diff options
| author | Niels de Vos <ndevos@redhat.com> | 2014-07-02 11:11:43 +0200 |
|---|---|---|
| committer | Niels de Vos <ndevos@redhat.com> | 2014-07-02 04:28:21 -0700 |
| commit | f25c549c959e06e70eefc5744dc5f93668411de2 (patch) | |
| tree | f3b6071afd87194b2da56e59b2ec8c20011705db /rpc/rpc-lib/src/rpcsvc.c | |
| parent | cc372dc0d0561b2995d89cab4e84dcebef0c346c (diff) | |
gNFS: Support wildcard in RPC auth allow/reject
RFE: Support wildcard in "nfs.rpc-auth-allow" and
"nfs.rpc-auth-reject". e.g.
*.redhat.com
192.168.1[1-5].*
192.168.1[1-5].*, *.redhat.com, 192.168.21.9
Along with wildcard, support for subnetwork or IP range e.g.
192.168.10.23/24
The option will be validated for following categories:
1) Anonymous i.e. "*"
2) Wildcard pattern i.e. string containing any ('*', '?', '[')
3) IPv4 address
4) IPv6 address
5) FQDN
6) subnetwork or IPv4 range
Currently this does not support IPv6 subnetwork.
Cherry-picked from 00e247ee44067f2b3e7ca5f7e6dc2f7934c97181:
> Change-Id: Iac8caf5e490c8174d61111dad47fd547d4f67bf4
> BUG: 1086097
> Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Reviewed-on: http://review.gluster.org/7485
> Reviewed-by: Poornima G <pgurusid@redhat.com>
> Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Change-Id: I18ef0a914cd403c1f9e66d1b03ecd29465cbce95
BUG: 1115369
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8223
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Diffstat (limited to 'rpc/rpc-lib/src/rpcsvc.c')
| -rw-r--r-- | rpc/rpc-lib/src/rpcsvc.c | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc.c b/rpc/rpc-lib/src/rpcsvc.c index a751330a7c9..d6e9ee951c8 100644 --- a/rpc/rpc-lib/src/rpcsvc.c +++ b/rpc/rpc-lib/src/rpcsvc.c @@ -2392,8 +2392,20 @@ rpcsvc_auth_check (rpcsvc_t *svc, char *volname, ret = dict_get_str (options, srchstr, &reject_str); GF_FREE (srchstr); - if (reject_str == NULL && !strcmp ("*", allow_str)) - return RPCSVC_AUTH_ACCEPT; + + /* + * If "reject_str" is being set as '*' (anonymous), then NFS-server + * would reject everything. If the "reject_str" is not set and + * "allow_str" is set as '*' (anonymous), then NFS-server would + * accept mount requests from all clients. + */ + if (reject_str != NULL) { + if (!strcmp ("*", reject_str)) + return RPCSVC_AUTH_REJECT; + } else { + if (!strcmp ("*", allow_str)) + return RPCSVC_AUTH_ACCEPT; + } /* Non-default rule, authenticate */ if (!get_host_name (client_ip, &ip)) @@ -2577,6 +2589,7 @@ rpcsvc_match_subnet_v4 (const char *addrtok, const char *ipaddr) mask.sin_addr.s_addr)) { ret = 0; /* SUCCESS */ } + out: GF_FREE (netaddr); return ret; |