[Pvfs2-developers] patches: root squash exceptions
Sam Lang
slang at mcs.anl.gov
Wed Nov 7 17:26:47 EST 2007
Looks good. I've committed to MAIN. Thanks for the patch Phil.
-sam
On Oct 12, 2007, at 3:49 PM, Phil Carns wrote:
> This patch adds a new configuration parameter called
> "RootSquashExceptions". It has the same value syntax as the
> existing RootSquash parameter, but it allows you to list hosts or
> subnets that are exempt from root squashing.
>
> This is helpful if you want to root squash all clients (or at least
> a large set of them) but still allow root access from particular
> admin or power user clients. That was possible before, but
> probably tedious unless the node you wanted to exclude just
> happened to fall in a convenient subnet.
>
> -Phil
> diff -Naur pvfs2/src/common/misc/server-config.c pvfs2-new/src/
> common/misc/server-config.c
> --- pvfs2/src/common/misc/server-config.c 2007-09-25
> 13:27:28.000000000 -0400
> +++ pvfs2-new/src/common/misc/server-config.c 2007-10-02
> 13:10:56.000000000 -0400
> @@ -79,6 +79,7 @@
> static DOTCONF_CB(get_flow_module_list);
>
> static DOTCONF_CB(get_root_squash);
> +static DOTCONF_CB(get_root_squash_exceptions);
> static DOTCONF_CB(get_read_only);
> static DOTCONF_CB(get_all_squash);
> static DOTCONF_CB(get_anon_gid);
> @@ -707,6 +708,16 @@
> */
> {"RootSquash", ARG_LIST, get_root_squash, NULL,
> CTX_EXPORT, ""},
> +
> + /* RootSquashExceptions option specifies exceoptions to the
> RootSquash
> + * list. This is an optional parameter that needs to be
> specified as
> + * part of the ExportOptions context and is a list of BMI URL
> + * specification of client addresses for which RootSquash
> + * has to be enforced.
> + * RootSquash tcp://192.168.2.0@24 tcp://10.0.0.* tcp://
> 192.168.* ...
> + */
> + {"RootSquashExceptions", ARG_LIST, get_root_squash_exceptions,
> NULL,
> + CTX_EXPORT, ""},
>
> /* ReadOnly option specifies whether the exported file-system
> needs to
> * disallow write accesses from clients or anything that
> modifies the
> @@ -1690,6 +1701,50 @@
> return NULL;
> }
>
> +DOTCONF_CB(get_root_squash_exceptions)
> +{
> + struct filesystem_configuration_s *fs_conf = NULL;
> + struct server_configuration_s *config_s =
> + (struct server_configuration_s *)cmd->context;
> +
> + fs_conf = (struct filesystem_configuration_s *)
> + PINT_llist_head(config_s->file_systems);
> + assert(fs_conf);
> +
> + if (cmd->arg_count != 0)
> + {
> + fs_conf->root_squash_exceptions_netmasks = (int *) calloc
> (cmd->arg_count, sizeof(int));
> + if (fs_conf->root_squash_exceptions_netmasks == NULL)
> + {
> + fs_conf->root_squash_exceptions_count = 0;
> + return("Could not allocate memory for
> root_squash_exceptions_netmasks\n");
> + }
> + if (get_list_of_strings(cmd->arg_count, cmd->data.list,
> + &fs_conf->root_squash_exceptions_hosts) < 0)
> + {
> + free(fs_conf->root_squash_exceptions_netmasks);
> + fs_conf->root_squash_exceptions_netmasks = NULL;
> + fs_conf->root_squash_exceptions_count = 0;
> + return("Could not allocate memory for
> root_squash_exceptions_hosts\n");
> + }
> + fs_conf->root_squash_exceptions_count = cmd->arg_count;
> + /* Setup the netmasks */
> + if (setup_netmasks(fs_conf->root_squash_exceptions_count,
> fs_conf->root_squash_exceptions_hosts,
> + fs_conf->root_squash_exceptions_netmasks) < 0)
> + {
> + free(fs_conf->root_squash_exceptions_netmasks);
> + fs_conf->root_squash_exceptions_netmasks = NULL;
> + free_list_of_strings(fs_conf-
> >root_squash_exceptions_count, &fs_conf-
> >root_squash_exceptions_hosts);
> + fs_conf->root_squash_exceptions_count = 0;
> + return("Could not setup netmasks for
> root_squash_exceptions_hosts\n");
> + }
> + gossip_debug(GOSSIP_SERVER_DEBUG, "Parsed %d
> RootSquashExceptions wildcard entries\n",
> + cmd->arg_count);
> + }
> + return NULL;
> +}
> +
> +
> DOTCONF_CB(get_read_only)
> {
> struct filesystem_configuration_s *fs_conf = NULL;
> diff -Naur pvfs2/src/common/misc/server-config.h pvfs2-new/src/
> common/misc/server-config.h
> --- pvfs2/src/common/misc/server-config.h 2007-08-17
> 00:04:24.000000000 -0400
> +++ pvfs2-new/src/common/misc/server-config.h 2007-10-02
> 13:09:23.000000000 -0400
> @@ -105,6 +105,10 @@
> char **root_squash_hosts;
> int *root_squash_netmasks;
>
> + int root_squash_exceptions_count;
> + char **root_squash_exceptions_hosts;
> + int *root_squash_exceptions_netmasks;
> +
> int all_squash_count;
> char **all_squash_hosts;
> int *all_squash_netmasks;
> diff -Naur pvfs2/src/server/prelude.sm pvfs2-new/src/server/prelude.sm
> --- pvfs2/src/server/prelude.sm 2007-08-29 20:13:44.000000000 -0400
> +++ pvfs2-new/src/server/prelude.sm 2007-10-02 13:09:23.000000000
> -0400
> @@ -327,10 +327,25 @@
> {
> int i;
>
> + /* check exceptions first */
> + for (i = 0; i < fsconfig->root_squash_exceptions_count; i++)
> + {
> + gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
> lld, %s, netmask: %i\n",
> + lld(client_addr), fsconfig-
> >root_squash_exceptions_hosts[i],
> + fsconfig->root_squash_exceptions_netmasks[i]);
> + if (BMI_query_addr_range(client_addr, fsconfig-
> >root_squash_exceptions_hosts[i],
> + fsconfig->root_squash_exceptions_netmasks[i]) == 1)
> + {
> + /* in the exception list, do not squash */
> + return 0;
> + }
> + }
> +
> for (i = 0; i < fsconfig->root_squash_count; i++)
> {
> - gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
> lld, %s\n",
> - lld(client_addr), fsconfig->root_squash_hosts[i]);
> + gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
> lld, %s, netmask: %i\n",
> + lld(client_addr), fsconfig->root_squash_hosts[i],
> + fsconfig->root_squash_netmasks[i]);
> if (BMI_query_addr_range(client_addr, fsconfig-
> >root_squash_hosts[i],
> fsconfig->root_squash_netmasks[i]) == 1)
> {
> _______________________________________________
> Pvfs2-developers mailing list
> Pvfs2-developers at beowulf-underground.org
> http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
More information about the Pvfs2-developers
mailing list