diff options
author | Niels de Vos <ndevos@redhat.com> | 2013-12-23 12:53:32 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2013-12-30 19:49:43 -0800 |
commit | 7e3dd526c62b3a1bb59945efdfed2c2fbbcf9cf9 (patch) | |
tree | 69088ce06313f6b03b9ff48a21eb4e0d568b8cb1 /rpc | |
parent | d85726d19432384e2c3dd6ceff4b7b4ec3f8f57a (diff) |
rpc/server: add anonuid and anongid options for root-squash
Introduce new options to modify the behaviour of server.root-squash.
With server.anonuid and server.anongid the uid/gid can be specified and
the root user (uid=0 and gid=0) will be mapped to the given uid/gid
instead of nfsnobody (uid=65534 and gid=65534).
Many thanks to Vikhyat Umrao for writing the majority of the test-case!
Change-Id: I6379a3d2ef52b9b9707f2f6f0529657580c8d779
BUG: 1043886
CC: Vikhyat Umrao <vumrao@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/6546
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Reviewed-by: Vikhyat Umrao <vumrao@redhat.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'rpc')
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc-auth.c | 17 | ||||
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc-common.h | 2 | ||||
-rw-r--r-- | rpc/rpc-lib/src/rpcsvc.h | 6 |
3 files changed, 21 insertions, 4 deletions
diff --git a/rpc/rpc-lib/src/rpcsvc-auth.c b/rpc/rpc-lib/src/rpcsvc-auth.c index 4cb86a75839..0ede19f741b 100644 --- a/rpc/rpc-lib/src/rpcsvc-auth.c +++ b/rpc/rpc-lib/src/rpcsvc-auth.c @@ -230,6 +230,8 @@ int rpcsvc_set_root_squash (rpcsvc_t *svc, dict_t *options) { int ret = -1; + uid_t anonuid = -1; + gid_t anongid = -1; GF_ASSERT (svc); GF_ASSERT (options); @@ -240,8 +242,21 @@ rpcsvc_set_root_squash (rpcsvc_t *svc, dict_t *options) else svc->root_squash = _gf_false; + ret = dict_get_uint32 (options, "anonuid", &anonuid); + if (!ret) + svc->anonuid = anonuid; + else + svc->anonuid = RPC_NOBODY_UID; + + ret = dict_get_uint32 (options, "anongid", &anongid); + if (!ret) + svc->anongid = anongid; + else + svc->anongid = RPC_NOBODY_GID; + if (svc->root_squash) - gf_log (GF_RPCSVC, GF_LOG_DEBUG, "root squashing enabled "); + gf_log (GF_RPCSVC, GF_LOG_DEBUG, "root squashing enabled " + "(uid=%d, gid=%d)", svc->anonuid, svc->anongid); return 0; } diff --git a/rpc/rpc-lib/src/rpcsvc-common.h b/rpc/rpc-lib/src/rpcsvc-common.h index aed55e039e1..3c16abeb77a 100644 --- a/rpc/rpc-lib/src/rpcsvc-common.h +++ b/rpc/rpc-lib/src/rpcsvc-common.h @@ -55,6 +55,8 @@ typedef struct rpcsvc_state { gf_boolean_t allow_insecure; gf_boolean_t register_portmap; gf_boolean_t root_squash; + uid_t anonuid; + gid_t anongid; glusterfs_ctx_t *ctx; /* list of connections which will listen for incoming connections */ diff --git a/rpc/rpc-lib/src/rpcsvc.h b/rpc/rpc-lib/src/rpcsvc.h index cbc1f4226b8..28ec93e11a5 100644 --- a/rpc/rpc-lib/src/rpcsvc.h +++ b/rpc/rpc-lib/src/rpcsvc.h @@ -282,14 +282,14 @@ struct rpcsvc_request { int gidcount = 0; \ if (req->svc->root_squash) { \ if (req->uid == RPC_ROOT_UID) \ - req->uid = RPC_NOBODY_UID; \ + req->uid = req->svc->anonuid; \ if (req->gid == RPC_ROOT_GID) \ - req->gid = RPC_NOBODY_GID; \ + req->gid = req->svc->anongid; \ for (gidcount = 0; gidcount < req->auxgidcount; \ ++gidcount) { \ if (!req->auxgids[gidcount]) \ req->auxgids[gidcount] = \ - RPC_NOBODY_GID; \ + req->svc->anongid; \ } \ } \ } while (0); |