From 548547b2e41c8e2cf79b929405cf18aecbdedebc Mon Sep 17 00:00:00 2001
From: Jeff Darcy <jdarcy@redhat.com>
Date: Tue, 6 Jan 2015 10:03:49 -0500
Subject: transport: fix default behavior for SSL authorization

Previously, enabling SSL authentication/encryption but not authorization
required explicitly setting ssl-allow=*.  Now that same behavior is the
default (i.e. when ssl-allow is not set).

Also, there's no reason that a name used for *login* auth (typically a
UUID for internal purposes or a human name when using SSL) should
validate as an RFC-compliant host name or IP address.  Therefore the
validation only occurs when the auth type is "addr" (not "login" or
anything else).

Change-Id: I01485ff4f0ab37de4b182858235a5fb0cf4c3c7d
BUG: 1179208
Signed-off-by: Jeff Darcy <jdarcy@redhat.com>
Reviewed-on: http://review.gluster.org/9397
Reviewed-by: Krishnan Parthasarathi <kparthas@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 xlators/mgmt/glusterd/src/glusterd-volume-set.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'xlators/mgmt/glusterd')

diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
index f4c6cff1220..a92bfffdb4f 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c
@@ -963,6 +963,7 @@ struct volopt_map_entry glusterd_volopt_map[] = {
         { .key         = "auth.ssl-allow",
           .voltype     = "protocol/server",
           .option      = "!ssl-allow",
+          .value       = "*",
           .type        = NO_DOC,
           .op_version  = GD_OP_VERSION_3_6_0,
         },
-- 
cgit