protocol/server: do not do root-squashing for trusted clients

* As of now clients mounting within the storage pool using that machine's ip/hostname are trusted clients (i.e clients local to the glusterd). * Be careful when the request itself comes in as nfsnobody (ex: posix tests). So move the squashing part to protocol/server when it creates a new frame for the request, instead of auth part of rpc layer. * For nfs servers do root-squashing without checking if it is trusted client, as all the nfs servers would be running within the storage pool, hence will be trusted clients for the bricks. * Provide one more option for mounting which actually says root-squash should/should not happen. This value is given priority only for the trusted clients. For non trusted clients, the volume option takes the priority. But for trusted clients if root-squash should not happen, then they have to be mounted with root-squash=no option. (This is done because by default blocking root-squashing for the trusted clients will cause problems for smb and UFO clients for which the requests have to be squashed if the option is enabled). * For geo-replication and defrag clients do not do root-squashing. * Introduce a new option in open-behind for doing read after successful open. Change-Id: I8a8359840313dffc34824f3ea80a9c48375067f0 BUG: 954057 Signed-off-by: Raghavendra Bhat <raghavendra@redhat.com> Reviewed-on: http://review.gluster.org/4863 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
author: Raghavendra Bhat <raghavendra@redhat.com> 2013-04-19 12:27:03 +0530
committer: Vijay Bellur <vbellur@redhat.com> 2014-02-10 23:32:05 -0800
commit: 28209283a67f13802cc0c1d3df07c676926810a2 (patch)
tree: 5cf62085fa1a4bbc6d76eb1763f343c6116ea195 /glusterfsd
parent: 97ce783de326b51fcba65737f07db2c314d1e218 (diff)
2 files changed, 34 insertions, 0 deletions
diff --git a/glusterfsd/src/glusterfsd.c b/glusterfsd/src/glusterfsd.c
index 098a9169aa4..c47d2ca3fc2 100644
--- a/glusterfsd/src/glusterfsd.c
+++ b/glusterfsd/src/glusterfsd.c
@@ -192,6 +192,9 @@ static struct argp_option gf_options[] = {
 	 "[default: 48]"},
         {"client-pid", ARGP_CLIENT_PID_KEY, "PID", OPTION_HIDDEN,
          "client will authenticate itself with process id PID to server"},
+        {"no-root-squash", ARGP_FUSE_NO_ROOT_SQUASH_KEY, "BOOL",
+         OPTION_ARG_OPTIONAL, "disable/enable root squashing for the trusted "
+         "client"},
         {"user-map-root", ARGP_USER_MAP_ROOT_KEY, "USER", OPTION_HIDDEN,
          "replace USER with root in messages"},
         {"dump-fuse", ARGP_DUMP_FUSE_KEY, "PATH", 0,
@@ -467,6 +470,32 @@ set_fuse_mount_options (glusterfs_ctx_t *ctx, dict_t *options)
                 break;
         }
 
+        switch (cmd_args->no_root_squash) {
+        case GF_OPTION_ENABLE: /* enable */
+                ret = dict_set_static_ptr (options, "no-root-squash",
+                                           "enable");
+                if (ret < 0) {
+                        gf_log ("glusterfsd", GF_LOG_ERROR,
+                                "failed to set 'enable' for key "
+                                "no-root-squash");
+                        goto err;
+                }
+                break;
+        case GF_OPTION_DISABLE: /* disable/default */
+        default:
+                ret = dict_set_static_ptr (options, "no-root-squash",
+                                           "disable");
+                if (ret < 0) {
+                        gf_log ("glusterfsd", GF_LOG_ERROR,
+                                "failed to set 'disable' for key "
+                                "no-root-squash");
+                        goto err;
+                }
+                gf_log ("", GF_LOG_DEBUG, "fuse no-root-squash mode %d",
+                        cmd_args->no_root_squash);
+                break;
+        }
+
         if (!cmd_args->no_daemon_mode) {
                 ret = dict_set_static_ptr (options, "sync-to-mount",
                                            "enable");
@@ -900,6 +929,10 @@ parse_opts (int key, char *arg, struct argp_state *state)
                               "unknown direct I/O mode setting \"%s\"", arg);
                 break;
 
+        case ARGP_FUSE_NO_ROOT_SQUASH_KEY:
+                cmd_args->no_root_squash = _gf_true;
+                break;
+
         case ARGP_ENTRY_TIMEOUT_KEY:
                 d = 0.0;
 
diff --git a/glusterfsd/src/glusterfsd.h b/glusterfsd/src/glusterfsd.h
index 9e2a0e56e6f..ad4c3699b56 100644
--- a/glusterfsd/src/glusterfsd.h
+++ b/glusterfsd/src/glusterfsd.h
@@ -84,6 +84,7 @@ enum argp_option_keys {
 	ARGP_FUSE_MOUNTOPTS_KEY		  = 164,
         ARGP_FUSE_USE_READDIRP_KEY        = 165,
 	ARGP_AUX_GFID_MOUNT_KEY		  = 166,
+        ARGP_FUSE_NO_ROOT_SQUASH_KEY      = 167,
 };
 
 struct _gfd_vol_top_priv_t {
author	Raghavendra Bhat <raghavendra@redhat.com>	2013-04-19 12:27:03 +0530
committer	Vijay Bellur <vbellur@redhat.com>	2014-02-10 23:32:05 -0800
commit	28209283a67f13802cc0c1d3df07c676926810a2 (patch)
tree	5cf62085fa1a4bbc6d76eb1763f343c6116ea195 /glusterfsd
parent	97ce783de326b51fcba65737f07db2c314d1e218 (diff)