diff options
| author | Mohit Agrawal <moagrawa@redhat.com> | 2017-03-30 14:45:59 +0530 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2017-04-10 01:10:28 -0400 |
| commit | c7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171 (patch) | |
| tree | 0402f58b5f1bbfc9692e74f4bcbae89384aceb8b /xlators | |
| parent | 656bf04955936319de4b8711debcc9931a7c778e (diff) | |
cli/auth : auth.allow and auth.reject does not accept FQDN/host name
Problem : At the time of set FQDN name to "auth.allow/auth.reject" through
gluster cli,it does not accept FQDN/host name.
Solution: Condition needs to be update in verify_host_name and gf_auth
to accept FQDN/host name.
Fix : Change the condition to accept FQDN/host Name.
To verify the patch followed below procedure
1) Try to set FQDN name for auth.allow or auth.reject parameter
gluster v set myvol auth.reject <fqdn name>
It gives error "fqdn-name" is not a valid internet-address-list
2) After apply the patch it does not give any error.
3) To verify auth.allow/reject try to mount volume on some client.
Change-Id: Ieb76cbb93d43323fd29c7ca04efe3790edb4281b
BUG: 1321578
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Reviewed-on: https://review.gluster.org/15086
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/protocol/auth/addr/src/addr.c | 39 |
1 files changed, 31 insertions, 8 deletions
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c index 7ccbb577f48..cafcf28f1e9 100644 --- a/xlators/protocol/auth/addr/src/addr.c +++ b/xlators/protocol/auth/addr/src/addr.c @@ -44,6 +44,7 @@ gf_auth (dict_t *input_params, dict_t *config_params) char peer_addr[UNIX_PATH_MAX] = {0,}; char *type = NULL; gf_boolean_t allow_insecure = _gf_false; + int length = 0; name = data_to_str (dict_get (input_params, "remote-subvolume")); if (!name) { @@ -158,11 +159,22 @@ gf_auth (dict_t *input_params, dict_t *config_params) addr_str++; } - match = fnmatch (addr_str, peer_addr, 0); - if (negate ? match : !match) { - result = AUTH_REJECT; - goto out; + length = strlen(addr_str); + if ((addr_str[0] != '*') && + valid_host_name (addr_str, length)) { + match = gf_is_same_address(addr_str, peer_addr); + if (match) { + result = AUTH_REJECT; + goto out; + } + } else { + match = fnmatch (addr_str, peer_addr, 0); + if (negate ? match : !match) { + result = AUTH_REJECT; + goto out; + } } + addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); } GF_FREE (addr_cpy); @@ -185,11 +197,22 @@ gf_auth (dict_t *input_params, dict_t *config_params) addr_str++; } - match = fnmatch (addr_str, peer_addr, 0); - if (negate ? match : !match) { - result = AUTH_ACCEPT; - goto out; + length = strlen(addr_str); + if ((addr_str[0] != '*') && + valid_host_name (addr_str, length)) { + match = gf_is_same_address(addr_str, peer_addr); + if (match) { + result = AUTH_ACCEPT; + goto out; + } + } else { + match = fnmatch (addr_str, peer_addr, 0); + if (negate ? match : !match) { + result = AUTH_ACCEPT; + goto out; + } } + addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp); } } |