From 84e90b756566bc211535a8627ed16d4231110ade Mon Sep 17 00:00:00 2001
From: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Date: Fri, 21 Aug 2015 00:08:23 +0530
Subject: server/protocol: option for dynamic authorization of client
 permissions

problem:
assuming gluster volume is already mounted (for gfapi: say client transport
connection has already established), now if somebody change the volume
permissions say *.allow | *.reject for a client, gluster should allow/terminate
the client connection based on the fresh set of volume options immediately,
but in existing scenario neither we have any option to set this behaviour nor
we take any action until and unless we remount the volume manually

solution:
Introduce 'dynamic-auth' option (default: on).
If 'dynamic-auth' is 'on' gluster will perform dynamic authentication to
allow/terminate client transport connection immediately in response to
*.allow | *.reject volume set options, thus if volume permissions have changed
for a particular client (say client is added to auth.reject list), his
transport connection to gluster volume will be terminated immediately.

Change-Id: I6243a6db41bf1e0babbf050a8e4f8620732e00d8
BUG: 1245380
Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
Reviewed-on: http://review.gluster.org/12229
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Reviewed-by: Raghavendra G <rgowdapp@redhat.com>
---
 rpc/rpc-lib/src/rpc-transport.c | 2 ++
 rpc/rpc-lib/src/rpc-transport.h | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'rpc/rpc-lib/src')

diff --git a/rpc/rpc-lib/src/rpc-transport.c b/rpc/rpc-lib/src/rpc-transport.c
index 197c1682027..0f1351fe91a 100644
--- a/rpc/rpc-lib/src/rpc-transport.c
+++ b/rpc/rpc-lib/src/rpc-transport.c
@@ -458,6 +458,8 @@ rpc_transport_destroy (rpc_transport_t *this)
 
 	GF_VALIDATE_OR_GOTO("rpc_transport", this, fail);
 
+        if (this->clnt_options)
+                dict_unref (this->clnt_options);
         if (this->options)
                 dict_unref (this->options);
 	if (this->fini)
diff --git a/rpc/rpc-lib/src/rpc-transport.h b/rpc/rpc-lib/src/rpc-transport.h
index df0bab5dc43..227911a5935 100644
--- a/rpc/rpc-lib/src/rpc-transport.h
+++ b/rpc/rpc-lib/src/rpc-transport.h
@@ -210,6 +210,8 @@ struct rpc_transport {
         int                        bind_insecure;
         void                      *dl_handle; /* handle of dlopen() */
         char                      *ssl_name;
+        dict_t                    *clnt_options; /* store options received from
+                                                  * client */
 };
 
 struct rpc_transport_ops {
-- 
cgit