glusterfs.git/xlators/protocol, branch release-3.12 glusterd: volume inode/fd status broken with brick mux 2018-09-18T06:54:52+00:00 hari gowtham hgowtham@redhat.com 2018-04-11T12:08:26+00:00 ca5adfb65b08841714431e97751a0c0c63a4bbdf backport of:https://review.gluster.org/#/c/19846/6 Problem: The values for inode/fd was populated from the ctx received from the server xlator. Without brickmux, every brick from a volume belonged to a single brick from the volume. So searching the server and populating it worked. With brickmux, a number of bricks can be confined to a single process. These bricks can be from different volumes too (if we use the max-bricks-per-process option). If they are from different volumes, using the server xlator to populate causes problem. Fix: Use the brick to validate and populate the inode/fd status. >Signed-off-by: hari gowtham <hgowtham@redhat.com> >Change-Id: I2543fa5397ea095f8338b518460037bba3dfdbfd >fixes: bz#1566067 Change-Id: I2543fa5397ea095f8338b518460037bba3dfdbfd BUG: 1569336 fixes: bz#1569336 Signed-off-by: hari gowtham <hgowtham@redhat.com> 
        backport of:https://review.gluster.org/#/c/19846/6

Problem:
The values for inode/fd was populated from the ctx received
from the server xlator.
Without brickmux, every brick from a volume belonged to a
single brick from the volume.
So searching the server and populating it worked.

With brickmux, a number of bricks can be confined to a single
process. These bricks can be from different volumes too (if
we use the max-bricks-per-process option).
If they are from different volumes, using the server xlator
to populate causes problem.

Fix:
Use the brick to validate and populate the inode/fd status.

>Signed-off-by: hari gowtham <hgowtham@redhat.com>
>Change-Id: I2543fa5397ea095f8338b518460037bba3dfdbfd
>fixes: bz#1566067

Change-Id: I2543fa5397ea095f8338b518460037bba3dfdbfd
BUG: 1569336
fixes: bz#1569336
Signed-off-by: hari gowtham <hgowtham@redhat.com>
protocol: don't use alloca 2018-09-06T15:55:43+00:00 Amar Tumballi amarts@redhat.com 2018-07-24T08:26:56+00:00 3898f8e35be7c59b753d120e3878af5ba59cdaaf current implementation of alloca can cause issues when strings larger than the allocated buffer is passed to the xdr. Hence it makes sense to allow XDR decode functions to deal with memory allocations, which we can free later. BUG: 1625654 Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
current implementation of alloca can cause issues when strings larger
than the allocated buffer is passed to the xdr. Hence it makes sense
to allow XDR decode functions to deal with memory allocations, which
we can free later.

BUG: 1625654
Change-Id: I3a05553f5702de9575c244649ca0e5ac9abaac94
Signed-off-by: Amar Tumballi <amarts@redhat.com>
server-protocol: don't allow '../' path in 'name' 2018-09-06T15:54:16+00:00 Amar Tumballi amarts@redhat.com 2018-08-09T07:30:01+00:00 8356b9f169f73cfdfaf6e96fcd0af618efc3a649 This will prevent any arbitrary file creation through glusterfs by modifying the client bits. Also check for the similar flaw inside posix too, so we prevent any changes in layers in-between. BUG: 1625664 Signed-off-by: Amar Tumballi <amarts@redhat.com> Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e 
This will prevent any arbitrary file creation through glusterfs
by modifying the client bits.

Also check for the similar flaw inside posix too, so we prevent any
changes in layers in-between.

