diff options
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/rpc-lib/src/rpc-transport.c | 3 | ||||
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc-auth.c | 13 | ||||
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 6 | ||||
| -rw-r--r-- | rpc/rpc-transport/socket/src/name.c | 51 |
4 files changed, 52 insertions, 21 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 149a831951d..4ade6b7d0b3 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -262,7 +262,8 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name) else trans->bind_insecure = 0; } else { - trans->bind_insecure = 0; + /* By default allow bind insecure */ + trans->bind_insecure = 1; } ret = dict_get_str (options, "transport-type", &type); diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index 6b4c7937437..b7d6c2216ef 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) else svc->allow_insecure = 0; } + } else { + /* By default set allow-insecure to true */ + svc->allow_insecure = 1; + + /* setting in options for the sake of functions that look + * configuration params for allow insecure, eg: gf_auth + */ + ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); + if (ret < 0) + gf_log ("rpc-auth", GF_LOG_DEBUG, + "dict_set failed for 'allow-insecure'"); } - return 0; + return ret; } int diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index d151d541cee..a108ea56a5d 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -631,8 +631,10 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans, gf_log (GF_RPCSVC, GF_LOG_ERROR, "Request received from non-" "privileged port. Failing request"); - rpcsvc_request_destroy (req); - return -1; + req->rpc_status = MSG_DENIED; + req->rpc_err = AUTH_ERROR; + req->auth_err = RPCSVC_AUTH_REJECT; + goto err_reply; } /* DRC */ diff --git a/rpc/rpc-transport/socket/src/name.c b/rpc/rpc-transport/socket/src/name.c index f731bab4b0a..93cb3c461f2 100644 --- a/rpc/rpc-transport/socket/src/name.c +++ b/rpc/rpc-transport/socket/src/name.c @@ -23,6 +23,21 @@ #include "socket.h" #include "common-utils.h" +static void +_assign_port (struct sockaddr *sockaddr, uint16_t port) +{ + switch (sockaddr->sa_family) { + case AF_INET6: + ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); + break; + + case AF_INET_SDP: + case AF_INET: + ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); + break; + } +} + static int32_t af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, socklen_t sockaddr_len, int ceiling) @@ -41,17 +56,7 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr, while (port) { - switch (sockaddr->sa_family) - { - case AF_INET6: - ((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port); - break; - - case AF_INET_SDP: - case AF_INET: - ((struct sockaddr_in *)sockaddr)->sin_port = htons (port); - break; - } + _assign_port (sockaddr, port); // ignore the reserved ports if (ports[port] == _gf_true) { port--; @@ -440,12 +445,24 @@ client_bind (rpc_transport_t *this, if (!this->bind_insecure) { ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr, *sockaddr_len, GF_CLIENT_PORT_CEILING); - } - if (ret == -1) { - gf_log (this->name, GF_LOG_DEBUG, - "cannot bind inet socket (%d) to port less than %d (%s)", - sock, GF_CLIENT_PORT_CEILING, strerror (errno)); - ret = 0; + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "cannot bind inet socket (%d) to port less than %d (%s)", + sock, GF_CLIENT_PORT_CEILING, strerror (errno)); + ret = 0; + } + } else { + /* A port number of zero will let the bind function to + * pick any available local port dynamically + */ + _assign_port (sockaddr, 0); + ret = bind (sock, sockaddr, *sockaddr_len); + if (ret == -1) { + gf_log (this->name, GF_LOG_DEBUG, + "failed while binding to available ports (%s)", + strerror (errno)); + ret = 0; + } } break; |