diff options
author | Jeff Darcy <jdarcy@redhat.com> | 2015-01-06 10:03:49 -0500 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-01-09 10:04:11 -0800 |
commit | 548547b2e41c8e2cf79b929405cf18aecbdedebc (patch) | |
tree | 8dba5d41c08edf366244e6679157419c999b1762 /xlators/mgmt/glusterd/src | |
parent | 9408dc7b416ca80b3b8d8ecae2ef75c7e9cd21cd (diff) |
transport: fix default behavior for SSL authorization
Previously, enabling SSL authentication/encryption but not authorization
required explicitly setting ssl-allow=*. Now that same behavior is the
default (i.e. when ssl-allow is not set).
Also, there's no reason that a name used for *login* auth (typically a
UUID for internal purposes or a human name when using SSL) should
validate as an RFC-compliant host name or IP address. Therefore the
validation only occurs when the auth type is "addr" (not "login" or
anything else).
Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d
BUG: 1179208
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9397
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/mgmt/glusterd/src')
-rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-volume-set.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c index f4c6cff1220..a92bfffdb4f 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c +++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c @@ -963,6 +963,7 @@ struct volopt_map_entry glusterd_volopt_map[] = { { .key = "auth.ssl-allow", .voltype = "protocol/server", .option = "!ssl-allow", + .value = "*", .type = NO_DOC, .op_version = GD_OP_VERSION_3_6_0, }, |