Revert "rpc: By default set allow-insecure, bind-insecure to on"
This reverts commit 5bf6522562.
This patch introduced a regression where client no longer binds to
privileged port. This is causing lots of regressions. Hence reverting
this patch for now and will be resent after suitable modifications.
Change-Id: Id697013ca6474e9c192e8f58c8179522fa5d397e
Reviewed-on: http://review.gluster.org/11507
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Tested-by: Raghavendra G <rgowdapp@redhat.com>
This commit is contained in:
Raghavendra G
@ -262,8 +262,7 @@ rpc_transport_load (glusterfs_ctx_t *ctx, dict_t *options, char *trans_name)
|
|||||||
else
|
else
|
||||||
trans->bind_insecure = 0;
|
trans->bind_insecure = 0;
|
||||||
} else {
|
} else {
|
||||||
/* By default allow bind insecure */
|
trans->bind_insecure = 0;
|
||||||
trans->bind_insecure = 1;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = dict_get_str (options, "transport-type", &type);
|
ret = dict_get_str (options, "transport-type", &type);
|
||||||
|
|||||||
@ -221,20 +221,9 @@ rpcsvc_set_allow_insecure (rpcsvc_t *svc, dict_t *options)
|
|||||||
else
|
else
|
||||||
svc->allow_insecure = 0;
|
svc->allow_insecure = 0;
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
/* By default set allow-insecure to true */
|
|
||||||
svc->allow_insecure = 1;
|
|
||||||
|
|
||||||
/* setting in options for the sake of functions that look
|
|
||||||
* configuration params for allow insecure, eg: gf_auth
|
|
||||||
*/
|
|
||||||
ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
|
|
||||||
if (ret < 0)
|
|
||||||
gf_log ("rpc-auth", GF_LOG_DEBUG,
|
|
||||||
"dict_set failed for 'allow-insecure'");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return ret;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
|
|||||||
@ -631,10 +631,8 @@ rpcsvc_handle_rpc_call (rpcsvc_t *svc, rpc_transport_t *trans,
|
|||||||
gf_log (GF_RPCSVC, GF_LOG_ERROR,
|
gf_log (GF_RPCSVC, GF_LOG_ERROR,
|
||||||
"Request received from non-"
|
"Request received from non-"
|
||||||
"privileged port. Failing request");
|
"privileged port. Failing request");
|
||||||
req->rpc_status = MSG_DENIED;
|
rpcsvc_request_destroy (req);
|
||||||
req->rpc_err = AUTH_ERROR;
|
return -1;
|
||||||
req->auth_err = RPCSVC_AUTH_REJECT;
|
|
||||||
goto err_reply;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* DRC */
|
/* DRC */
|
||||||
|
|||||||
@ -23,21 +23,6 @@
|
|||||||
#include "socket.h"
|
#include "socket.h"
|
||||||
#include "common-utils.h"
|
#include "common-utils.h"
|
||||||
|
|
||||||
static void
|
|
||||||
_assign_port (struct sockaddr *sockaddr, uint16_t port)
|
|
||||||
{
|
|
||||||
switch (sockaddr->sa_family) {
|
|
||||||
case AF_INET6:
|
|
||||||
((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
|
|
||||||
break;
|
|
||||||
|
|
||||||
case AF_INET_SDP:
|
|
||||||
case AF_INET:
|
|
||||||
((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
static int32_t
|
static int32_t
|
||||||
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
|
af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
|
||||||
socklen_t sockaddr_len, int ceiling)
|
socklen_t sockaddr_len, int ceiling)
|
||||||
@ -56,7 +41,17 @@ af_inet_bind_to_port_lt_ceiling (int fd, struct sockaddr *sockaddr,
|
|||||||
|
|
||||||
while (port)
|
while (port)
|
||||||
{
|
{
|
||||||
_assign_port (sockaddr, port);
|
switch (sockaddr->sa_family)
|
||||||
|
{
|
||||||
|
case AF_INET6:
|
||||||
|
((struct sockaddr_in6 *)sockaddr)->sin6_port = htons (port);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case AF_INET_SDP:
|
||||||
|
case AF_INET:
|
||||||
|
((struct sockaddr_in *)sockaddr)->sin_port = htons (port);
|
||||||
|
break;
|
||||||
|
}
|
||||||
// ignore the reserved ports
|
// ignore the reserved ports
|
||||||
if (ports[port] == _gf_true) {
|
if (ports[port] == _gf_true) {
|
||||||
port--;
|
port--;
|
||||||
@ -445,24 +440,12 @@ client_bind (rpc_transport_t *this,
|
|||||||
if (!this->bind_insecure) {
|
if (!this->bind_insecure) {
|
||||||
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
|
ret = af_inet_bind_to_port_lt_ceiling (sock, sockaddr,
|
||||||
*sockaddr_len, GF_CLIENT_PORT_CEILING);
|
*sockaddr_len, GF_CLIENT_PORT_CEILING);
|
||||||
if (ret == -1) {
|
}
|
||||||
gf_log (this->name, GF_LOG_DEBUG,
|
if (ret == -1) {
|
||||||
"cannot bind inet socket (%d) to port less than %d (%s)",
|
gf_log (this->name, GF_LOG_DEBUG,
|
||||||
sock, GF_CLIENT_PORT_CEILING, strerror (errno));
|
"cannot bind inet socket (%d) to port less than %d (%s)",
|
||||||
ret = 0;
|
sock, GF_CLIENT_PORT_CEILING, strerror (errno));
|
||||||
}
|
ret = 0;
|
||||||
} else {
|
|
||||||
/* A port number of zero will let the bind function to
|
|
||||||
* pick any available local port dynamically
|
|
||||||
*/
|
|
||||||
_assign_port (sockaddr, 0);
|
|
||||||
ret = bind (sock, sockaddr, *sockaddr_len);
|
|
||||||
if (ret == -1) {
|
|
||||||
gf_log (this->name, GF_LOG_DEBUG,
|
|
||||||
"failed while binding to available ports (%s)",
|
|
||||||
strerror (errno));
|
|
||||||
ret = 0;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user