diff options
author | Kaushal M <kaushal@gluster.com> | 2011-08-23 12:23:53 +0530 |
---|---|---|
committer | Vijay Bellur <vijay@gluster.com> | 2012-02-05 22:19:54 -0800 |
commit | b708b18b833d1f2ba4da394884bc762a821ff56b (patch) | |
tree | 03ad6be7de107e6a5477a1d912a997781b06d57d /xlators/protocol/server | |
parent | 1d77fe2458be6dc567435dc59bb94870cd0fe529 (diff) |
cli, protocol/server : improve validation for the option auth.(allow/reject)
cli now checks validity of address list given for 'volume set auth.*'
Server xlator checks addresses supplied to auth.(allow/reject) option
including wildcards for correctness in case volfile is manually edited.
Original patch done by shylesh@gluster.com
Original patch is at http://patches.gluster.com/patch/7566/
Change-Id: Icf52d6eeef64d6632b15aa90a379fadacdf74fef
BUG: 764197
Signed-off-by: Kaushal M <kaushal@redhat.com>
Reviewed-on: http://review.gluster.com/306
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Diffstat (limited to 'xlators/protocol/server')
-rw-r--r-- | xlators/protocol/server/src/server.c | 43 |
1 files changed, 42 insertions, 1 deletions
diff --git a/xlators/protocol/server/src/server.c b/xlators/protocol/server/src/server.c index 60bc517ddbe..b0697bb7b9d 100644 --- a/xlators/protocol/server/src/server.c +++ b/xlators/protocol/server/src/server.c @@ -469,6 +469,8 @@ validate_auth_options (xlator_t *this, dict_t *dict) xlator_list_t *trav = NULL; data_pair_t *pair = NULL; char *tail = NULL; + char *addr = NULL; + char *tmp_str = NULL; GF_VALIDATE_OR_GOTO ("server", this, out); GF_VALIDATE_OR_GOTO ("server", dict, out); @@ -492,9 +494,47 @@ validate_auth_options (xlator_t *this, dict_t *dict) if (*tail == '.') { error = 0; - break; + + /* when we are here, the key is checked for + * valid auth.allow.<xlator> + * Now we verify the ip address + */ + if (!strcmp (pair->value->data, "*")) { + error = 0; + goto out; + } + + addr = strtok_r (pair->value->data, ",", + &tmp_str); + if (!addr) + addr = pair->value->data; + + while (addr) { + + if (valid_internet_address (addr) || + valid_wildcard_internet_address (addr)) + { + error = 0; + } else { + error = -1; + gf_log (this->name, GF_LOG_ERROR, + "internet address '%s'" + " does not conform to" + " standards.", addr); + goto out; + + } + if (tmp_str) + addr = strtok_r (NULL, ",", + &tmp_str); + else + addr = NULL; + } + } + } + if (-1 == error) { gf_log (this->name, GF_LOG_ERROR, "volume '%s' defined as subvolume, but no " @@ -504,6 +544,7 @@ validate_auth_options (xlator_t *this, dict_t *dict) } trav = trav->next; } + out: return error; } |