summaryrefslogtreecommitdiffstats
path: root/xlators/protocol
diff options
context:
space:
mode:
authorMohit Agrawal <moagrawa@redhat.com>2017-03-30 14:45:59 +0530
committerRaghavendra G <rgowdapp@redhat.com>2017-04-10 01:10:28 -0400
commitc7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171 (patch)
tree0402f58b5f1bbfc9692e74f4bcbae89384aceb8b /xlators/protocol
parent656bf04955936319de4b8711debcc9931a7c778e (diff)
downloadglusterfs-c7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171.tar.gz
glusterfs-c7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171.tar.xz
glusterfs-c7ba4b2b1a1cca6f217083ff9c1f01f23c9ca171.zip
cli/auth : auth.allow and auth.reject does not accept FQDN/host name
Problem : At the time of set FQDN name to "auth.allow/auth.reject" through gluster cli,it does not accept FQDN/host name. Solution: Condition needs to be update in verify_host_name and gf_auth to accept FQDN/host name. Fix : Change the condition to accept FQDN/host Name. To verify the patch followed below procedure 1) Try to set FQDN name for auth.allow or auth.reject parameter gluster v set myvol auth.reject <fqdn name> It gives error "fqdn-name" is not a valid internet-address-list 2) After apply the patch it does not give any error. 3) To verify auth.allow/reject try to mount volume on some client. Change-Id: Ieb76cbb93d43323fd29c7ca04efe3790edb4281b BUG: 1321578 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> Reviewed-on: https://review.gluster.org/15086 Smoke: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> CentOS-regression: Gluster Build System <jenkins@build.gluster.org> Reviewed-by: Niels de Vos <ndevos@redhat.com> Reviewed-by: Atin Mukherjee <amukherj@redhat.com> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'xlators/protocol')
-rw-r--r--xlators/protocol/auth/addr/src/addr.c39
1 files changed, 31 insertions, 8 deletions
diff --git a/xlators/protocol/auth/addr/src/addr.c b/xlators/protocol/auth/addr/src/addr.c
index 7ccbb577f4..cafcf28f1e 100644
--- a/xlators/protocol/auth/addr/src/addr.c
+++ b/xlators/protocol/auth/addr/src/addr.c
@@ -44,6 +44,7 @@ gf_auth (dict_t *input_params, dict_t *config_params)
char peer_addr[UNIX_PATH_MAX] = {0,};
char *type = NULL;
gf_boolean_t allow_insecure = _gf_false;
+ int length = 0;
name = data_to_str (dict_get (input_params, "remote-subvolume"));
if (!name) {
@@ -158,11 +159,22 @@ gf_auth (dict_t *input_params, dict_t *config_params)
addr_str++;
}
- match = fnmatch (addr_str, peer_addr, 0);
- if (negate ? match : !match) {
- result = AUTH_REJECT;
- goto out;
+ length = strlen(addr_str);
+ if ((addr_str[0] != '*') &&
+ valid_host_name (addr_str, length)) {
+ match = gf_is_same_address(addr_str, peer_addr);
+ if (match) {
+ result = AUTH_REJECT;
+ goto out;
+ }
+ } else {
+ match = fnmatch (addr_str, peer_addr, 0);
+ if (negate ? match : !match) {
+ result = AUTH_REJECT;
+ goto out;
+ }
}
+
addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp);
}
GF_FREE (addr_cpy);
@@ -185,11 +197,22 @@ gf_auth (dict_t *input_params, dict_t *config_params)
addr_str++;
}
- match = fnmatch (addr_str, peer_addr, 0);
- if (negate ? match : !match) {
- result = AUTH_ACCEPT;
- goto out;
+ length = strlen(addr_str);
+ if ((addr_str[0] != '*') &&
+ valid_host_name (addr_str, length)) {
+ match = gf_is_same_address(addr_str, peer_addr);
+ if (match) {
+ result = AUTH_ACCEPT;
+ goto out;
+ }
+ } else {
+ match = fnmatch (addr_str, peer_addr, 0);
+ if (negate ? match : !match) {
+ result = AUTH_ACCEPT;
+ goto out;
+ }
}
+
addr_str = strtok_r (NULL, ADDR_DELIMITER, &tmp);
}
}