diff options
author | Niels de Vos <ndevos@redhat.com> | 2015-01-01 13:15:45 +0100 |
---|---|---|
committer | Vijay Bellur <vbellur@redhat.com> | 2015-03-15 07:01:38 -0700 |
commit | aa66b8404f45712c45d75d6a2a37f32e2792cc83 (patch) | |
tree | 11d7a95bd6286204ec0ec33e4cdd8ba0c5b48028 /xlators/nfs/server/src/mount3.h | |
parent | aac1ec0a61d9267b6ae7a280b368dfd357b7dcdc (diff) |
gNFS: Export / Netgroup authentication on Gluster NFS mount
* Parses linux style export file/netgroups file into a structure that
can be lookedup.
* This parser turns each line into a structure called an "export
directory". Each of these has a dictionary of hosts and netgroups
which can be looked up during the mount authentication process.
(See Change-Id Ic060aac and I7e6aa6bc)
* A string beginning withan '@' is treated as a netgroup and a string
beginning without an @ is a host.
(See Change-Id Ie04800d)
* This parser does not currently support all the options in the man page
('man exports'), but we can easily add them.
BUG: 1143880
URL: http://www.gluster.org/community/documentation/index.php/Features/Exports_Netgroups_Authentication
Change-Id: I181e8c1814d6ef3cae5b4d88353622734f0c0f0b
Original-author: Shreyas Siravara <shreyas.siravara@gmail.com>
CC: Richard Wareing <rwareing@fb.com>
CC: Jiffin Tony Thottan <jthottan@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8758
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Diffstat (limited to 'xlators/nfs/server/src/mount3.h')
-rw-r--r-- | xlators/nfs/server/src/mount3.h | 56 |
1 files changed, 54 insertions, 2 deletions
diff --git a/xlators/nfs/server/src/mount3.h b/xlators/nfs/server/src/mount3.h index ed553d122ae..8ef9c62a655 100644 --- a/xlators/nfs/server/src/mount3.h +++ b/xlators/nfs/server/src/mount3.h @@ -26,6 +26,9 @@ #include "locking.h" #include "nfs3-fh.h" #include "uuid.h" +#include "exports.h" +#include "mount3-auth.h" +#include "auth-cache.h" /* Registered with portmap */ #define GF_MOUNTV3_PORT 38465 @@ -41,6 +44,9 @@ mnt3svc_init (xlator_t *nfsx); extern rpcsvc_program_t * mnt1svc_init (xlator_t *nfsx); +extern void +mnt3svc_deinit (xlator_t *nfsx); + extern int mount_init_state (xlator_t *nfsx); @@ -50,6 +56,20 @@ mount_reconfigure_state (xlator_t *nfsx, dict_t *options); void mount_rewrite_rmtab (struct mount3_state *ms, char *new_rmtab); +struct mnt3_export * +mnt3_mntpath_to_export (struct mount3_state *ms, const char *dirpath, + gf_boolean_t export_parsing_match); + +extern int +mnt3svc_update_mountlist (struct mount3_state *ms, rpcsvc_request_t *req, + const char *expname, const char *fullpath); + +int +mnt3_authenticate_request (struct mount3_state *ms, rpcsvc_request_t *req, + struct nfs3_fh *fh, const char *volname, + const char *path, char **authorized_path, + char **authorized_host, gf_boolean_t is_write_op); + /* Data structure used to store the list of mounts points currently * in use by NFS clients. */ @@ -60,6 +80,15 @@ struct mountentry { /* The export name */ char exname[MNTPATHLEN]; char hostname[MNTPATHLEN]; + char fullpath[MNTPATHLEN]; + + gf_boolean_t has_full_path; + + /* Since this is stored in a dict, we want to be able + * to find easily get the key we used to store + * the struct in our dict + */ + char hashkey[MNTPATHLEN*2+2]; }; #define MNT3_EXPTYPE_VOLUME 1 @@ -87,14 +116,23 @@ struct mnt3_export { xlator_t *vol; int exptype; + /* This holds the full path that the client requested including + * the volume name AND the subdirectory in the volume. + */ + char *fullpath; + /* Extracted from nfs volume options if nfs.dynamicvolumes is on. */ uuid_t volumeid; + uuid_t mountid; }; struct mount3_state { xlator_t *nfsx; + /* The NFS state that this belongs to */ + struct nfs_state *nfs; + /* The buffers for all network IO are got from this pool. */ struct iobuf_pool *iobpool; @@ -106,8 +144,17 @@ struct mount3_state { */ struct list_head mountlist; - /* Used to protect the mountlist. */ - gf_lock_t mountlock; + /* Dict of current mount points over all the exports from this + * server. Mirrors the mountlist above, but can be used for + * faster lookup in the event that there are several mounts. + * Currently, each NFSOP is validated against this dict: each + * op is checked to see if the host that operates on the path + * does in fact have an entry in the mount dict. + */ + dict_t *mountdict; + + /* Used to protect the mountlist & the mount dict */ + pthread_spinlock_t mountlock; /* Used to insert additional authentication parameters */ struct mnt3_auth_params *auth_params; @@ -115,6 +162,11 @@ struct mount3_state { /* Set to 0 if exporting full volumes is disabled. On by default. */ gf_boolean_t export_volumes; gf_boolean_t export_dirs; + + pthread_t auth_refresh_thread; + gf_boolean_t stop_refresh; + + struct auth_cache *authcache; }; #define gf_mnt3_export_dirs(mst) ((mst)->export_dirs) |