gNFS: Export / Netgroup authentication on Gluster NFS mount

* Parses linux style export file/netgroups file into a structure that
  can be lookedup.

* This parser turns each line into a structure called an "export
  directory". Each of these has a dictionary of hosts and netgroups
  which can be looked up during the mount authentication process.
  (See Change-Id Ic060aac and I7e6aa6bc)

* A string beginning withan '@' is treated as a netgroup and a string
  beginning without an @ is a host.
  (See Change-Id Ie04800d)

* This parser does not currently support all the options in the man page
  ('man exports'), but we can easily add them.

BUG: 1143880
URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication
Change-Id: I181e8c1814d6ef3cae5b4d88353622734f0c0f0b
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8758
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

1 files changed, 49 insertions, 0 deletions

diff --git a/xlators/nfs/server/src/nfs3-helpers.c b/xlators/nfs/server/src/nfs3-helpers.c
index f6c6eb52ad0..b122faf764d 100644
--- a/xlators/nfs/server/src/nfs3-helpers.c
+++ b/xlators/nfs/server/src/nfs3-helpers.c
@@ -27,6 +27,7 @@
 #include "nfs-mem-types.h"
 #include "iatt.h"
 #include "common-utils.h"
+#include "mount3.h"
 #include <string.h>
 
 extern int
@@ -3844,6 +3845,54 @@ out:
         return ret;
 }
 
+/**
+ * __nfs3_fh_auth_get_peer -- Get a peer name from the rpc request object
+ *
+ * @peer: Char * to write to
+ * @req : The request to get host/peer from
+ */
+int
+__nfs3_fh_auth_get_peer (const rpcsvc_request_t *req, char *peer)
+{
+        struct sockaddr_storage sastorage       = {0, };
+        rpc_transport_t         *trans          = NULL;
+        int                     ret             = 0;
+
+        /* Why do we pass in the peer here and then
+         * store it rather than malloc() and return a char * ? We want to avoid
+         * heap allocations in the IO path as much as possible for speed
+         * so we try to keep all allocations on the stack.
+         */
+        trans = rpcsvc_request_transport (req);
+        ret = rpcsvc_transport_peeraddr (trans, peer, RPCSVC_PEER_STRLEN,
+                                         &sastorage, sizeof (sastorage));
+        if (ret != 0) {
+                gf_log (GF_NFS3, GF_LOG_WARNING, "Failed to get peer addr: %s",
+                        gai_strerror (ret));
+        }
+        return ret;
+}
+
+/*
+ * nfs3_fh_auth_nfsop () -- Checks if an nfsop is authorized.
+ *
+ * @cs: The NFS call state containing all the relevant information
+ *
+ * @return: 0 if authorized
+ *          -EACCES for completely unauthorized fop
+ *          -EROFS  for unauthorized write operations (rm, mkdir, write)
+ */
+inline int
+nfs3_fh_auth_nfsop (nfs3_call_state_t *cs, gf_boolean_t is_write_op)
+{
+        struct nfs_state    *nfs = NULL;
+        struct mount3_state *ms  = NULL;
+
+        nfs = (struct nfs_state *)cs->nfsx->private;
+        ms  = (struct mount3_state *)nfs->mstate;
+        return  mnt3_authenticate_request (ms, cs->req, &cs->resolvefh, NULL,
+                                           NULL, NULL, NULL, is_write_op);
+}
 
 int
 nfs3_fh_resolve_and_resume (nfs3_call_state_t *cs, struct nfs3_fh *fh,