* setting in options for the sake of functions that look
+                 * configuration params for allow insecure,  eg: gf_auth
+                 */
+                ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+                if (ret < 0)
+                        gf_log ("rpc-auth", GF_LOG_DEBUG,
+                                        "dict_set failed for 'allow-insecure'");
         }
 
-        return 0;
+        return ret;
 }
 
 int