diff options
| author | David Wolinsky <davidiw@fb.com> | 2015-10-07 15:13:31 -0700 |
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2017-07-13 00:54:16 +0000 |
| commit | e8029ec1fc205b5dace0c29ae3d1fe5b960e54fc (patch) | |
| tree | bb077cd22b4ffd3b16128a94eb8237d119a9acdf /xlators/nfs/server/src/nfs.c | |
| parent | 90d375de2e1ea49468c432126babbaee66d85fc0 (diff) | |
[nfs] exports_auth per (sub) volume
Summary:
- exports_auth changed to a per-volume option
- parse exports_auth in nfs3.c
- set nfs3_export state for exports_auth
- all calls into mnt3_authenticate_request must pass in volname
- volname is checked to determine if auth is enabled for that volume
Test Plan: manual testing, will look into unit testing
Reviewers: rwareing, sshreyas
Reviewed By: sshreyas
Subscribers: rappleye
Differential Revision: https://phabricator.fb.com/D2519423
Tasks: 6863942
Change-Id: Ia9fd92ca5a5bd4cbb57e9ce61075f024ab7dbc27
Signature: t1:2519423:1444775772:24dc39e22684784b75899e97e9d1e294b059a077
Signed-off-by: Jeff Darcy <jdarcy@fb.com>
Reviewed-on: https://review.gluster.org/17762
Tested-by: Jeff Darcy <jeff@pl.atyp.us>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
Diffstat (limited to 'xlators/nfs/server/src/nfs.c')
| -rw-r--r-- | xlators/nfs/server/src/nfs.c | 42 |
1 files changed, 28 insertions, 14 deletions
diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c index d5087f195ca..f2e202d0510 100644 --- a/xlators/nfs/server/src/nfs.c +++ b/xlators/nfs/server/src/nfs.c @@ -369,24 +369,24 @@ nfs_add_all_initiators (struct nfs_state *nfs) int ret = 0; /* Add the initializers for all versions. */ - ret = nfs_add_initer (&nfs->versions, mnt3svc_init, _gf_true); + ret = nfs_add_initer (&nfs->versions, mnt1svc_init, _gf_true); if (ret == -1) { gf_msg (GF_NFS, GF_LOG_ERROR, 0, NFS_MSG_PROT_INIT_ADD_FAIL, - "Failed to add MOUNT3 protocol initializer"); + "Failed to add MOUNT1 protocol initializer"); goto ret; } - ret = nfs_add_initer (&nfs->versions, mnt1svc_init, _gf_true); + ret = nfs_add_initer (&nfs->versions, nfs3svc_init, _gf_true); if (ret == -1) { gf_msg (GF_NFS, GF_LOG_ERROR, 0, NFS_MSG_PROT_INIT_ADD_FAIL, - "Failed to add MOUNT1 protocol initializer"); + "Failed to add NFS3 protocol initializer"); goto ret; } - ret = nfs_add_initer (&nfs->versions, nfs3svc_init, _gf_true); + ret = nfs_add_initer (&nfs->versions, mnt3svc_init, _gf_true); if (ret == -1) { gf_msg (GF_NFS, GF_LOG_ERROR, 0, NFS_MSG_PROT_INIT_ADD_FAIL, - "Failed to add NFS3 protocol initializer"); + "Failed to add MOUNT3 protocol initializer"); goto ret; } @@ -957,24 +957,22 @@ nfs_init_state (xlator_t *this) } nfs->exports_auth = GF_NFS_DEFAULT_EXPORT_AUTH; - if (dict_get(this->options, "nfs.exports-auth-enable")) { + if (dict_get (this->options, "nfs.exports-auth-enable")) { ret = dict_get_str (this->options, "nfs.exports-auth-enable", &optstr); if (ret == -1) { - gf_msg (GF_NFS, GF_LOG_ERROR, -ret, NFS_MSG_PARSE_FAIL, - "Failed to parse dict"); + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict"); goto free_foppool; } ret = gf_string2boolean (optstr, &boolt); if (ret < 0) { - gf_msg (GF_NFS, GF_LOG_ERROR, errno, NFS_MSG_PARSE_FAIL, - "Failed to parse bool string"); + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool " + "string"); goto free_foppool; } - if (boolt == _gf_true) - nfs->exports_auth = 1; + nfs->exports_auth = boolt; } nfs->auth_refresh_time_secs = GF_NFS_DEFAULT_AUTH_REFRESH_INTERVAL_SEC; @@ -1214,6 +1212,7 @@ nfs_reconfigure_state (xlator_t *this, dict_t *options) "nfs.transport-type", "nfs.mem-factor", NULL}; + char *exports_auth_enable = NULL; GF_VALIDATE_OR_GOTO (GF_NFS, this, out); GF_VALIDATE_OR_GOTO (GF_NFS, this->private, out); @@ -1293,6 +1292,21 @@ nfs_reconfigure_state (xlator_t *this, dict_t *options) "Reconfigured nfs.mount-rmtab path: %s", nfs->rmtab); } + /* reconfig nfs.exports-auth-enable */ + if (dict_get (options, "nfs.exports-auth-enable")) { + ret = dict_get_str (options, "nfs.exports-auth-enable", + &exports_auth_enable); + if (ret < 0) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to read " + "reconfigured option: nfs.exports-auth-enable"); + goto out; + } + ret = gf_string2int (exports_auth_enable, &nfs->exports_auth); + if (ret < 0) { + goto out; + } + } + GF_OPTION_RECONF (OPT_SERVER_AUX_GIDS, optbool, options, bool, out); if (nfs->server_aux_gids != optbool) { @@ -2099,7 +2113,7 @@ struct volume_options options[] = { .description = "Sets the number of non-idempotent " "requests to cache in drc" }, - { .key = {"nfs.exports-auth-enable"}, + { .key = {"nfs.*.exports-auth-enable"}, .type = GF_OPTION_TYPE_BOOL, .description = "Set the option to 'on' to enable exports/netgroup " "authentication in the NFS server and mount daemon." |