From d6e5c6d8c489063df5aca8998903e11afee8439d Mon Sep 17 00:00:00 2001 From: Rajesh Amaravathi Date: Mon, 3 Jun 2013 16:44:21 +0530 Subject: nfs: option to disable acl 1. Option to disable or enable acl with nfs.acl boolean option. 2. Deregister the acl service with the portmapper service when no longer required. Change-Id: I6562b6b40138d040aa2bf1e5641f4c0e0e9f9d09 BUG: 970070 Signed-off-by: Rajesh Amaravathi Reviewed-on: http://review.gluster.org/5136 Reviewed-by: Rajesh Joseph Tested-by: Gluster Build System Reviewed-by: Anand Avati --- xlators/mgmt/glusterd/src/glusterd-utils.c | 7 +++++++ xlators/mgmt/glusterd/src/glusterd-volume-set.c | 6 ++++++ xlators/nfs/server/src/nfs.c | 25 +++++++++++++++++++------ xlators/nfs/server/src/nfs.h | 1 + 4 files changed, 33 insertions(+), 6 deletions(-) (limited to 'xlators') diff --git a/xlators/mgmt/glusterd/src/glusterd-utils.c b/xlators/mgmt/glusterd/src/glusterd-utils.c index ea5799ae6..a732d28d0 100644 --- a/xlators/mgmt/glusterd/src/glusterd-utils.c +++ b/xlators/mgmt/glusterd/src/glusterd-utils.c @@ -70,6 +70,9 @@ #define NLMV4_VERSION 4 #define NLMV1_VERSION 1 +#define ACL_PROGRAM 100227 +#define ACLV3_VERSION 3 + #define CEILING_POS(X) (((X)-(int)(X)) > 0 ? (int)((X)+1) : (int)(X)) static glusterd_lock_t lock; @@ -3677,6 +3680,10 @@ glusterd_nfs_pmap_deregister () else gf_log ("", GF_LOG_ERROR, "De-registration of NLM v1 failed"); + if (pmap_unset (ACL_PROGRAM, ACLV3_VERSION)) + gf_log ("", GF_LOG_INFO, "De-registered ACL v3 successfully"); + else + gf_log ("", GF_LOG_ERROR, "De-registration of ACL v3 failed"); } int diff --git a/xlators/mgmt/glusterd/src/glusterd-volume-set.c b/xlators/mgmt/glusterd/src/glusterd-volume-set.c index 6d1715bc8..f112ccfc2 100644 --- a/xlators/mgmt/glusterd/src/glusterd-volume-set.c +++ b/xlators/mgmt/glusterd/src/glusterd-volume-set.c @@ -1146,6 +1146,12 @@ struct volopt_map_entry glusterd_volopt_map[] = { .type = GLOBAL_DOC, .op_version = 1 }, + { .key = "nfs.acl", + .voltype = "nfs/server", + .option = "nfs.acl", + .type = GLOBAL_DOC, + .op_version = 2 + }, { .key = "nfs.mount-udp", .voltype = "nfs/server", .option = "nfs.mount-udp", diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c index 8bb3fccf2..7b36d59e8 100644 --- a/xlators/nfs/server/src/nfs.c +++ b/xlators/nfs/server/src/nfs.c @@ -190,11 +190,13 @@ nfs_add_all_initiators (struct nfs_state *nfs) } } - ret = nfs_add_initer (&nfs->versions, acl3svc_init); - if (ret == -1) { - gf_log (GF_NFS, GF_LOG_ERROR, "Failed to add protocol" - " initializer"); - goto ret; + if (nfs->enable_acl == _gf_true) { + ret = nfs_add_initer (&nfs->versions, acl3svc_init); + if (ret == -1) { + gf_log (GF_NFS, GF_LOG_ERROR, "Failed to add " + "ACL protocol initializer"); + goto ret; + } } ret = 0; @@ -604,6 +606,13 @@ nfs_init_state (xlator_t *this) } } + nfs->enable_acl = _gf_true; + ret = dict_get_str_boolean (this->options, "nfs.acl", _gf_true); + if (ret == _gf_false) { + gf_log (GF_NFS, GF_LOG_INFO, "ACL is manually disabled"); + nfs->enable_acl = _gf_false; + } + nfs->enable_ino32 = 0; if (dict_get (this->options, "nfs.enable-ino32")) { ret = dict_get_str (this->options, "nfs.enable-ino32", @@ -1300,7 +1309,11 @@ struct volume_options options[] = { .description = "Number of seconds to cache auxiliary-GID data, when " OPT_SERVER_AUX_GIDS " is set." }, - + { .key = {"nfs.acl"}, + .type = GF_OPTION_TYPE_BOOL, + .default_value = "on", + .description = "This option is used to control ACL support for NFS." + }, { .key = {NULL} }, }; diff --git a/xlators/nfs/server/src/nfs.h b/xlators/nfs/server/src/nfs.h index 7d5163dfe..936d929be 100644 --- a/xlators/nfs/server/src/nfs.h +++ b/xlators/nfs/server/src/nfs.h @@ -86,6 +86,7 @@ struct nfs_state { unsigned int override_portnum; int allow_insecure; int enable_nlm; + int enable_acl; int mount_udp; struct rpc_clnt *rpc_clnt; gf_boolean_t server_aux_gids; -- cgit