summaryrefslogtreecommitdiffstats
path: root/xlators/protocol/server
diff options
context:
space:
mode:
authorKaushal M <kaushal@gluster.com>2011-08-23 12:23:53 +0530
committerVijay Bellur <vijay@gluster.com>2012-02-05 22:19:54 -0800
commitb708b18b833d1f2ba4da394884bc762a821ff56b (patch)
tree03ad6be7de107e6a5477a1d912a997781b06d57d /xlators/protocol/server
parent1d77fe2458be6dc567435dc59bb94870cd0fe529 (diff)
cli, protocol/server : improve validation for the option auth.(allow/reject)
cli now checks validity of address list given for 'volume set auth.*' Server xlator checks addresses supplied to auth.(allow/reject) option including wildcards for correctness in case volfile is manually edited. Original patch done by shylesh@gluster.com Original patch is at http://patches.gluster.com/patch/7566/ Change-Id: Icf52d6eeef64d6632b15aa90a379fadacdf74fef BUG: 764197 Signed-off-by: Kaushal M <kaushal@redhat.com> Reviewed-on: http://review.gluster.com/306 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Jeff Darcy <jdarcy@redhat.com> Reviewed-by: Vijay Bellur <vijay@gluster.com>
Diffstat (limited to 'xlators/protocol/server')
-rw-r--r--xlators/protocol/server/src/server.c43
1 files changed, 42 insertions, 1 deletions
diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c
index 60bc517ddbe..b0697bb7b9d 100644
--- a/xlators/protocol/server/src/server.c
+++ b/xlators/protocol/server/src/server.c
@@ -469,6 +469,8 @@ validate_auth_options (xlator_t *this, dict_t *dict)
xlator_list_t *trav = NULL;
data_pair_t *pair = NULL;
char *tail = NULL;
+ char *addr = NULL;
+ char *tmp_str = NULL;
GF_VALIDATE_OR_GOTO ("server", this, out);
GF_VALIDATE_OR_GOTO ("server", dict, out);
@@ -492,9 +494,47 @@ validate_auth_options (xlator_t *this, dict_t *dict)
if (*tail == '.') {
error = 0;
- break;
+
+ /* when we are here, the key is checked for
+ * valid auth.allow.<xlator>
+ * Now we verify the ip address
+ */
+ if (!strcmp (pair->value->data, "*")) {
+ error = 0;
+ goto out;
+ }
+
+ addr = strtok_r (pair->value->data, ",",
+ &tmp_str);
+ if (!addr)
+ addr = pair->value->data;
+
+ while (addr) {
+
+ if (valid_internet_address (addr) ||
+ valid_wildcard_internet_address (addr))
+ {
+ error = 0;
+ } else {
+ error = -1;
+ gf_log (this->name, GF_LOG_ERROR,
+ "internet address '%s'"
+ " does not conform to"
+ " standards.", addr);
+ goto out;
+
+ }
+ if (tmp_str)
+ addr = strtok_r (NULL, ",",
+ &tmp_str);
+ else
+ addr = NULL;
+ }
+
}
+
}
+
if (-1 == error) {
gf_log (this->name, GF_LOG_ERROR,
"volume '%s' defined as subvolume, but no "
@@ -504,6 +544,7 @@ validate_auth_options (xlator_t *this, dict_t *dict)
}
trav = trav->next;
}
+
out:
return error;
}