This patch adds a new configuration parameter called
"RootSquashExceptions". It has the same value syntax as the existing
RootSquash parameter, but it allows you to list hosts or subnets that
are exempt from root squashing.
This is helpful if you want to root squash all clients (or at least a
large set of them) but still allow root access from particular admin or
power user clients. That was possible before, but probably tedious
unless the node you wanted to exclude just happened to fall in a
convenient subnet.
-Phil
diff -Naur pvfs2/src/common/misc/server-config.c pvfs2-new/src/common/misc/server-config.c
--- pvfs2/src/common/misc/server-config.c 2007-09-25 13:27:28.000000000 -0400
+++ pvfs2-new/src/common/misc/server-config.c 2007-10-02 13:10:56.000000000 -0400
@@ -79,6 +79,7 @@
static DOTCONF_CB(get_flow_module_list);
static DOTCONF_CB(get_root_squash);
+static DOTCONF_CB(get_root_squash_exceptions);
static DOTCONF_CB(get_read_only);
static DOTCONF_CB(get_all_squash);
static DOTCONF_CB(get_anon_gid);
@@ -707,6 +708,16 @@
*/
{"RootSquash", ARG_LIST, get_root_squash, NULL,
CTX_EXPORT, ""},
+
+ /* RootSquashExceptions option specifies exceoptions to the RootSquash
+ * list. This is an optional parameter that needs to be specified as
+ * part of the ExportOptions context and is a list of BMI URL
+ * specification of client addresses for which RootSquash
+ * has to be enforced.
+ * RootSquash tcp://[EMAIL PROTECTED] tcp://10.0.0.* tcp://192.168.* ...
+ */
+ {"RootSquashExceptions", ARG_LIST, get_root_squash_exceptions, NULL,
+ CTX_EXPORT, ""},
/* ReadOnly option specifies whether the exported file-system needs to
* disallow write accesses from clients or anything that modifies the
@@ -1690,6 +1701,50 @@
return NULL;
}
+DOTCONF_CB(get_root_squash_exceptions)
+{
+ struct filesystem_configuration_s *fs_conf = NULL;
+ struct server_configuration_s *config_s =
+ (struct server_configuration_s *)cmd->context;
+
+ fs_conf = (struct filesystem_configuration_s *)
+ PINT_llist_head(config_s->file_systems);
+ assert(fs_conf);
+
+ if (cmd->arg_count != 0)
+ {
+ fs_conf->root_squash_exceptions_netmasks = (int *) calloc(cmd->arg_count, sizeof(int));
+ if (fs_conf->root_squash_exceptions_netmasks == NULL)
+ {
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not allocate memory for root_squash_exceptions_netmasks\n");
+ }
+ if (get_list_of_strings(cmd->arg_count, cmd->data.list,
+ &fs_conf->root_squash_exceptions_hosts) < 0)
+ {
+ free(fs_conf->root_squash_exceptions_netmasks);
+ fs_conf->root_squash_exceptions_netmasks = NULL;
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not allocate memory for root_squash_exceptions_hosts\n");
+ }
+ fs_conf->root_squash_exceptions_count = cmd->arg_count;
+ /* Setup the netmasks */
+ if (setup_netmasks(fs_conf->root_squash_exceptions_count, fs_conf->root_squash_exceptions_hosts,
+ fs_conf->root_squash_exceptions_netmasks) < 0)
+ {
+ free(fs_conf->root_squash_exceptions_netmasks);
+ fs_conf->root_squash_exceptions_netmasks = NULL;
+ free_list_of_strings(fs_conf->root_squash_exceptions_count, &fs_conf->root_squash_exceptions_hosts);
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not setup netmasks for root_squash_exceptions_hosts\n");
+ }
+ gossip_debug(GOSSIP_SERVER_DEBUG, "Parsed %d RootSquashExceptions wildcard entries\n",
+ cmd->arg_count);
+ }
+ return NULL;
+}
+
+
DOTCONF_CB(get_read_only)
{
struct filesystem_configuration_s *fs_conf = NULL;
diff -Naur pvfs2/src/common/misc/server-config.h pvfs2-new/src/common/misc/server-config.h
--- pvfs2/src/common/misc/server-config.h 2007-08-17 00:04:24.000000000 -0400
+++ pvfs2-new/src/common/misc/server-config.h 2007-10-02 13:09:23.000000000 -0400
@@ -105,6 +105,10 @@
char **root_squash_hosts;
int *root_squash_netmasks;
+ int root_squash_exceptions_count;
+ char **root_squash_exceptions_hosts;
+ int *root_squash_exceptions_netmasks;
+
int all_squash_count;
char **all_squash_hosts;
int *all_squash_netmasks;
diff -Naur pvfs2/src/server/prelude.sm pvfs2-new/src/server/prelude.sm
--- pvfs2/src/server/prelude.sm 2007-08-29 20:13:44.000000000 -0400
+++ pvfs2-new/src/server/prelude.sm 2007-10-02 13:09:23.000000000 -0400
@@ -327,10 +327,25 @@
{
int i;
+ /* check exceptions first */
+ for (i = 0; i < fsconfig->root_squash_exceptions_count; i++)
+ {
+ gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %lld, %s, netmask: %i\n",
+ lld(client_addr), fsconfig->root_squash_exceptions_hosts[i],
+ fsconfig->root_squash_exceptions_netmasks[i]);
+ if (BMI_query_addr_range(client_addr, fsconfig->root_squash_exceptions_hosts[i],
+ fsconfig->root_squash_exceptions_netmasks[i]) == 1)
+ {
+ /* in the exception list, do not squash */
+ return 0;
+ }
+ }
+
for (i = 0; i < fsconfig->root_squash_count; i++)
{
- gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %lld, %s\n",
- lld(client_addr), fsconfig->root_squash_hosts[i]);
+ gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %lld, %s, netmask: %i\n",
+ lld(client_addr), fsconfig->root_squash_hosts[i],
+ fsconfig->root_squash_netmasks[i]);
if (BMI_query_addr_range(client_addr, fsconfig->root_squash_hosts[i],
fsconfig->root_squash_netmasks[i]) == 1)
{
_______________________________________________
Pvfs2-developers mailing list
[email protected]
http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
