|
 |
7c2869 |
From 89879f5303a35fa725d4d0f08f2e29be6cd75da7 Mon Sep 17 00:00:00 2001
|
|
|
7c2869 |
From: moagrawa <moagrawa@redhat.com>
|
|
|
7c2869 |
Date: Mon, 28 May 2018 19:20:54 +0530
|
|
|
7c2869 |
Subject: [PATCH 659/659] gluster: Allow only read-only CLI commands via
|
|
|
7c2869 |
remote-host
|
|
|
7c2869 |
|
|
|
7c2869 |
Problem: Current CLI code allows to run all commands via remote-host
|
|
|
7c2869 |
while SSL is enabled even node is not added in trusted storage
|
|
|
7c2869 |
pool
|
|
|
7c2869 |
|
|
|
7c2869 |
Solution: Change condition in init function in glusterd.c to allow only read-only
|
|
|
7c2869 |
CLI commands via remote-host while SSL is enabled.
|
|
|
7c2869 |
|
|
|
7c2869 |
BUG: 1582128
|
|
|
7c2869 |
Change-Id: I1ef653efe3ea7fb9a1677cd80e09e0ea97b0177c
|
|
|
7c2869 |
Signed-off-by: moagrawa <moagrawa@redhat.com>
|
|
|
7c2869 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/140053
|
|
|
7c2869 |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
7c2869 |
---
|
|
|
7c2869 |
xlators/mgmt/glusterd/src/glusterd.c | 5 -----
|
|
|
7c2869 |
1 file changed, 5 deletions(-)
|
|
|
7c2869 |
|
|
|
7c2869 |
diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
|
|
|
7c2869 |
index 71261af..12ed558 100644
|
|
|
7c2869 |
--- a/xlators/mgmt/glusterd/src/glusterd.c
|
|
|
7c2869 |
+++ b/xlators/mgmt/glusterd/src/glusterd.c
|
|
|
7c2869 |
@@ -1750,11 +1750,6 @@ init (xlator_t *this)
|
|
|
7c2869 |
goto out;
|
|
|
7c2869 |
}
|
|
|
7c2869 |
/*
|
|
|
7c2869 |
- * With strong authentication, we can afford to allow
|
|
|
7c2869 |
- * privileged operations over TCP.
|
|
|
7c2869 |
- */
|
|
|
7c2869 |
- gd_inet_programs[1] = &gd_svc_cli_prog;
|
|
|
7c2869 |
- /*
|
|
|
7c2869 |
* This is the only place where we want secure_srvr to reflect
|
|
|
7c2869 |
* the management-plane setting.
|
|
|
7c2869 |
*/
|
|
|
7c2869 |
--
|
|
|
7c2869 |
1.8.3.1
|
|
|
7c2869 |
|