NFS server: allow clients to connect from insecure (>1024) ports and support for both rpc-auth-allow-insecure and rpc-auth.ports.insecure

Change-Id: I4e3fbfe37d6d3e8443d5b7b79faf6e364fdb87be
BUG: 3296
Reviewed-on: http://review.gluster.com/178
Reviewed-by: Shishir Gowda <shishirng@gluster.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@gluster.com>

3 files changed, 97 insertions, 0 deletions

diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c
index 76b96e71303..ff9037ccf2a 100644
--- a/xlators/nfs/server/src/mount3.c
+++ b/xlators/nfs/server/src/mount3.c
@@ -1803,6 +1803,24 @@ mnt3svc_init (xlator_t *nfsx)
         if (ret == -1)
                 goto err;
         ret = dict_set_str (options, "transport-type", "socket");
+        if (ret == -1) {
+                gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                goto err;
+        }
+
+        if (nfs->allow_insecure) {
+                ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto err;
+                }
+                ret = dict_set_str (options, "rpc-auth.ports.insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto err;
+                }
+        }
+
         rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name);
         if (ret == -1) {
                 gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners");
@@ -1869,6 +1887,24 @@ mnt1svc_init (xlator_t *nfsx)
         if (ret == -1)
                 goto err;
         ret = dict_set_str (options, "transport-type", "socket");
+        if (ret == -1) {
+                gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                goto err;
+        }
+
+        if (nfs->allow_insecure) {
+                ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto err;
+                }
+                ret = dict_set_str (options, "rpc-auth.ports.insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto err;
+                }
+        }
+
         rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name);
         if (ret == -1) {
                 gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners");
diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c
index 804fedb8622..1c38237fd24 100644
--- a/xlators/nfs/server/src/nfs.c
+++ b/xlators/nfs/server/src/nfs.c
@@ -609,6 +609,66 @@ nfs_init_state (xlator_t *this)
                         goto free_foppool;
                 }
         }
+
+        /* support both options rpc-auth.ports.insecure and
+         * rpc-auth-allow-insecure for backward compatibility
+         */
+        nfs->allow_insecure = 1;
+        if (dict_get(this->options, "rpc-auth.ports.insecure")) {
+                ret = dict_get_str (this->options, "rpc-auth.ports.insecure",
+                                    &optstr);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+                        goto free_foppool;
+                }
+
+                ret = gf_string2boolean (optstr, &boolt);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool "
+                                "string");
+                        goto free_foppool;
+                }
+
+                if (boolt == _gf_false)
+                        nfs->allow_insecure = 0;
+        }
+
+        if (dict_get(this->options, "rpc-auth-allow-insecure")) {
+                ret = dict_get_str (this->options, "rpc-auth-allow-insecure",
+                                    &optstr);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+                        goto free_foppool;
+                }
+
+                ret = gf_string2boolean (optstr, &boolt);
+                if (ret < 0) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool "
+                                "string");
+                        goto free_foppool;
+                }
+
+                if (boolt == _gf_false)
+                        nfs->allow_insecure = 0;
+        }
+
+        if (nfs->allow_insecure) {
+                /* blindly set both the options */
+                dict_del(this->options, "rpc-auth-allow-insecure");
+                ret = dict_set_str (this->options,
+                                    "rpc-auth-allow-insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto free_foppool;
+                }
+                dict_del(this->options, "rpc-auth.ports.insecure");
+                ret = dict_set_str (this->options,
+                                    "rpc-auth.ports.insecure", "on");
+                if (ret == -1) {
+                        gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+                        goto free_foppool;
+                }
+        }
         this->private = (void *)nfs;
         INIT_LIST_HEAD (&nfs->versions);
 
diff --git a/xlators/nfs/server/src/nfs.h b/xlators/nfs/server/src/nfs.h
index d1ff3ba2800..a174ef13b4a 100644
--- a/xlators/nfs/server/src/nfs.h
+++ b/xlators/nfs/server/src/nfs.h
@@ -75,6 +75,7 @@ struct nfs_state {
         int                     dynamicvolumes;
         int                     enable_ino32;
         unsigned int            override_portnum;
+        int                     allow_insecure;
 };
 
 #define gf_nfs_dvm_on(nfsstt)   (((struct nfs_state *)nfsstt)->dynamicvolumes == GF_NFS_DVM_ON)