diff options
author | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2015-06-24 12:21:02 +0530 |
---|---|---|
committer | Raghavendra G <rgowdapp@redhat.com> | 2015-06-30 01:58:13 -0700 |
commit | 5bf6522562990f7490d9fc226d58f19891bfb7a4 (patch) | |
tree | e0c1b999a32026adcb08a4ef97afc89d2d16d8d8 /rpc/rpc-transport/socket | |
parent | 64f36a04d07fc03aeda2ca7921f874ae0db19fa7 (diff) |
rpc: By default set allow-insecure, bind-insecure to on
since we now use SSL (Secure Sockets Layer) for the security issues, the patch
changes the default setting to allow connections/requests from non-privilaged
ports by setting allow-insecure and bind-insecure to 1
Also added bind functionality for insecure binding which can select from
available local ports dynamically
BUG: 1232658
Change-Id: I927e112223f33611452093e38cd846a0b9347e57
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/11039
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket')
-rw-r--r-- | rpc/rpc-transport/socket/src/name.c | 51 |
1 files changed, 34 insertions, 17 deletions
diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c index f731bab4b0a..93cb3c461f2 100644 --- a/rpc/rpc-transport/socket/src/name.c +++ b/rpc/rpc-transport/socket/src/name.c @@ -23,6 +23,21 @@ #include "socket.h" #include "common-utils.h" +static void +_assign_port (struct sockaddr *sockaddr, uint16_t port) +{ + switch (sockaddr->sa_family) { + case AF_INET6: + ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); + break; + + case AF_INET_SDP: + case AF_INET: + ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); + break; + } +} + static int32_t af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, socklen_t sockaddr_len, int ceiling) @@ -41,17 +56,7 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, while (port) { - switch (sockaddr->sa_family) - { - case AF_INET6: - ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); - break; - - case AF_INET_SDP: - case AF_INET: - ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); - break; - } + _assign_port (sockaddr, port); // ignore the reserved ports if (ports[port] == _gf_true) { port--; @@ -440,12 +445,24 @@ client_bind (rpc_transport_t *this, if (!this->bind_insecure) { ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr, *sockaddr_len, GF_CLIENT_PORT_CEILING); - } - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "cannot bind inet socket (%d) to port less than %d (%s)", - sock, GF_CLIENT_PORT_CEILING, strerror (errno)); - ret = 0; + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "cannot bind inet socket (%d) to port less than %d (%s)", + sock, GF_CLIENT_PORT_CEILING, strerror (errno)); + ret = 0; + } + } else { + /* A port number of zero will let the bind function to + * pick any available local port dynamically + */ + _assign_port (sockaddr, 0); + ret = bind (sock, sockaddr, *sockaddr_len); + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "failed while binding to available ports (%s)", + strerror (errno)); + ret = 0; + } } break; |