summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorkrishna <krishna@gluster.com>2011-08-05 15:25:16 +0530
committerAnand Avati <avati@gluster.com>2011-08-07 23:31:14 -0700
commit09ed778309cd4d4cdbc19ad7cbdcea3da7408a66 (patch)
treecd45c2af38330f9f50811f4826b989811bb2d973
parentd62c0abf597a2e77e3fb0cfa0d4598aedea64d33 (diff)
NFS server: allow clients to connect from insecure (>1024) ports and support for both rpc-auth-allow-insecure and rpc-auth.ports.insecure
Change-Id: I4e3fbfe37d6d3e8443d5b7b79faf6e364fdb87be BUG: 3296 Reviewed-on: http://review.gluster.com/178 Reviewed-by: Shishir Gowda <shishirng@gluster.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@gluster.com>
-rw-r--r--xlators/nfs/server/src/mount3.c36
-rw-r--r--xlators/nfs/server/src/nfs.c60
-rw-r--r--xlators/nfs/server/src/nfs.h1
3 files changed, 97 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c
index 76b96e7..ff9037c 100644
--- a/xlators/nfs/server/src/mount3.c
+++ b/xlators/nfs/server/src/mount3.c
@@ -1803,6 +1803,24 @@ mnt3svc_init (xlator_t *nfsx)
if (ret == -1)
goto err;
ret = dict_set_str (options, "transport-type", "socket");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+
+ if (nfs->allow_insecure) {
+ ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+ ret = dict_set_str (options, "rpc-auth.ports.insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+ }
+
rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name);
if (ret == -1) {
gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners");
@@ -1869,6 +1887,24 @@ mnt1svc_init (xlator_t *nfsx)
if (ret == -1)
goto err;
ret = dict_set_str (options, "transport-type", "socket");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+
+ if (nfs->allow_insecure) {
+ ret = dict_set_str (options, "rpc-auth-allow-insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+ ret = dict_set_str (options, "rpc-auth.ports.insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto err;
+ }
+ }
+
rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name);
if (ret == -1) {
gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners");
diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c
index 804fedb..1c38237 100644
--- a/xlators/nfs/server/src/nfs.c
+++ b/xlators/nfs/server/src/nfs.c
@@ -609,6 +609,66 @@ nfs_init_state (xlator_t *this)
goto free_foppool;
}
}
+
+ /* support both options rpc-auth.ports.insecure and
+ * rpc-auth-allow-insecure for backward compatibility
+ */
+ nfs->allow_insecure = 1;
+ if (dict_get(this->options, "rpc-auth.ports.insecure")) {
+ ret = dict_get_str (this->options, "rpc-auth.ports.insecure",
+ &optstr);
+ if (ret < 0) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+ goto free_foppool;
+ }
+
+ ret = gf_string2boolean (optstr, &boolt);
+ if (ret < 0) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool "
+ "string");
+ goto free_foppool;
+ }
+
+ if (boolt == _gf_false)
+ nfs->allow_insecure = 0;
+ }
+
+ if (dict_get(this->options, "rpc-auth-allow-insecure")) {
+ ret = dict_get_str (this->options, "rpc-auth-allow-insecure",
+ &optstr);
+ if (ret < 0) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict");
+ goto free_foppool;
+ }
+
+ ret = gf_string2boolean (optstr, &boolt);
+ if (ret < 0) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool "
+ "string");
+ goto free_foppool;
+ }
+
+ if (boolt == _gf_false)
+ nfs->allow_insecure = 0;
+ }
+
+ if (nfs->allow_insecure) {
+ /* blindly set both the options */
+ dict_del(this->options, "rpc-auth-allow-insecure");
+ ret = dict_set_str (this->options,
+ "rpc-auth-allow-insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto free_foppool;
+ }
+ dict_del(this->options, "rpc-auth.ports.insecure");
+ ret = dict_set_str (this->options,
+ "rpc-auth.ports.insecure", "on");
+ if (ret == -1) {
+ gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error");
+ goto free_foppool;
+ }
+ }
this->private = (void *)nfs;
INIT_LIST_HEAD (&nfs->versions);
diff --git a/xlators/nfs/server/src/nfs.h b/xlators/nfs/server/src/nfs.h
index d1ff3ba..a174ef1 100644
--- a/xlators/nfs/server/src/nfs.h
+++ b/xlators/nfs/server/src/nfs.h
@@ -75,6 +75,7 @@ struct nfs_state {
int dynamicvolumes;
int enable_ino32;
unsigned int override_portnum;
+ int allow_insecure;
};
#define gf_nfs_dvm_on(nfsstt) (((struct nfs_state *)nfsstt)->dynamicvolumes == GF_NFS_DVM_ON)