diff options
| author | Prasanna Kumar Kalever <prasanna.kalever@redhat.com> | 2015-08-21 00:08:23 +0530 |
|---|---|---|
| committer | Raghavendra G <rgowdapp@redhat.com> | 2015-10-13 09:05:37 -0700 |
| commit | b8ba012da0cf276329025e30b36f43624548f7f1 (patch) | |
| tree | e84232d67a63f56e01fa638ee063bf48e9b788c5 /rpc | |
| parent | 1a1b00fcd0ec199d19652d8fceb9465cc4edf189 (diff) | |
server/protocol: option for dynamic authorization of client permissions
problem:
assuming gluster volume is already mounted (for gfapi: say client transport
connection has already established), now if somebody change the volume
permissions say *.allow | *.reject for a client, gluster should allow/terminate
the client connection based on the fresh set of volume options immediately,
but in existing scenario neither we have any option to set this behaviour nor
we take any action until and unless we remount the volume manually
solution:
Introduce 'dynamic-auth' option (default: on).
If 'dynamic-auth' is 'on' gluster will perform dynamic authentication to
allow/terminate client transport connection immediately in response to
*.allow | *.reject volume set options, thus if volume permissions have changed
for a particular client (say client is added to auth.reject list), his
transport connection to gluster volume will be terminated immediately.
Backport of:
> Change-Id: I6243a6db41bf1e0babbf050a8e4f8620732e00d8
> BUG: 1245380
> Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
> Reviewed-on: http://review.gluster.org/12229
> Tested-by: NetBSD Build System <jenkins@build.gluster.org>
> Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
> (cherry picked from commit 84e90b756566bc211535a8627ed16d4231110ade)
Change-Id: If7e5c9be912412ea388391ef406ee2c8bedb26b8
BUG: 1271065
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/12343
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
Diffstat (limited to 'rpc')
| -rw-r--r-- | rpc/rpc-lib/src/rpc-transport.c | 2 | ||||
| -rw-r--r-- | rpc/rpc-lib/src/rpc-transport.h | 2 |
2 files changed, 4 insertions, 0 deletions
diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c index 0a791abfddd..bf4fcad09ff 100644 --- a/rpc/rpc-lib/src/rpc-transport.c +++ b/rpc/rpc-lib/src/rpc-transport.c @@ -463,6 +463,8 @@ rpc_transport_destroy (rpc_transport_t *this) GF_VALIDATE_OR_GOTO("rpc_transport", this, fail); + if (this->clnt_options) + dict_unref (this->clnt_options); if (this->options) dict_unref (this->options); if (this->fini) diff --git a/rpc/rpc-lib/src/rpc-transport.h b/rpc/rpc-lib/src/rpc-transport.h index d0572a16333..97eeff2a3e3 100644 --- a/rpc/rpc-lib/src/rpc-transport.h +++ b/rpc/rpc-lib/src/rpc-transport.h @@ -215,6 +215,8 @@ struct rpc_transport { int bind_insecure; void *dl_handle; /* handle of dlopen() */ char *ssl_name; + dict_t *clnt_options; /* store options received from + * client */ }; struct rpc_transport_ops { |