summaryrefslogtreecommitdiffstats
path: root/rpc
diff options
context:
space:
mode:
authorRaghavendra G <rgowdapp@redhat.com>2015-07-02 05:19:19 -0700
committerRaghavendra G <rgowdapp@redhat.com>2015-07-02 08:44:38 -0700
commitcef17206141be2d4d8d6700afb6701e7f97cacab (patch)
treeb5c5721ebfb7bef418382552a1e222a7fea7e8b6 /rpc
parent2f5355f76a8168bc504cba8237f0825fc181fce8 (diff)
Revert "rpc: By default set allow-insecure, bind-insecure to on"
This reverts commit 5bf6522562990f7490d9fc226d58f19891bfb7a4. This patch introduced a regression where client no longer binds to privileged port. This is causing lots of regressions. Hence reverting this patch for now and will be resent after suitable modifications. Change-Id: Id697013ca6474e9c192e8f58c8179522fa5d397e Reviewed-on: http://review.gluster.org/11507 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com> Tested-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc')
-rw-r--r--rpc/rpc-lib/src/rpc-transport.c3
-rw-r--r--rpc/rpc-lib/src/rpcsvc-auth.c13
-rw-r--r--rpc/rpc-lib/src/rpcsvc.c6
-rw-r--r--rpc/rpc-transport/socket/src/name.c51
4 files changed, 21 insertions, 52 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c
index 4ade6b7d0b3..149a831951d 100644
--- a/rpc/rpc-lib/src/rpc-transport.c
+++ b/rpc/rpc-lib/src/rpc-transport.c
@@ -262,8 +262,7 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name)
else
trans->bind_insecure = 0;
} else {
- /* By default allow bind insecure */
- trans->bind_insecure = 1;
+ trans->bind_insecure = 0;
}
ret = dict_get_str (options, "transport-type", &type);
diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c
index b7d6c2216ef..6b4c7937437 100644
--- a/rpc/rpc-lib/src/rpcsvc-auth.c
+++ b/rpc/rpc-lib/src/rpcsvc-auth.c
@@ -221,20 +221,9 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options)
else
svc->allow_insecure = 0;
}
- } else {
- /* By default set allow-insecure to true */
- svc->allow_insecure = 1;
-
- /* setting in options for the sake of functions that look
- * configuration params for allow insecure, eg: gf_auth
- */
- ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
- if (ret < 0)
- gf_log ("rpc-auth", GF_LOG_DEBUG,
- "dict_set failed for 'allow-insecure'");
}
- return ret;
+ return 0;
}
int
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c
index a108ea56a5d..d151d541cee 100644
--- a/rpc/rpc-lib/src/rpcsvc.c
+++ b/rpc/rpc-lib/src/rpcsvc.c
@@ -631,10 +631,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
gf_log (GF_RPCSVC, GF_LOG_ERROR,
"Request received from non-"
"privileged port. Failing request");
- req->rpc_status = MSG_DENIED;
- req->rpc_err = AUTH_ERROR;
- req->auth_err = RPCSVC_AUTH_REJECT;
- goto err_reply;
+ rpcsvc_request_destroy (req);
+ return -1;
}
/* DRC */
diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c
index 93cb3c461f2..f731bab4b0a 100644
--- a/rpc/rpc-transport/socket/src/name.c
+++ b/rpc/rpc-transport/socket/src/name.c
@@ -23,21 +23,6 @@
#include "socket.h"
#include "common-utils.h"
-static void
-_assign_port (struct sockaddr *sockaddr, uint16_t port)
-{
- switch (sockaddr->sa_family) {
- case AF_INET6:
- ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
- break;
-
- case AF_INET_SDP:
- case AF_INET:
- ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
- break;
- }
-}
-
static int32_t
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
socklen_t sockaddr_len, int ceiling)
@@ -56,7 +41,17 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
while (port)
{
- _assign_port (sockaddr, port);
+ switch (sockaddr->sa_family)
+ {
+ case AF_INET6:
+ ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
+ break;
+
+ case AF_INET_SDP:
+ case AF_INET:
+ ((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
+ break;
+ }
// ignore the reserved ports
if (ports[port] == _gf_true) {
port--;
@@ -445,24 +440,12 @@ client_bind (rpc_transport_t *this,
if (!this->bind_insecure) {
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
*sockaddr_len, GF_CLIENT_PORT_CEILING);
- if (ret == -1) {
- gf_log (this->name, GF_LOG_DEBUG,
- "cannot bind inet socket (%d) to port less than %d (%s)",
- sock, GF_CLIENT_PORT_CEILING, strerror (errno));
- ret = 0;
- }
- } else {
- /* A port number of zero will let the bind function to
- * pick any available local port dynamically
- */
- _assign_port (sockaddr, 0);
- ret = bind (sock, sockaddr, *sockaddr_len);
- if (ret == -1) {
- gf_log (this->name, GF_LOG_DEBUG,
- "failed while binding to available ports (%s)",
- strerror (errno));
- ret = 0;
- }
+ }
+ if (ret == -1) {
+ gf_log (this->name, GF_LOG_DEBUG,
+ "cannot bind inet socket (%d) to port less than %d (%s)",
+ sock, GF_CLIENT_PORT_CEILING, strerror (errno));
+ ret = 0;
}
break;