diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-15 01:37:22 -0700 |
commit | 1cb3b1abeda53bb430bbe1490fac154337ac9994 (patch) | |
tree | 0b1092562b002389c60f4d74af13aef822766f1c /libglusterfs | |
parent | 0c3d3a796bda37d8439855baf00137ad17714620 (diff) |
nfs: more fine grained authentication for the MOUNT protocol
The /etc/exports format for NFS-exports (see Change-Id I7e6aa6b) allows
a more fine grained control over the authentication. This change adds
the functions and structures that will be used in by Change-Id I181e8c1.
BUG: 1143880
Change-Id: Ic060aac7c52d91e08519b222ba46383c94665ce7
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'libglusterfs')
-rw-r--r-- | libglusterfs/src/common-utils.c | 69 | ||||
-rw-r--r-- | libglusterfs/src/common-utils.h | 1 |
2 files changed, 70 insertions, 0 deletions
diff --git a/libglusterfs/src/common-utils.c b/libglusterfs/src/common-utils.c index cfbf3191eef..6dcfc098dc2 100644 --- a/libglusterfs/src/common-utils.c +++ b/libglusterfs/src/common-utils.c @@ -1688,6 +1688,75 @@ out: return ret; } +/** + * gf_is_ip_in_net -- Checks if an IP Address is in a network. + * A network should be specified by something like + * '10.5.153.0/24' (in CIDR notation). + * + * @result : Sets to true if the IP is in the network + * @ip_str : The IP to check + * @network: The network to check the IP against. + * + * @return: success: 0 + * failure: -EINVAL for bad args, retval of inet_pton otherwise + */ +gf_boolean_t +gf_is_ip_in_net (const char *network, const char *ip_str) +{ + unsigned long ip_buf = 0; + unsigned long net_ip_buf = 0; + unsigned long subnet_mask = 0; + int ret = -EINVAL; + char *slash = NULL; + char *net_ip = NULL; + char *subnet = NULL; + char *net_str = NULL; + int family = AF_INET; + gf_boolean_t result = _gf_false; + + GF_ASSERT (network); + GF_ASSERT (ip_str); + + if (strchr (network, ':')) + family = AF_INET6; + else if (strchr (network, '.')) + family = AF_INET; + else { + family = -1; + goto out; + } + + net_str = strdupa (network); + slash = strchr (net_str, '/'); + if (!slash) + goto out; + *slash = '\0'; + + subnet = slash + 1; + net_ip = net_str; + + /* Convert IP address to a long */ + ret = inet_pton (family, ip_str, &ip_buf); + if (ret < 0) + gf_log ("common-utils", GF_LOG_ERROR, + "inet_pton() failed with %s", strerror (errno)); + + /* Convert network IP address to a long */ + ret = inet_pton (family, net_ip, &net_ip_buf); + if (ret < 0) { + gf_log ("common-utils", GF_LOG_ERROR, + "inet_pton() failed with %s", strerror (errno)); + goto out; + } + + /* Converts /x into a mask */ + subnet_mask = (1 << atoi (subnet)) - 1; + + result = ((ip_buf & subnet_mask) == (net_ip_buf & subnet_mask)); +out: + return result; +} + char * strtail (char *str, const char *pattern) { diff --git a/libglusterfs/src/common-utils.h b/libglusterfs/src/common-utils.h index 71ff9eab5de..64544126836 100644 --- a/libglusterfs/src/common-utils.h +++ b/libglusterfs/src/common-utils.h @@ -618,6 +618,7 @@ void skip_word (char **str); char *get_nth_word (const char *str, int n); gf_boolean_t mask_match (const uint32_t a, const uint32_t b, const uint32_t m); +gf_boolean_t gf_is_ip_in_net (const char *network, const char *ip_str); char valid_host_name (char *address, int length); char valid_ipv4_address (char *address, int length, gf_boolean_t wildcard_acc); char valid_ipv6_address (char *address, int length, gf_boolean_t wildcard_acc); |