summaryrefslogtreecommitdiffstats
path: root/rpc
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2013-12-23 12:53:32 +0100
committerVijay Bellur <vbellur@redhat.com>2013-12-30 19:49:43 -0800
commit7e3dd526c62b3a1bb59945efdfed2c2fbbcf9cf9 (patch)
tree69088ce06313f6b03b9ff48a21eb4e0d568b8cb1 /rpc
parentd85726d19432384e2c3dd6ceff4b7b4ec3f8f57a (diff)
rpc/server: add anonuid and anongid options for root-squash
Introduce new options to modify the behaviour of server.root-squash. With server.anonuid and server.anongid the uid/gid can be specified and the root user (uid=0 and gid=0) will be mapped to the given uid/gid instead of nfsnobody (uid=65534 and gid=65534). Many thanks to Vikhyat Umrao for writing the majority of the test-case! Change-Id: I6379a3d2ef52b9b9707f2f6f0529657580c8d779 BUG: 1043886 CC: Vikhyat Umrao <vumrao@redhat.com> Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: http://review.gluster.org/6546 Reviewed-by: Santosh Pradhan <spradhan@redhat.com> Reviewed-by: Vikhyat Umrao <vumrao@redhat.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'rpc')
-rw-r--r--rpc/rpc-lib/src/rpcsvc-auth.c17
-rw-r--r--rpc/rpc-lib/src/rpcsvc-common.h2
-rw-r--r--rpc/rpc-lib/src/rpcsvc.h6
3 files changed, 21 insertions, 4 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c
index 4cb86a75839..0ede19f741b 100644
--- a/rpc/rpc-lib/src/rpcsvc-auth.c
+++ b/rpc/rpc-lib/src/rpcsvc-auth.c
@@ -230,6 +230,8 @@ int
rpcsvc_set_root_squash (rpcsvc_t *svc, dict_t *options)
{
int ret = -1;
+ uid_t anonuid = -1;
+ gid_t anongid = -1;
GF_ASSERT (svc);
GF_ASSERT (options);
@@ -240,8 +242,21 @@ rpcsvc_set_root_squash (rpcsvc_t *svc, dict_t *options)
else
svc->root_squash = _gf_false;
+ ret = dict_get_uint32 (options, "anonuid", &anonuid);
+ if (!ret)
+ svc->anonuid = anonuid;
+ else
+ svc->anonuid = RPC_NOBODY_UID;
+
+ ret = dict_get_uint32 (options, "anongid", &anongid);
+ if (!ret)
+ svc->anongid = anongid;
+ else
+ svc->anongid = RPC_NOBODY_GID;
+
if (svc->root_squash)
- gf_log (GF_RPCSVC, GF_LOG_DEBUG, "root squashing enabled ");
+ gf_log (GF_RPCSVC, GF_LOG_DEBUG, "root squashing enabled "
+ "(uid=%d, gid=%d)", svc->anonuid, svc->anongid);
return 0;
}
diff --git a/rpc/rpc-lib/src/rpcsvc-common.h b/rpc/rpc-lib/src/rpcsvc-common.h
index aed55e039e1..3c16abeb77a 100644
--- a/rpc/rpc-lib/src/rpcsvc-common.h
+++ b/rpc/rpc-lib/src/rpcsvc-common.h
@@ -55,6 +55,8 @@ typedef struct rpcsvc_state {
gf_boolean_t allow_insecure;
gf_boolean_t register_portmap;
gf_boolean_t root_squash;
+ uid_t anonuid;
+ gid_t anongid;
glusterfs_ctx_t *ctx;
/* list of connections which will listen for incoming connections */
diff --git a/rpc/rpc-lib/src/rpcsvc.h b/rpc/rpc-lib/src/rpcsvc.h
index cbc1f4226b8..28ec93e11a5 100644
--- a/rpc/rpc-lib/src/rpcsvc.h
+++ b/rpc/rpc-lib/src/rpcsvc.h
@@ -282,14 +282,14 @@ struct rpcsvc_request {
int gidcount = 0; \
if (req->svc->root_squash) { \
if (req->uid == RPC_ROOT_UID) \
- req->uid = RPC_NOBODY_UID; \
+ req->uid = req->svc->anonuid; \
if (req->gid == RPC_ROOT_GID) \
- req->gid = RPC_NOBODY_GID; \
+ req->gid = req->svc->anongid; \
for (gidcount = 0; gidcount < req->auxgidcount; \
++gidcount) { \
if (!req->auxgids[gidcount]) \
req->auxgids[gidcount] = \
- RPC_NOBODY_GID; \
+ req->svc->anongid; \
} \
} \
} while (0);