From 00e247ee44067f2b3e7ca5f7e6dc2f7934c97181 Mon Sep 17 00:00:00 2001
From: Santosh Kumar Pradhan <spradhan@redhat.com>
Date: Wed, 9 Apr 2014 10:19:43 +0530
Subject: gNFS: Support wildcard in RPC auth allow/reject

RFE: Support wildcard in "nfs.rpc-auth-allow" and
"nfs.rpc-auth-reject". e.g.
  *.redhat.com
  192.168.1[1-5].*
  192.168.1[1-5].*, *.redhat.com, 192.168.21.9

  Along with wildcard, support for subnetwork or IP range e.g.
  192.168.10.23/24

The option will be validated for following categories:
1) Anonymous i.e. "*"
2) Wildcard pattern i.e. string containing any ('*', '?', '[')
3) IPv4 address
4) IPv6 address
5) FQDN
6) subnetwork or IPv4 range

Currently this does not support IPv6 subnetwork.

Change-Id: Iac8caf5e490c8174d61111dad47fd547d4f67bf4
BUG: 1086097
Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
Reviewed-on: http://review.gluster.org/7485
Reviewed-by: Poornima G <pgurusid@redhat.com>
Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
---
 libglusterfs/src/options.c | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)

(limited to 'libglusterfs/src/options.c')

diff --git a/libglusterfs/src/options.c b/libglusterfs/src/options.c
index 31e5a681d..a0881b4ad 100644
--- a/libglusterfs/src/options.c
+++ b/libglusterfs/src/options.c
@@ -574,6 +574,45 @@ out:
         return ret;
 }
 
+static int
+xlator_option_validate_mntauth (xlator_t *xl, const char *key,
+                                const char *value, volume_option_t *opt,
+                                char **op_errstr)
+{
+        int          ret = -1;
+        char         *dup_val = NULL;
+        char         *addr_tok = NULL;
+        char         *save_ptr = NULL;
+        char         errstr[4096] = {0,};
+
+        dup_val = gf_strdup (value);
+        if (!dup_val)
+                goto out;
+
+        addr_tok = strtok_r (dup_val, ",", &save_ptr);
+        if (addr_tok == NULL)
+                goto out;
+        while (addr_tok) {
+                if (!valid_mount_auth_address (addr_tok))
+                        goto out;
+
+                addr_tok = strtok_r (NULL, ",", &save_ptr);
+        }
+        ret = 0;
+
+out:
+        if (ret) {
+                snprintf (errstr, sizeof (errstr), "option %s %s: '%s' is not "
+                "a valid mount-auth-address", key, value, value);
+                gf_log (xl->name, GF_LOG_ERROR, "%s", errstr);
+                if (op_errstr)
+                        *op_errstr = gf_strdup (errstr);
+        }
+        GF_FREE (dup_val);
+
+        return ret;
+}
+
 /*XXX: the rules to validate are as per block-size required for stripe xlator */
 static int
 gf_validate_size (const char *sizestr, volume_option_t *opt)
@@ -744,6 +783,7 @@ xlator_option_validate (xlator_t *xl, char *key, char *value,
                 xlator_option_validate_priority_list,
                 [GF_OPTION_TYPE_SIZE_LIST]   = xlator_option_validate_size_list,
                 [GF_OPTION_TYPE_ANY]         = xlator_option_validate_any,
+                [GF_OPTION_TYPE_CLIENT_AUTH_ADDR] = xlator_option_validate_mntauth,
                 [GF_OPTION_TYPE_MAX]         = NULL,
         };
 
-- 
cgit