nfs: more fine grained authentication for the MOUNT protocol

The /etc/exports format for NFS-exports (see Change-Id I7e6aa6b) allows
a more fine grained control over the authentication. This change adds
the functions and structures that will be used in by Change-Id I181e8c1.

BUG: 1143880
Change-Id: Ic060aac7c52d91e08519b222ba46383c94665ce7
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>

2 files changed, 70 insertions, 0 deletions

diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c
index cfbf3191eef..6dcfc098dc2 100644
--- a/libglusterfs/src/common-utils.c
+++ b/libglusterfs/src/common-utils.c
@@ -1688,6 +1688,75 @@ out:
         return ret;
 }
 
+/**
+ * gf_is_ip_in_net -- Checks if an IP Address is in a network.
+ *                    A network should be specified by something like
+ *                    '10.5.153.0/24' (in CIDR notation).
+ *
+ * @result : Sets to true if the IP is in the network
+ * @ip_str : The IP to check
+ * @network: The network to check the IP against.
+ *
+ * @return: success: 0
+ *          failure: -EINVAL for bad args, retval of inet_pton otherwise
+ */
+gf_boolean_t
+gf_is_ip_in_net (const char *network, const char *ip_str)
+{
+        unsigned long ip_buf       = 0;
+        unsigned long net_ip_buf   = 0;
+        unsigned long subnet_mask  = 0;
+        int           ret          = -EINVAL;
+        char          *slash       = NULL;
+        char          *net_ip      = NULL;
+        char          *subnet      = NULL;
+        char          *net_str     = NULL;
+        int           family       = AF_INET;
+        gf_boolean_t  result       = _gf_false;
+
+        GF_ASSERT (network);
+        GF_ASSERT (ip_str);
+
+        if (strchr (network, ':'))
+                family = AF_INET6;
+        else if (strchr (network, '.'))
+                family = AF_INET;
+        else {
+                family = -1;
+                goto out;
+        }
+
+        net_str = strdupa (network);
+        slash = strchr (net_str, '/');
+        if (!slash)
+                goto out;
+        *slash = '\0';
+
+        subnet = slash + 1;
+        net_ip = net_str;
+
+        /* Convert IP address to a long */
+        ret = inet_pton (family, ip_str, &ip_buf);
+        if (ret < 0)
+                gf_log ("common-utils", GF_LOG_ERROR,
+                        "inet_pton() failed with %s", strerror (errno));
+
+        /* Convert network IP address to a long */
+        ret = inet_pton (family, net_ip, &net_ip_buf);
+        if (ret < 0) {
+                gf_log ("common-utils", GF_LOG_ERROR,
+                        "inet_pton() failed with %s", strerror (errno));
+                goto out;
+        }
+
+        /* Converts /x into a mask */
+        subnet_mask = (1 << atoi (subnet)) - 1;
+
+        result = ((ip_buf & subnet_mask) == (net_ip_buf & subnet_mask));
+out:
+        return result;
+}
+
 char *
 strtail (char *str, const char *pattern)
 {
diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h
index 71ff9eab5de..64544126836 100644
--- a/libglusterfs/src/common-utils.h
+++ b/libglusterfs/src/common-utils.h
@@ -618,6 +618,7 @@ void skip_word (char **str);
 char *get_nth_word (const char *str, int n);
 
 gf_boolean_t mask_match (const uint32_t a, const uint32_t b, const uint32_t m);
+gf_boolean_t gf_is_ip_in_net (const char *network, const char *ip_str);
 char valid_host_name (char *address, int length);
 char valid_ipv4_address (char *address, int length, gf_boolean_t wildcard_acc);
 char valid_ipv6_address (char *address, int length, gf_boolean_t wildcard_acc);