diff options
| author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-15 01:37:22 -0700 |
| commit | 1cb3b1abeda53bb430bbe1490fac154337ac9994 (patch) | |
| tree | 0b1092562b002389c60f4d74af13aef822766f1c /xlators/nfs/server/src/mount3-auth.h | |
| parent | 0c3d3a796bda37d8439855baf00137ad17714620 (diff) | |
nfs: more fine grained authentication for the MOUNT protocol
The /etc/exports format for NFS-exports (see Change-Id I7e6aa6b) allows
a more fine grained control over the authentication. This change adds
the functions and structures that will be used in by Change-Id I181e8c1.
BUG: 1143880
Change-Id: Ic060aac7c52d91e08519b222ba46383c94665ce7
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/9362
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/nfs/server/src/mount3-auth.h')
| -rw-r--r-- | xlators/nfs/server/src/mount3-auth.h | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/xlators/nfs/server/src/mount3-auth.h b/xlators/nfs/server/src/mount3-auth.h new file mode 100644 index 00000000000..b25d4724fac --- /dev/null +++ b/xlators/nfs/server/src/mount3-auth.h @@ -0,0 +1,59 @@ +/* + Copyright 2014-present Facebook. All Rights Reserved + + This file is part of GlusterFS. + + Author : + Shreyas Siravara <shreyas.siravara@gmail.com> + + This file is licensed to you under your choice of the GNU Lesser + General Public License, version 3 or any later version (LGPLv3 or + later), or the GNU General Public License, version 2 (GPLv2), in all + cases as published by the Free Software Foundation. +*/ + +#ifndef _MOUNT3_AUTH +#define _MOUNT3_AUTH + +#include "nfs-mem-types.h" +#include "netgroups.h" +#include "exports.h" +#include "mount3.h" +#include "nfs.h" + +#define GF_MNT_AUTH GF_NFS"-mount3-auth" + +struct mnt3_auth_params { + struct netgroups_file *ngfile; /* The netgroup file to auth against */ + struct exports_file *expfile; /* The export file to auth against */ + struct mount3_state *ms; /* The mount state that owns this */ +}; + +/* Initialize auth params struct */ +struct mnt3_auth_params * +mnt3_auth_params_init (struct mount3_state *ms); + +/* Set the netgroups file to use in the auth */ +int +mnt3_auth_set_netgroups_auth (struct mnt3_auth_params *aps, + const char *filename); + +/* Set the exports file to use in the auth */ +int +mnt3_auth_set_exports_auth (struct mnt3_auth_params *aps, const char *filename); + +/* Check if a host is authorized to perform a mount / nfs-fop */ +int +mnt3_auth_host (const struct mnt3_auth_params *aps, const char *host, + struct nfs3_fh *fh, const char *dir, gf_boolean_t is_write_op, + struct export_item **save_item); + +/* Free resources used by the auth params struct */ +void +mnt3_auth_params_deinit (struct mnt3_auth_params *aps); + +int +mnt3_auth_fop_options_verify (const struct mnt3_auth_params *auth_params, + const char *host, const char *dir); + +#endif /* _MOUNT3_AUTH */ |