diff options
| author | Niels de Vos <ndevos@redhat.com> | 2016-06-26 18:50:27 +0200 |
|---|---|---|
| committer | Jeff Darcy <jdarcy@redhat.com> | 2016-06-28 13:29:13 -0700 |
| commit | e5221d288e41d29d89d52f8deab657d2285a852c (patch) | |
| tree | d08b2f512dfdcf304a010443902719bec6ad7d4d /xlators | |
| parent | 10fa1bcce3b73f630dbc3241722c1af9dee4c414 (diff) | |
nfs: allow hostnames with dashes in exports/netgroups files
Hostnames with dashes (like "vagrant-testVM") are not correctly parsed
when reading the exports/netgroups files. This bacomes obvious when
running ./run-tests-in-vagrant.sh because it causes
tests/basic/mount-nfs-auth.t and tests/basic/netgroup_parsing.t to fail.
The regex for hostname (in exports) and the entry and hostname
(netgroups) parsing does not include the "-" sign, and hence the
hostnames are splitted at it.
BUG: 1350237
Change-Id: I38146a283561e1fa386cc841c43fd3b1e30a87ad
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/14809
Smoke: Gluster Build System <jenkins@build.gluster.org>
NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jdarcy@redhat.com>
Diffstat (limited to 'xlators')
| -rw-r--r-- | xlators/nfs/server/src/exports.c | 10 | ||||
| -rw-r--r-- | xlators/nfs/server/src/exports.h | 2 | ||||
| -rw-r--r-- | xlators/nfs/server/src/mount3.c | 9 | ||||
| -rw-r--r-- | xlators/nfs/server/src/netgroups.c | 5 | ||||
| -rw-r--r-- | xlators/nfs/server/src/netgroups.h | 4 |
5 files changed, 27 insertions, 3 deletions
diff --git a/xlators/nfs/server/src/exports.c b/xlators/nfs/server/src/exports.c index b000b7e8118..83aec254040 100644 --- a/xlators/nfs/server/src/exports.c +++ b/xlators/nfs/server/src/exports.c @@ -753,6 +753,8 @@ __exp_line_ng_host_str_parse (char *str, struct export_item **exp_item) item_name = gf_strdup (str); GF_CHECK_ALLOC (item_name, ret, out); + gf_msg_trace (GF_EXP, 0, "found hostname/netgroup: %s", item_name); + /* Initialize an export item for this */ item = _export_item_init (); GF_CHECK_ALLOC (item, ret, free_and_out); @@ -832,6 +834,8 @@ __exp_line_ng_parse (const char *line, dict_t **ng_dict) goto out; } + gf_msg_trace (GF_EXP, 0, "parsing line: %s", line); + while ((strmatch = parser_get_next_match (netgroup_parser))) { if (!netgroups) { /* Allocate a new dict to store the netgroups. */ @@ -842,6 +846,8 @@ __exp_line_ng_parse (const char *line, dict_t **ng_dict) } } + gf_msg_trace (GF_EXP, 0, "parsing netgroup: %s", strmatch); + ret = __exp_line_ng_host_str_parse (strmatch, &exp_ng); if (ret != 0) { @@ -927,6 +933,8 @@ __exp_line_host_parse (const char *line, dict_t **host_dict) goto out; } + gf_msg_trace (GF_EXP, 0, "parsing line: %s", line); + while ((strmatch = parser_get_next_match (hostname_parser))) { if (!hosts) { /* Allocate a new dictto store the netgroups. */ @@ -934,6 +942,8 @@ __exp_line_host_parse (const char *line, dict_t **host_dict) GF_CHECK_ALLOC (hosts, ret, free_and_out); } + gf_msg_trace (GF_EXP, 0, "parsing hostname: %s", strmatch); + ret = __exp_line_ng_host_str_parse (strmatch, &exp_host); if (ret != 0) { diff --git a/xlators/nfs/server/src/exports.h b/xlators/nfs/server/src/exports.h index 51a3cd668a4..bc9af2f0b8b 100644 --- a/xlators/nfs/server/src/exports.h +++ b/xlators/nfs/server/src/exports.h @@ -22,7 +22,7 @@ #define GF_EXP GF_NFS"-exports" #define NETGROUP_REGEX_PATTERN "(@([a-zA-Z0-9\\(=, .])+)())" -#define HOSTNAME_REGEX_PATTERN "[[:space:]]([a-zA-Z0-9.\\(=,*/)]+)" +#define HOSTNAME_REGEX_PATTERN "[[:space:]]([a-zA-Z0-9.\\(=,*/)-]+)" #define OPTIONS_REGEX_PATTERN "([a-zA-Z0-9=\\.]+)" #define NETGROUP_MAX_LEN 128 diff --git a/xlators/nfs/server/src/mount3.c b/xlators/nfs/server/src/mount3.c index 580f92af4b7..2647e384a94 100644 --- a/xlators/nfs/server/src/mount3.c +++ b/xlators/nfs/server/src/mount3.c @@ -1993,6 +1993,10 @@ _mnt3_authenticate_req (struct mount3_state *ms, rpcsvc_request_t *req, /* Check if the IP is authorized */ auth_status_code = mnt3_auth_host (ms->auth_params, host_addr_ip, fh, pathdup, is_write_op, &expitem); + + gf_msg_debug (GF_MNT, 0, "access from IP %s is %s", host_addr_ip, + auth_status_code ? "denied" : "allowed"); + if (auth_status_code != 0) { /* If not, check if the FQDN is authorized */ host_addr_fqdn = gf_rev_dns_lookup (host_addr_ip); @@ -2000,6 +2004,11 @@ _mnt3_authenticate_req (struct mount3_state *ms, rpcsvc_request_t *req, host_addr_fqdn, fh, pathdup, is_write_op, &expitem); + + gf_msg_debug (GF_MNT, 0, "access from FQDN %s is %s", + host_addr_fqdn, auth_status_code ? "denied" : + "allowed"); + if (auth_status_code == 0) auth_host = host_addr_fqdn; } else diff --git a/xlators/nfs/server/src/netgroups.c b/xlators/nfs/server/src/netgroups.c index e9c0838a5cc..1003b72ef8c 100644 --- a/xlators/nfs/server/src/netgroups.c +++ b/xlators/nfs/server/src/netgroups.c @@ -735,11 +735,16 @@ _parse_ng_host (char *ng_str, struct netgroup_host **ngh) if (ret < 0) goto out; + gf_msg_trace (GF_NG, 0, "parsing host string: %s", ng_str); + ng_host = _netgroup_host_init (); GF_CHECK_ALLOC (ng_host, ret, free_and_out); /* Sets ret to -ENOMEM on * failure. */ while ((match = parser_get_next_match (ng_host_parser)) != NULL) { + gf_msg_trace (GF_NG, 0, "found match: %s (parts=%d)", match, + parts); + switch (parts) { case 0: ng_host->hostname = match; diff --git a/xlators/nfs/server/src/netgroups.h b/xlators/nfs/server/src/netgroups.h index c77a35a41f3..6044abfabb3 100644 --- a/xlators/nfs/server/src/netgroups.h +++ b/xlators/nfs/server/src/netgroups.h @@ -21,8 +21,8 @@ #define GF_NG GF_NFS"-netgroup" -#define NG_FILE_PARSE_REGEX "([a-zA-Z0-9.(,)]+)" -#define NG_HOST_PARSE_REGEX "([a-zA-Z0-9.]+)" +#define NG_FILE_PARSE_REGEX "([a-zA-Z0-9.(,)-]+)" +#define NG_HOST_PARSE_REGEX "([a-zA-Z0-9.-]+)" struct netgroup_host { char *hostname; /* Hostname of entry */ |