summaryrefslogtreecommitdiffstats
path: root/rpc/rpc-transport/socket
diff options
context:
space:
mode:
authorPrasanna Kumar Kalever <prasanna.kalever@redhat.com>2015-06-24 12:21:02 +0530
committerRaghavendra G <rgowdapp@redhat.com>2015-06-30 01:58:13 -0700
commit5bf6522562990f7490d9fc226d58f19891bfb7a4 (patch)
treee0c1b999a32026adcb08a4ef97afc89d2d16d8d8 /rpc/rpc-transport/socket
parent64f36a04d07fc03aeda2ca7921f874ae0db19fa7 (diff)
rpc: By default set allow-insecure, bind-insecure to on
since we now use SSL (Secure Sockets Layer) for the security issues, the patch changes the default setting to allow connections/requests from non-privilaged ports by setting allow-insecure and bind-insecure to 1 Also added bind functionality for insecure binding which can select from available local ports dynamically BUG: 1232658 Change-Id: I927e112223f33611452093e38cd846a0b9347e57 Signed-off-by: Pranith Kumar K <pkarampu@redhat.com> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com> Reviewed-on: http://review.gluster.org/11039 Tested-by: NetBSD Build System <jenkins@build.gluster.org> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc/rpc-transport/socket')
-rw-r--r--rpc/rpc-transport/socket/src/name.c51
1 files changed, 34 insertions, 17 deletions
diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c
index f731bab4b0a..93cb3c461f2 100644
--- a/rpc/rpc-transport/socket/src/name.c
+++ b/rpc/rpc-transport/socket/src/name.c
@@ -23,6 +23,21 @@
#include "socket.h"
#include "common-utils.h"
+static void
+_assign_port (struct sockaddr *sockaddr, uint16_t port)
+{
+ switch (sockaddr->sa_family) {
+ case AF_INET6:
+ ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
+ break;
+
+ case AF_INET_SDP:
+ case AF_INET:
+ ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
+ break;
+ }
+}
+
static int32_t
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
socklen_t sockaddr_len, int ceiling)
@@ -41,17 +56,7 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
while (port)
{
- switch (sockaddr->sa_family)
- {
- case AF_INET6:
- ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
- break;
-
- case AF_INET_SDP:
- case AF_INET:
- ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
- break;
- }
+ _assign_port (sockaddr, port);
// ignore the reserved ports
if (ports[port] == _gf_true) {
port--;
@@ -440,12 +445,24 @@ client_bind (rpc_transport_t *this,
if (!this->bind_insecure) {
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
*sockaddr_len, GF_CLIENT_PORT_CEILING);
- }
- if (ret == -1) {
- gf_log (this->name, GF_LOG_DEBUG,
- "cannot bind inet socket (%d) to port less than %d (%s)",
- sock, GF_CLIENT_PORT_CEILING, strerror (errno));
- ret = 0;
+ if (ret == -1) {
+ gf_log (this->name, GF_LOG_DEBUG,
+ "cannot bind inet socket (%d) to port less than %d (%s)",
+ sock, GF_CLIENT_PORT_CEILING, strerror (errno));
+ ret = 0;
+ }
+ } else {
+ /* A port number of zero will let the bind function to
+ * pick any available local port dynamically
+ */
+ _assign_port (sockaddr, 0);
+ ret = bind (sock, sockaddr, *sockaddr_len);
+ if (ret == -1) {
+ gf_log (this->name, GF_LOG_DEBUG,
+ "failed while binding to available ports (%s)",
+ strerror (errno));
+ ret = 0;
+ }
}
break;