diff options
author | Rajesh Amaravathi <rajesh@redhat.com> | 2013-01-28 18:16:32 +0530 |
---|---|---|
committer | Anand Avati <avati@redhat.com> | 2013-02-06 16:15:54 -0800 |
commit | 0b7cdbf50dea9ee77bc8f71526a1566945672c19 (patch) | |
tree | b574ace1e33b0d234e9986545747e625b614de04 /rpc/rpc-lib | |
parent | 2197c8b41423a7a9a5e55db0d3a5a27131966e72 (diff) |
rpc: get hostnames of client to allow FQDN based authentication
If FQDNs are used to authenticate clients, then from
this commit forth, the client ip(v4,6) is reverse looked up
using getnameinfo to get a hostname associated with it,
if any, thereby making FQDN-based rpc authentication possible.
Change-Id: I4c5241e7079a2560de79ca15f611e65c0b858f9b
BUG: 903553
Signed-off-by: Rajesh Amaravathi <rajesh@redhat.com>
Reviewed-on: http://review.gluster.org/4439
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
Diffstat (limited to 'rpc/rpc-lib')
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 7cb89db0946..c8595ee8ed1 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -1925,10 +1925,13 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr) char *addrstr = NULL; char *dup_addrstr = NULL; char *svptr = NULL; + char *fqdn = NULL; if ((!options) || (!clstr)) return -1; + ret = dict_get_str (options, "client.fqdn", &fqdn); + if (!dict_get (options, pattern)) return -1; @@ -1956,6 +1959,17 @@ rpcsvc_transport_peer_check_search (dict_t *options, char *pattern, char *clstr) if (ret == 0) goto err; + /* compare hostnames if applicable */ + if (fqdn) { +#ifdef FNM_CASEFOLD + ret = fnmatch (addrtok, fqdn, FNM_CASEFOLD); +#else + ret = fnmatch (addrtok, fqdn, 0); +#endif + if (ret == 0) + goto err; + } + addrtok = strtok_r (NULL, ",", &svptr); } @@ -2174,6 +2188,7 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname, int aret = RPCSVC_AUTH_REJECT; int rjret = RPCSVC_AUTH_REJECT; char clstr[RPCSVC_PEER_STRLEN]; + char *hostname = NULL; if (!trans) return ret; @@ -2186,6 +2201,11 @@ rpcsvc_transport_peer_check_name (dict_t *options, char *volname, goto err; } + ret = gf_get_hostname_from_ip (clstr, &hostname); + if (!ret) + ret = dict_set_dynstr (options, "client.fqdn", + hostname); + aret = rpcsvc_transport_peer_check_allow (options, volname, clstr); rjret = rpcsvc_transport_peer_check_reject (options, volname, clstr); |