gf_auth also needs to handle server.allow-insecure

When server.allow-insecure option is set, the connection from client can be from any port. gf_auth also needs to check for this option Signed-off-by: shishir gowda <shishirng@gluster.com> Signed-off-by: Anand Avati <avati@gluster.com> BUG: 2868 (Add xlator-option to support insecure-bind for clients) URL: http://bugs.gluster.com/cgi-bin/bugzilla3/show_bug.cgi?id=2868
author: shishir gowda <shishirng@gluster.com> 2011-05-30 09:34:45 +0000
committer: Anand Avati <avati@gluster.com> 2011-05-31 09:13:15 -0700
commit: 1209618f7dd622506fca3a78dff8afc8e14bf673 (patch)
tree: 238216e64aa9d9b911b673420e6b257113c48d31 /xlators/protocol
parent: b66af70226748ea81c09ffe316bfb9a71e7f1820 (diff)
1 files changed, 15 insertions, 1 deletions
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c
index 21dfa5e5835..5eeab451665 100644
--- a/xlators/protocol/auth/addr/src/addr.c
+++ b/xlators/protocol/auth/addr/src/addr.c
@@ -63,6 +63,8 @@ gf_auth (dict_t *input_params, dict_t *config_params)
         char           negate         = 0;
         char           match          = 0;
         char           peer_addr[UNIX_PATH_MAX];
+        char          *type           = NULL;
+        gf_boolean_t   allow_insecure = _gf_false;
 
         name = data_to_str (dict_get (input_params, "remote-subvolume"));
         if (!name) {
@@ -137,8 +139,20 @@ gf_auth (dict_t *input_params, dict_t *config_params)
                         ((struct sockaddr *) &peer_info->sockaddr)->sa_family = AF_INET_SDP;
                 }
 
+                ret = dict_get_str (config_params, "rpc-auth-allow-insecure",
+                                    &type);
+                if (ret == 0) {
+                        ret = gf_string2boolean (type, &allow_insecure);
+                        if (ret < 0) {
+                                gf_log ("auth/addr", GF_LOG_WARNING,
+                                        "rpc-auth-allow-insecure option %s "
+                                        "is not a valid bool option", type);
+                                goto out;
+                        }
+                }
+
                 peer_port = atoi (service);
-                if (peer_port >= PRIVILEGED_PORT_CEILING) {
+                if (peer_port >= PRIVILEGED_PORT_CEILING && !allow_insecure) {
                         gf_log ("auth/addr", GF_LOG_ERROR,
                                 "client is bound to port %d which is not privileged",
                                 peer_port);
author	shishir gowda <shishirng@gluster.com>	2011-05-30 09:34:45 +0000
committer	Anand Avati <avati@gluster.com>	2011-05-31 09:13:15 -0700
commit	1209618f7dd622506fca3a78dff8afc8e14bf673 (patch)
tree	238216e64aa9d9b911b673420e6b257113c48d31 /xlators/protocol
parent	b66af70226748ea81c09ffe316bfb9a71e7f1820 (diff)