BUG: 1625664
Signed-off-by: Amar Tumballi <amarts@redhat.com>
Change-Id: Id9fe0ef6e86459e8ed85ab947d977f058c5ae06e
protocol/server: Fix xdata leak in seek fop 2018-06-12T07:07:17+00:00 Pranith Kumar K pkarampu@redhat.com 2018-06-11T07:33:58+00:00 d58107726c233b634ffa31ca404c7d55dbdf8f69 Change-Id: I6125283ed22c04564f0b77bb7a50579a83e02eb0 fixes: bz#1590133 Signed-off-by: Pranith Kumar K <pkarampu@redhat.com> (cherry picked from commit fd5b48ea0afd907deb08604415bee14ab65f378b) 
Change-Id: I6125283ed22c04564f0b77bb7a50579a83e02eb0
fixes: bz#1590133
Signed-off-by: Pranith Kumar K <pkarampu@redhat.com>
(cherry picked from commit fd5b48ea0afd907deb08604415bee14ab65f378b)
server/auth: add option for strict authentication 2018-04-22T22:13:37+00:00 Mohammed Rafi KC rkavunga@redhat.com 2018-04-02T06:50:47+00:00 b50d7aead1c2a7893dc0f4281bf7fc8027e2dacb When this option is enabled, we will check for a matching username and password, if not found then the connection will be rejected. This also does a checksum validation of volfile The option is invalid when SSL/TLS is in use, at which point the SSL/TLS certificate user name is used to validate and hence authorize the right user. This expects TLS allow rules to be setup correctly rather than the default *. This option is not settable, as a result this cannot be enabled for volumes using the CLI. This is used with the shared storage volume, to restrict access to the same in non-SSL/TLS environments to the gluster peers only. Tested: ./tests/bugs/protocol/bug-1321578.t ./tests/features/ssl-authz.t - Ran tests on volumes with and without strict auth checking (as brick vol file needed to be edited to test, or rather to enable the option) - Ran tests on volumes to ensure existing mounts are disconnected when we enable strict checking Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59 fixes: bz#1570430 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com> Signed-off-by: ShyamsundarR <srangana@redhat.com> 
When this option is enabled, we will check for a matching
username and password, if not found then the connection will
be rejected. This also does a checksum validation of volfile

The option is invalid when SSL/TLS is in use, at which point
the SSL/TLS certificate user name is used to validate and
hence authorize the right user. This expects TLS allow rules
to be setup correctly rather than the default *.

This option is not settable, as a result this cannot be enabled
for volumes using the CLI. This is used with the shared storage
volume, to restrict access to the same in non-SSL/TLS environments
to the gluster peers only.

Tested:
  ./tests/bugs/protocol/bug-1321578.t
  ./tests/features/ssl-authz.t
  - Ran tests on volumes with and without strict auth
    checking (as brick vol file needed to be edited to test,
    or rather to enable the option)
  - Ran tests on volumes to ensure existing mounts are
    disconnected when we enable strict checking

Change-Id: I2ac4f0cfa5b59cc789cc5a265358389b04556b59
fixes: bz#1570430
Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
Signed-off-by: ShyamsundarR <srangana@redhat.com>
glusterfsd: Memleak in glusterfsd process while brick mux is on 2018-04-06T12:47:34+00:00 Mohit Agrawal moagrawa@redhat.com 2018-02-10T06:55:15+00:00 479bea17e75d8e75a8901d01b3fd3627bfd8991c Problem: At the time of stopping the volume while brick multiplex is enabled memory is not cleanup from all server side xlators. Solution: To cleanup memory for all server side xlators call fini in glusterfs_handle_terminate after send GF_EVENT_CLEANUP notification to top xlator. > BUG: 1544090 > Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> > (cherry picked from commit 7c3cc485054e4ede1efb358552135b432fb7047a) >Note: Run all test-cases in separate build (https://review.gluster.org/19574) > with same patch after enable brick mux forcefully, all test cases are > passed. BUG: 1549473 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> Change-Id: Ia10dc7f2605aa50f2b90b3fe4eb380ba9299e2fc 
Problem: At the time of stopping the volume while brick multiplex is
         enabled memory is not cleanup from all server side xlators.

Solution: To cleanup memory for all server side xlators call fini
          in glusterfs_handle_terminate after send GF_EVENT_CLEANUP
          notification to top xlator.

> BUG: 1544090
> Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
> (cherry picked from commit 7c3cc485054e4ede1efb358552135b432fb7047a)

>Note: Run all test-cases in separate build (https://review.gluster.org/19574)
>      with same patch after enable brick mux forcefully, all test cases are
>      passed.

