diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-15 07:01:38 -0700 |
commit | aa66b8404f45712c45d75d6a2a37f32e2792cc83 (patch) | |
tree | 11d7a95bd6286204ec0ec33e4cdd8ba0c5b48028 /xlators/nfs/server/src/nfs3-helpers.c | |
parent | aac1ec0a61d9267b6ae7a280b368dfd357b7dcdc (diff) |
gNFS: Export / Netgroup authentication on Gluster NFS mount
* Parses linux style export file/netgroups file into a structure that
can be lookedup.
* This parser turns each line into a structure called an "export
directory". Each of these has a dictionary of hosts and netgroups
which can be looked up during the mount authentication process.
(See Change-Id Ic060aac and I7e6aa6bc)
* A string beginning withan '@' is treated as a netgroup and a string
beginning without an @ is a host.
(See Change-Id Ie04800d)
* This parser does not currently support all the options in the man page
('man exports'), but we can easily add them.
BUG: 1143880
URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication
Change-Id: I181e8c1814d6ef3cae5b4d88353622734f0c0f0b
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8758
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/nfs/server/src/nfs3-helpers.c')
-rw-r--r-- | xlators/nfs/server/src/nfs3-helpers.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c index f6c6eb52ad0..b122faf764d 100644 --- a/xlators/nfs/server/src/nfs3-helpers.c +++ b/xlators/nfs/server/src/nfs3-helpers.c @@ -27,6 +27,7 @@ #include "nfs-mem-types.h" #include "iatt.h" #include "common-utils.h" +#include "mount3.h" #include <string.h> extern int @@ -3844,6 +3845,54 @@ out: return ret; } +/** + * __nfs3_fh_auth_get_peer -- Get a peer name from the rpc request object + * + * @peer: Char * to write to + * @req : The request to get host/peer from + */ +int +__nfs3_fh_auth_get_peer (const rpcsvc_request_t *req, char *peer) +{ + struct sockaddr_storage sastorage = {0, }; + rpc_transport_t *trans = NULL; + int ret = 0; + + /* Why do we pass in the peer here and then + * store it rather than malloc() and return a char * ? We want to avoid + * heap allocations in the IO path as much as possible for speed + * so we try to keep all allocations on the stack. + */ + trans = rpcsvc_request_transport (req); + ret = rpcsvc_transport_peeraddr (trans, peer, RPCSVC_PEER_STRLEN, + &sastorage, sizeof (sastorage)); + if (ret != 0) { + gf_log (GF_NFS3, GF_LOG_WARNING, "Failed to get peer addr: %s", + gai_strerror (ret)); + } + return ret; +} + +/* + * nfs3_fh_auth_nfsop () -- Checks if an nfsop is authorized. + * + * @cs: The NFS call state containing all the relevant information + * + * @return: 0 if authorized + * -EACCES for completely unauthorized fop + * -EROFS for unauthorized write operations (rm, mkdir, write) + */ +inline int +nfs3_fh_auth_nfsop (nfs3_call_state_t *cs, gf_boolean_t is_write_op) +{ + struct nfs_state *nfs = NULL; + struct mount3_state *ms = NULL; + + nfs = (struct nfs_state *)cs->nfsx->private; + ms = (struct mount3_state *)nfs->mstate; + return mnt3_authenticate_request (ms, cs->req, &cs->resolvefh, NULL, + NULL, NULL, NULL, is_write_op); +} int nfs3_fh_resolve_and_resume (nfs3_call_state_t *cs, struct nfs3_fh *fh, |