From 243a5b429f225acb8e7132264fe0a0835ff013d5 Mon Sep 17 00:00:00 2001 From: Prasanna Kumar Kalever Date: Wed, 24 Jun 2015 12:21:02 +0530 Subject: rpc: By default set allow-insecure, bind-insecure to on Backport of http://review.gluster.org/11039 since we now use SSL (Secure Sockets Layer) for the security issues, the patch changes the default setting to allow connections/requests from non-privilaged ports by setting allow-insecure and bind-insecure to 1 Also added bind functionality for insecure binding which can select from available local ports dynamically BUG: 1232660 Change-Id: I927e112223f33611452093e38cd846a0b9347e57 Signed-off-by: Pranith Kumar K Signed-off-by: Prasanna Kumar Kalever Reviewed-on: http://review.gluster.org/11274 Tested-by: NetBSD Build System Tested-by: Gluster Build System Reviewed-by: Raghavendra G --- rpc/rpc-lib/src/rpcsvc-auth.c | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) (limited to 'rpc/rpc-lib/src/rpcsvc-auth.c') diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index 6b4c7937437..b7d6c2216ef 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -221,9 +221,20 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options) else svc->allow_insecure = 0; } + } else { + /* By default set allow-insecure to true */ + svc->allow_insecure = 1; + + /* setting in options for the sake of functions that look + * configuration params for allow insecure, eg: gf_auth + */ + ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); + if (ret < 0) + gf_log ("rpc-auth", GF_LOG_DEBUG, + "dict_set failed for 'allow-insecure'"); } - return 0; + return ret; } int -- cgit