From 09ed778309cd4d4cdbc19ad7cbdcea3da7408a66 Mon Sep 17 00:00:00 2001 From: krishna Date: Fri, 5 Aug 2011 15:25:16 +0530 Subject: NFS server: allow clients to connect from insecure (>1024) ports and support for both rpc-auth-allow-insecure and rpc-auth.ports.insecure Change-Id: I4e3fbfe37d6d3e8443d5b7b79faf6e364fdb87be BUG: 3296 Reviewed-on: http://review.gluster.com/178 Reviewed-by: Shishir Gowda Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/nfs/server/src/mount3.c | 36 +++++++++++++++++++++++++ xlators/nfs/server/src/nfs.c | 60 +++++++++++++++++++++++++++++++++++++++++ xlators/nfs/server/src/nfs.h | 1 + 3 files changed, 97 insertions(+) diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c index 76b96e71303..ff9037ccf2a 100644 --- a/xlators/nfs/server/src/mount3.c +++ b/xlators/nfs/server/src/mount3.c @@ -1803,6 +1803,24 @@ mnt3svc_init (xlator_t *nfsx) if (ret == -1) goto err; ret = dict_set_str (options, "transport-type", "socket"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + + if (nfs->allow_insecure) { + ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + ret = dict_set_str (options, "rpc-auth.ports.insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + } + rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name); if (ret == -1) { gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners"); @@ -1869,6 +1887,24 @@ mnt1svc_init (xlator_t *nfsx) if (ret == -1) goto err; ret = dict_set_str (options, "transport-type", "socket"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + + if (nfs->allow_insecure) { + ret = dict_set_str (options, "rpc-auth-allow-insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + ret = dict_set_str (options, "rpc-auth.ports.insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto err; + } + } + rpcsvc_create_listeners (nfs->rpcsvc, options, nfsx->name); if (ret == -1) { gf_log (GF_NFS, GF_LOG_ERROR, "Unable to create listeners"); diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c index 804fedb8622..1c38237fd24 100644 --- a/xlators/nfs/server/src/nfs.c +++ b/xlators/nfs/server/src/nfs.c @@ -609,6 +609,66 @@ nfs_init_state (xlator_t *this) goto free_foppool; } } + + /* support both options rpc-auth.ports.insecure and + * rpc-auth-allow-insecure for backward compatibility + */ + nfs->allow_insecure = 1; + if (dict_get(this->options, "rpc-auth.ports.insecure")) { + ret = dict_get_str (this->options, "rpc-auth.ports.insecure", + &optstr); + if (ret < 0) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict"); + goto free_foppool; + } + + ret = gf_string2boolean (optstr, &boolt); + if (ret < 0) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool " + "string"); + goto free_foppool; + } + + if (boolt == _gf_false) + nfs->allow_insecure = 0; + } + + if (dict_get(this->options, "rpc-auth-allow-insecure")) { + ret = dict_get_str (this->options, "rpc-auth-allow-insecure", + &optstr); + if (ret < 0) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse dict"); + goto free_foppool; + } + + ret = gf_string2boolean (optstr, &boolt); + if (ret < 0) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to parse bool " + "string"); + goto free_foppool; + } + + if (boolt == _gf_false) + nfs->allow_insecure = 0; + } + + if (nfs->allow_insecure) { + /* blindly set both the options */ + dict_del(this->options, "rpc-auth-allow-insecure"); + ret = dict_set_str (this->options, + "rpc-auth-allow-insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto free_foppool; + } + dict_del(this->options, "rpc-auth.ports.insecure"); + ret = dict_set_str (this->options, + "rpc-auth.ports.insecure", "on"); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "dict_set_str error"); + goto free_foppool; + } + } this->private = (void *)nfs; INIT_LIST_HEAD (&nfs->versions); diff --git a/xlators/nfs/server/src/nfs.h b/xlators/nfs/server/src/nfs.h index d1ff3ba2800..a174ef13b4a 100644 --- a/xlators/nfs/server/src/nfs.h +++ b/xlators/nfs/server/src/nfs.h @@ -75,6 +75,7 @@ struct nfs_state { int dynamicvolumes; int enable_ino32; unsigned int override_portnum; + int allow_insecure; }; #define gf_nfs_dvm_on(nfsstt) (((struct nfs_state *)nfsstt)->dynamicvolumes == GF_NFS_DVM_ON) -- cgit