diff options
author | Csaba Henk <csaba@gluster.com> | 2012-01-13 06:12:11 +0100 |
---|---|---|
committer | Anand Avati <avati@gluster.com> | 2012-01-21 05:33:19 -0800 |
commit | 4e92c58d27b5cea9d7346d6dd88be9b3479c9e3b (patch) | |
tree | f8406780ca5b4dd969424dfcde696812eb19d92e /rpc | |
parent | d3ca9f05ec3a9881b5aeadb7b61cfcb97dbdb718 (diff) |
rpc: extend actors with flag signing if privilege is required
Currently we allow the following RPC messages for unprivileged users:
GLUSTER_CLI_GETWD, GLUSTER_CLI_MOUNT, GLUSTER_CLI_UMOUNT
Change-Id: I05414f3ca7cbe47de45c5e5cfba1537efc774e6c
BUG: 781256
Signed-off-by: Csaba Henk <csaba@gluster.com>
Reviewed-on: http://review.gluster.com/2641
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>
Diffstat (limited to 'rpc')
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 27 | ||||
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.h | 2 |
2 files changed, 18 insertions, 11 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index 125d52fc73a..5805f8a5cd6 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -438,6 +438,7 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, int ret = -1; uint16_t port = 0; gf_boolean_t is_unix = _gf_false; + gf_boolean_t unprivileged = _gf_false; if (!trans || !svc) return -1; @@ -467,13 +468,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, gf_log ("rpcsvc", GF_LOG_TRACE, "Client port: %d", (int)port); - if ((port > 1024) && (0 == svc->allow_insecure)) { - /* Non-privileged user, fail request */ - gf_log ("glusterd", GF_LOG_ERROR, - "Request received from non-" - "privileged port. Failing request"); - return -1; - } + if (port > 1024) + unprivileged = _gf_true; } req = rpcsvc_request_create (svc, trans, msg); @@ -487,7 +483,16 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, if (!actor) goto err_reply; - if (actor && (req->rpc_err == SUCCESS)) { + if (0 == svc->allow_insecure && unprivileged && !actor->unprivileged) { + /* Non-privileged user, fail request */ + gf_log ("glusterd", GF_LOG_ERROR, + "Request received from non-" + "privileged port. Failing request"); + rpcsvc_request_destroy (req); + return -1; + } + + if (req->rpc_err == SUCCESS) { /* Before going to xlator code, set the THIS properly */ THIS = svc->mydata; @@ -2378,9 +2383,9 @@ out: rpcsvc_actor_t gluster_dump_actors[] = { - [GF_DUMP_NULL] = {"NULL", GF_DUMP_NULL, NULL, NULL, NULL }, - [GF_DUMP_DUMP] = {"DUMP", GF_DUMP_DUMP, rpcsvc_dump, NULL, NULL }, - [GF_DUMP_MAXVALUE] = {"MAXVALUE", GF_DUMP_MAXVALUE, NULL, NULL, NULL }, + [GF_DUMP_NULL] = {"NULL", GF_DUMP_NULL, NULL, NULL, NULL, 0}, + [GF_DUMP_DUMP] = {"DUMP", GF_DUMP_DUMP, rpcsvc_dump, NULL, NULL, 0}, + [GF_DUMP_MAXVALUE] = {"MAXVALUE", GF_DUMP_MAXVALUE, NULL, NULL, NULL, 0}, }; diff --git a/rpc/rpc-lib/src/rpcsvc.h b/rpc/rpc-lib/src/rpcsvc.h index ffdc306e600..83aa33f8067 100644 --- a/rpc/rpc-lib/src/rpcsvc.h +++ b/rpc/rpc-lib/src/rpcsvc.h @@ -328,6 +328,8 @@ typedef struct rpcsvc_actor_desc { rpcsvc_vector_actor vector_actor; rpcsvc_vector_sizer vector_sizer; + /* Can actor be ran on behalf an unprivileged requestor? */ + gf_boolean_t unprivileged; } rpcsvc_actor_t; /* Describes a program and its version along with the function pointers |