summaryrefslogtreecommitdiffstats
path: root/xlators/mgmt
diff options
context:
space:
mode:
authorKaushal M <kaushal@redhat.com>2014-06-19 15:31:46 +0530
committerVijay Bellur <vbellur@redhat.com>2014-09-24 00:00:13 -0700
commitb0f98446d5b465c3fc88569396fe3c6b5793aed5 (patch)
treee0c18c46c9d346092fb6eb83ce774fd8303f25be /xlators/mgmt
parentc4440ab8c7417a3bcaadf1cb150476d5ff6a1325 (diff)
glusterd: Authenticate management handshake requests
Backport of 371bb42 glusterd: Authenticate management handshake requests from master. Management handshake requests, which are used to validate op-version supported by the peers, are now only allowed if, - the glusterd doesn't have any other peer, or - the request was sent by another peer. This prevents the op-version of a peer being changed because of a connection attempt by an invalid peer. BUG: 1144978 Change-Id: I5a909dad37e9873efe8b75dad41b7af71ce91c3d Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.org/8819 Reviewed-by: Atin Mukherjee <amukherj@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/mgmt')
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-handshake.c49
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-utils.c15
-rw-r--r--xlators/mgmt/glusterd/src/glusterd-utils.h3
3 files changed, 67 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-handshake.c b/xlators/mgmt/glusterd/src/glusterd-handshake.c
index da3a01c99f8..7971f12bdac 100644
--- a/xlators/mgmt/glusterd/src/glusterd-handshake.c
+++ b/xlators/mgmt/glusterd/src/glusterd-handshake.c
@@ -881,6 +881,43 @@ out:
return ret;
}
+/* Validate if glusterd can serve the management handshake request
+ *
+ * Requests are allowed if,
+ * - glusterd has no peers, or
+ * - the request came from a known peer
+ */
+gf_boolean_t
+gd_validate_mgmt_hndsk_req (rpcsvc_request_t *req)
+{
+ int ret = -1;
+ char hostname[UNIX_PATH_MAX + 1] = {0,};
+ glusterd_peerinfo_t *peer = NULL;
+ xlator_t *this = NULL;
+
+ this = THIS;
+ GF_ASSERT (this);
+
+ if (!glusterd_have_peers ())
+ return _gf_true;
+
+ /* If you cannot get the hostname, you cannot authenticate */
+ ret = glusterd_remote_hostname_get (req, hostname, sizeof (hostname));
+ if (ret)
+ return _gf_false;
+
+ peer = glusterd_peerinfo_find (NULL, hostname);
+ if (peer == NULL) {
+ ret = -1;
+ gf_log (this->name, GF_LOG_ERROR, "Rejecting management "
+ "handshake request from unknown peer %s",
+ req->trans->peerinfo.identifier);
+ return _gf_false;
+ }
+
+ return _gf_true;
+}
+
int
__glusterd_mgmt_hndsk_versions (rpcsvc_request_t *req)
{
@@ -895,6 +932,12 @@ __glusterd_mgmt_hndsk_versions (rpcsvc_request_t *req)
this = THIS;
conf = this->private;
+ /* Check if we can service the request */
+ if (!gd_validate_mgmt_hndsk_req (req)) {
+ ret = -1;
+ goto out;
+ }
+
ret = xdr_to_generic (req->msg[0], &args,
(xdrproc_t)xdr_gf_mgmt_hndsk_req);
if (ret < 0) {
@@ -979,6 +1022,12 @@ __glusterd_mgmt_hndsk_versions_ack (rpcsvc_request_t *req)
this = THIS;
conf = this->private;
+ /* Check if we can service the request */
+ if (!gd_validate_mgmt_hndsk_req (req)) {
+ ret = -1;
+ goto out;
+ }
+
ret = xdr_to_generic (req->msg[0], &args,
(xdrproc_t)xdr_gf_mgmt_hndsk_req);
if (ret < 0) {
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c
index 50a99643616..bee17e50c51 100644
--- a/xlators/mgmt/glusterd/src/glusterd-utils.c
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.c
@@ -13620,3 +13620,18 @@ out:
GF_FREE (mnt_pt);
return ret;
}
+
+
+gf_boolean_t
+glusterd_have_peers ()
+{
+ xlator_t *this = NULL;
+ glusterd_conf_t *conf = NULL;
+
+ this = THIS;
+ GF_ASSERT (this);
+ conf = this->private;
+ GF_ASSERT (conf);
+
+ return !list_empty (&conf->peers);
+} \ No newline at end of file
diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.h b/xlators/mgmt/glusterd/src/glusterd-utils.h
index 2e06c2a6341..987f00cc91a 100644
--- a/xlators/mgmt/glusterd/src/glusterd-utils.h
+++ b/xlators/mgmt/glusterd/src/glusterd-utils.h
@@ -900,4 +900,7 @@ glusterd_update_fs_label (glusterd_brickinfo_t *brickinfo);
void
gd_get_snap_conf_values_if_present (dict_t *opts, uint64_t *sys_hard_limit,
uint64_t *sys_soft_limit);
+
+gf_boolean_t
+glusterd_have_peers ();
#endif