diff options
author | Niels de Vos <ndevos@redhat.com> | 2014-07-02 11:11:43 +0200 |
---|---|---|
committer | Niels de Vos <ndevos@redhat.com> | 2014-07-02 04:28:21 -0700 |
commit | f25c549c959e06e70eefc5744dc5f93668411de2 (patch) | |
tree | f3b6071afd87194b2da56e59b2ec8c20011705db /xlators | |
parent | cc372dc0d0561b2995d89cab4e84dcebef0c346c (diff) |
gNFS: Support wildcard in RPC auth allow/reject
RFE: Support wildcard in "nfs.rpc-auth-allow" and
"nfs.rpc-auth-reject". e.g.
*.redhat.com
192.168.1[1-5].*
192.168.1[1-5].*, *.redhat.com, 192.168.21.9
Along with wildcard, support for subnetwork or IP range e.g.
192.168.10.23/24
The option will be validated for following categories:
1) Anonymous i.e. "*"
2) Wildcard pattern i.e. string containing any ('*', '?', '[')
3) IPv4 address
4) IPv6 address
5) FQDN
6) subnetwork or IPv4 range
Currently this does not support IPv6 subnetwork.
Cherry-picked from 00e247ee44067f2b3e7ca5f7e6dc2f7934c97181:
> Change-Id: Iac8caf5e490c8174d61111dad47fd547d4f67bf4
> BUG: 1086097
> Signed-off-by: Santosh Kumar Pradhan <spradhan@redhat.com>
> Reviewed-on: http://review.gluster.org/7485
> Reviewed-by: Poornima G <pgurusid@redhat.com>
> Reviewed-by: Harshavardhana <harsha@harshavardhana.net>
> Tested-by: Gluster Build System <jenkins@build.gluster.com>
> Reviewed-by: Vijay Bellur <vbellur@redhat.com>
Change-Id: I18ef0a914cd403c1f9e66d1b03ecd29465cbce95
BUG: 1115369
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-on: http://review.gluster.org/8223
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Santosh Pradhan <spradhan@redhat.com>
Diffstat (limited to 'xlators')
-rw-r--r-- | xlators/nfs/server/src/nfs.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/xlators/nfs/server/src/nfs.c b/xlators/nfs/server/src/nfs.c index 4ecc5be0cd0..bd3e03fc947 100644 --- a/xlators/nfs/server/src/nfs.c +++ b/xlators/nfs/server/src/nfs.c @@ -1665,7 +1665,7 @@ struct volume_options options[] = { "unrecognized option warnings." }, { .key = {"rpc-auth.addr.allow"}, - .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST, + .type = GF_OPTION_TYPE_CLIENT_AUTH_ADDR, .default_value = "all", .description = "Allow a comma separated list of addresses and/or" " hostnames to connect to the server. By default, all" @@ -1673,7 +1673,7 @@ struct volume_options options[] = { "define a general rule for all exported volumes." }, { .key = {"rpc-auth.addr.reject"}, - .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST, + .type = GF_OPTION_TYPE_CLIENT_AUTH_ADDR, .default_value = "none", .description = "Reject a comma separated list of addresses and/or" " hostnames from connecting to the server. By default," @@ -1681,7 +1681,7 @@ struct volume_options options[] = { "define a general rule for all exported volumes." }, { .key = {"rpc-auth.addr.*.allow"}, - .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST, + .type = GF_OPTION_TYPE_CLIENT_AUTH_ADDR, .default_value = "all", .description = "Allow a comma separated list of addresses and/or" " hostnames to connect to the server. By default, all" @@ -1689,7 +1689,7 @@ struct volume_options options[] = { "define a rule for a specific exported volume." }, { .key = {"rpc-auth.addr.*.reject"}, - .type = GF_OPTION_TYPE_INTERNET_ADDRESS_LIST, + .type = GF_OPTION_TYPE_CLIENT_AUTH_ADDR, .default_value = "none", .description = "Reject a comma separated list of addresses and/or" " hostnames from connecting to the server. By default," |