BUG: 1549473
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
Change-Id: Ia10dc7f2605aa50f2b90b3fe4eb380ba9299e2fc
protocol/server: Backport patch to reduce duplicate code in server-rpc-fops.c 2018-02-27T10:09:10+00:00 Amar Tumballi amarts@redhat.com 2017-11-17T05:05:26+00:00 2774c08c879b15cad3fbcb6368ed1548d23bebd2 > Signed-off-by: Amar Tumballi <amarts@redhat.com> > (cherry picked from commit a81c0c2b9abdcb8ad73d0a226b53120d84082a09) BUG: 1549505 Change-Id: Ifad0a88245fa6fdbf4c43d813b47c314d2c50435 Signed-off-by: Mohit Agrawal <moagrawa@redhat.com> 
> Signed-off-by: Amar Tumballi <amarts@redhat.com>
> (cherry picked from commit a81c0c2b9abdcb8ad73d0a226b53120d84082a09)

BUG: 1549505
Change-Id: Ifad0a88245fa6fdbf4c43d813b47c314d2c50435
Signed-off-by: Mohit Agrawal <moagrawa@redhat.com>
protocol/server: fix the comparision logic in case of subdir mount 2017-11-06T11:43:42+00:00 Amar Tumballi amarts@redhat.com 2017-10-23T19:17:52+00:00 4b480579320d6c594123e44fbedcba71f8815947 without the fix, the stat entry on a file would return inode==1 for many files, in case of subdir mount This happened with the confusion of return value of 'gf_uuid_compare()', it is more like strcmp, instead of a gf_boolean return value, and hence resulted in the bug. Change-Id: I31b8cbd95eaa3af5ff916a969458e8e4020c86bb BUG: 1505527 Signed-off-by: Amar Tumballi <amarts@redhat.com> (cherry picked from commit 2ade36cd98ea0f5bd2a8f619a19c20438318afaf) 
without the fix, the stat entry on a file would return inode==1 for
many files, in case of subdir mount

This happened with the confusion of return value of 'gf_uuid_compare()',
it is more like strcmp, instead of a gf_boolean return value, and hence 
resulted in the bug.

Change-Id: I31b8cbd95eaa3af5ff916a969458e8e4020c86bb
BUG: 1505527
Signed-off-by: Amar Tumballi <amarts@redhat.com>
(cherry picked from commit 2ade36cd98ea0f5bd2a8f619a19c20438318afaf)
protocol/client: handle the subdir handshake properly for add-brick 2017-11-06T11:43:04+00:00 Amar Tumballi amarts@redhat.com 2017-10-22T07:11:38+00:00 a3aff30d92f8858b7acf3d7fb421e2a0a4dd7a79 There should be different way we handle handshake in case of subdir mount for the first time, and in case of subsequent graph changes. Change-Id: I2a7ba836433bb0a0f4a861809e2bb0d7fbc4da54 BUG: 1505323 Signed-off-by: Amar Tumballi <amarts@redhat.com> (cherry picked from commit 9aa574a51b84717c1f3949ed2e28a49e49840a93) 
There should be different way we handle handshake in case of subdir
mount for the first time, and in case of subsequent graph changes.

Change-Id: I2a7ba836433bb0a0f4a861809e2bb0d7fbc4da54
BUG: 1505323
Signed-off-by: Amar Tumballi <amarts@redhat.com>
(cherry picked from commit 9aa574a51b84717c1f3949ed2e28a49e49840a93)
protocol-auth: use the proper validation method 2017-10-25T11:35:25+00:00 Amar Tumballi amarts@redhat.com 2017-10-11T12:03:20+00:00 d7006089177d4ff73674ebe84ace651a3457f358 Currently, server protocol's init and glusterd's option validation methods are different, causing an issue. They should be same for having consistent behavior Change-Id: Ibbf9a18c7192b2d77f9b7675ae7da9b8d2fe5de4 BUG: 1501315 Signed-off-by: Amar Tumballi <amarts@redhat.com> 
Currently, server protocol's init and glusterd's option
validation methods are different, causing an issue. They
should be same for having consistent behavior

Change-Id: Ibbf9a18c7192b2d77f9b7675ae7da9b8d2fe5de4
BUG: 1501315
Signed-off-by: Amar Tumballi <amarts@redhat.com>