diff options
author | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2015-06-24 12:21:02 +0530 |
---|---|---|
committer | Raghavendra G <rgowdapp@redhat.com> | 2015-06-30 01:58:13 -0700 |
commit | 5bf6522562990f7490d9fc226d58f19891bfb7a4 (patch) | |
tree | e0c1b999a32026adcb08a4ef97afc89d2d16d8d8 /rpc/rpc-lib | |
parent | 64f36a04d07fc03aeda2ca7921f874ae0db19fa7 (diff) |
rpc: By default set allow-insecure, bind-insecure to on
since we now use SSL (Secure Sockets Layer) for the security issues, the patch
changes the default setting to allow connections/requests from non-privilaged
ports by setting allow-insecure and bind-insecure to 1
Also added bind functionality for insecure binding which can select from
available local ports dynamically
BUG: 1232658
Change-Id: I927e112223f33611452093e38cd846a0b9347e57
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11039
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc/rpc-lib')
-rw-r--r-- | rpc/rpc-lib/src/rpc-transport.c | 3 | ||||
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc-auth.c | 13 | ||||
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 6 |
3 files changed, 18 insertions, 4 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 149a831951d..4ade6b7d0b3 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -262,7 +262,8 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name) else trans->bind_insecure = 0; } else { - trans->bind_insecure = 0; + /* By default allow bind insecure */ + trans->bind_insecure = 1; } ret = dict_get_str (options, "transport-type", &type); diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index 6b4c7937437..b7d6c2216ef 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) else svc->allow_insecure = 0; } + } else { + /* By default set allow-insecure to true */ + svc->allow_insecure = 1; + + /* setting in options for the sake of functions that look + * configuration params for allow insecure, eg: gf_auth + */ + ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); + if (ret < 0) + gf_log ("rpc-auth", GF_LOG_DEBUG, + "dict_set failed for 'allow-insecure'"); } - return 0; + return ret; } int diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index d151d541cee..a108ea56a5d 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -631,8 +631,10 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, gf_log (GF_RPCSVC, GF_LOG_ERROR, "Request received from non-" "privileged port. Failing request"); - rpcsvc_request_destroy (req); - return -1; + req->rpc_status = MSG_DENIED; + req->rpc_err = AUTH_ERROR; + req->auth_err = RPCSVC_AUTH_REJECT; + goto err_reply; } /* DRC */ |