803d1bd34c
Resolves: bz#1493085 bz#1518710 bz#1554255 bz#1558948 bz#1558989 Resolves: bz#1559452 bz#1567001 bz#1569312 bz#1569951 bz#1575539 Resolves: bz#1575557 bz#1577051 bz#1580120 bz#1581184 bz#1581553 Resolves: bz#1581647 bz#1582119 bz#1582129 bz#1582417 bz#1583047 Resolves: bz#1588408 bz#1592666 bz#1594658 Signed-off-by: Milind Changire <mchangir@redhat.com>
42 lines
1.5 KiB
Diff
42 lines
1.5 KiB
Diff
From 98a7692aebbe05a50f39d9c8d3e44fcfb42a580b Mon Sep 17 00:00:00 2001
|
|
From: moagrawa <moagrawa@redhat.com>
|
|
Date: Mon, 28 May 2018 19:20:54 +0530
|
|
Subject: [PATCH 285/305] gluster: Allow only read-only CLI commands via
|
|
remote-host
|
|
|
|
Problem: Current CLI code allows to run all commands via remote-host
|
|
while SSL is enabled even node is not added in trusted storage
|
|
pool
|
|
|
|
Solution: Change condition in init function in glusterd.c to allow only read-only
|
|
CLI commands via remote-host while SSL is enabled.
|
|
|
|
BUG: 1582129
|
|
Change-Id: Ibf427c417437cd051822e30dea11a6c21d0dca6b
|
|
Signed-off-by: moagrawa <moagrawa@redhat.com>
|
|
Reviewed-on: https://code.engineering.redhat.com/gerrit/140024
|
|
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
---
|
|
xlators/mgmt/glusterd/src/glusterd.c | 5 -----
|
|
1 file changed, 5 deletions(-)
|
|
|
|
diff --git a/xlators/mgmt/glusterd/src/glusterd.c b/xlators/mgmt/glusterd/src/glusterd.c
|
|
index ed01b93..78a37eb 100644
|
|
--- a/xlators/mgmt/glusterd/src/glusterd.c
|
|
+++ b/xlators/mgmt/glusterd/src/glusterd.c
|
|
@@ -1750,11 +1750,6 @@ init (xlator_t *this)
|
|
goto out;
|
|
}
|
|
/*
|
|
- * With strong authentication, we can afford to allow
|
|
- * privileged operations over TCP.
|
|
- */
|
|
- gd_inet_programs[1] = &gd_svc_cli_prog;
|
|
- /*
|
|
* This is the only place where we want secure_srvr to reflect
|
|
* the management-plane setting.
|
|
*/
|
|
--
|
|
1.8.3.1
|
|
|