shared storage: Prevent mounting shared storage from non-trusted client

gluster shared storage is a volume used for internal storage for various features including ganesha, geo-rep, snapshot. So this volume should not be exposed to the client, as it is a special volume for internal use. This fix wont't generate non trusted volfile for shared storage volume. Change-Id: I8ffe30ae99ec05196d75466210b84db311611a4c fixes: bz#1568844 BUG: 1568844 Signed-off-by: Mohammed Rafi KC <rkavunga@redhat.com>
author: Mohammed Rafi KC <rkavunga@redhat.com> 2018-03-26 20:27:34 +0530
committer: ShyamsundarR <srangana@redhat.com> 2018-04-20 16:44:06 -0400
commit: 3dbb6b5d6093357ed430fba4cc17ac2d8eb99b32 (patch)
tree: 78b4b5c6cb9505618c2fd0e0bf82e8b281136705
parent: 408a6d07ababde234ddeafe16687aacd2b810b42 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/xlators/mgmt/glusterd/src/glusterd-volgen.c b/xlators/mgmt/glusterd/src/glusterd-volgen.c
index f31311b3b5f..60014e02061 100644
--- a/xlators/mgmt/glusterd/src/glusterd-volgen.c
+++ b/xlators/mgmt/glusterd/src/glusterd-volgen.c
@@ -6104,6 +6104,7 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
         int                i                  = 0;
         int                ret                = -1;
         char               filepath[PATH_MAX] = {0,};
+        char               *volname           = NULL;
         char               *types[]           = {NULL, NULL, NULL};
         dict_t             *dict              = NULL;
         xlator_t           *this              = NULL;
@@ -6111,6 +6112,26 @@ generate_client_volfiles (glusterd_volinfo_t *volinfo,
 
         this = THIS;
 
+        volname = volinfo->is_snap_volume ?
+                  volinfo->parent_volname : volinfo->volname;
+
+
+        if (volname && !strcmp (volname, GLUSTER_SHARED_STORAGE) &&
+             client_type != GF_CLIENT_TRUSTED) {
+                /*
+                 * shared storage volume cannot be mounted from non trusted
+                 * nodes. So we are not creating volfiles for non-trusted
+                 * clients for shared volumes as well as snapshot of shared
+                 * volumes.
+                 */
+
+                ret = 0;
+                gf_msg_debug ("glusterd", 0, "Skipping the non-trusted volfile"
+                               "creation for shared storage volume. Volume %s",
+                               volname);
+                goto out;
+        }
+
         enumerate_transport_reqs (volinfo->transport_type, types);
         dict = dict_new ();
         if (!dict)
author	Mohammed Rafi KC <rkavunga@redhat.com>	2018-03-26 20:27:34 +0530
committer	ShyamsundarR <srangana@redhat.com>	2018-04-20 16:44:06 -0400
commit	3dbb6b5d6093357ed430fba4cc17ac2d8eb99b32 (patch)
tree	78b4b5c6cb9505618c2fd0e0bf82e8b281136705
parent	408a6d07ababde234ddeafe16687aacd2b810b42 (diff)