diff options
author | Kaushal M <kaushal@redhat.com> | 2014-06-19 15:31:46 +0530 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2014-09-24 00:00:13 -0700 |
commit | b0f98446d5b465c3fc88569396fe3c6b5793aed5 (patch) | |
tree | e0c18c46c9d346092fb6eb83ce774fd8303f25be /xlators/mgmt | |
parent | c4440ab8c7417a3bcaadf1cb150476d5ff6a1325 (diff) |
glusterd: Authenticate management handshake requests
Backport of
371bb42 glusterd: Authenticate management handshake requests
from master.
Management handshake requests, which are used to validate op-version
supported by the peers, are now only allowed if,
- the glusterd doesn't have any other peer, or
- the request was sent by another peer.
This prevents the op-version of a peer being changed because of a
connection attempt by an invalid peer.
BUG: 1144978
Change-Id: I5a909dad37e9873efe8b75dad41b7af71ce91c3d
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.org/8819
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/mgmt')
-rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-handshake.c | 49 | ||||
-rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-utils.c | 15 | ||||
-rw-r--r-- | xlators/mgmt/glusterd/src/glusterd-utils.h | 3 |
3 files changed, 67 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c index da3a01c99f8..7971f12bdac 100644 --- a/xlators/mgmt/glusterd/src/glusterd-handshake.c +++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c @@ -881,6 +881,43 @@ out: return ret; } +/* Validate if glusterd can serve the management handshake request + * + * Requests are allowed if, + * - glusterd has no peers, or + * - the request came from a known peer + */ +gf_boolean_t +gd_validate_mgmt_hndsk_req (rpcsvc_request_t *req) +{ + int ret = -1; + char hostname[UNIX_PATH_MAX + 1] = {0,}; + glusterd_peerinfo_t *peer = NULL; + xlator_t *this = NULL; + + this = THIS; + GF_ASSERT (this); + + if (!glusterd_have_peers ()) + return _gf_true; + + /* If you cannot get the hostname, you cannot authenticate */ + ret = glusterd_remote_hostname_get (req, hostname, sizeof (hostname)); + if (ret) + return _gf_false; + + peer = glusterd_peerinfo_find (NULL, hostname); + if (peer == NULL) { + ret = -1; + gf_log (this->name, GF_LOG_ERROR, "Rejecting management " + "handshake request from unknown peer %s", + req->trans->peerinfo.identifier); + return _gf_false; + } + + return _gf_true; +} + int __glusterd_mgmt_hndsk_versions (rpcsvc_request_t *req) { @@ -895,6 +932,12 @@ __glusterd_mgmt_hndsk_versions (rpcsvc_request_t *req) this = THIS; conf = this->private; + /* Check if we can service the request */ + if (!gd_validate_mgmt_hndsk_req (req)) { + ret = -1; + goto out; + } + ret = xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gf_mgmt_hndsk_req); if (ret < 0) { @@ -979,6 +1022,12 @@ __glusterd_mgmt_hndsk_versions_ack (rpcsvc_request_t *req) this = THIS; conf = this->private; + /* Check if we can service the request */ + if (!gd_validate_mgmt_hndsk_req (req)) { + ret = -1; + goto out; + } + ret = xdr_to_generic (req->msg[0], &args, (xdrproc_t)xdr_gf_mgmt_hndsk_req); if (ret < 0) { diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c index 50a99643616..bee17e50c51 100644 --- a/xlators/mgmt/glusterd/src/glusterd-utils.c +++ b/xlators/mgmt/glusterd/src/glusterd-utils.c @@ -13620,3 +13620,18 @@ out: GF_FREE (mnt_pt); return ret; } + + +gf_boolean_t +glusterd_have_peers () +{ + xlator_t *this = NULL; + glusterd_conf_t *conf = NULL; + + this = THIS; + GF_ASSERT (this); + conf = this->private; + GF_ASSERT (conf); + + return !list_empty (&conf->peers); +}
\ No newline at end of file diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.h b/xlators/mgmt/glusterd/src/glusterd-utils.h index 2e06c2a6341..987f00cc91a 100644 --- a/xlators/mgmt/glusterd/src/glusterd-utils.h +++ b/xlators/mgmt/glusterd/src/glusterd-utils.h @@ -900,4 +900,7 @@ glusterd_update_fs_label (glusterd_brickinfo_t *brickinfo); void gd_get_snap_conf_values_if_present (dict_t *opts, uint64_t *sys_hard_limit, uint64_t *sys_soft_limit); + +gf_boolean_t +glusterd_have_peers (); #endif |