This patch adds a new configuration parameter called
"RootSquashExceptions". It has the same value syntax as the
existing RootSquash parameter, but it allows you to list hosts or
subnets that are exempt from root squashing.
This is helpful if you want to root squash all clients (or at least
a large set of them) but still allow root access from particular
admin or power user clients. That was possible before, but
probably tedious unless the node you wanted to exclude just
happened to fall in a convenient subnet.
-Phil
diff -Naur pvfs2/src/common/misc/server-config.c pvfs2-new/src/
common/misc/server-config.c
--- pvfs2/src/common/misc/server-config.c 2007-09-25
13:27:28.000000000 -0400
+++ pvfs2-new/src/common/misc/server-config.c 2007-10-02
13:10:56.000000000 -0400
@@ -79,6 +79,7 @@
static DOTCONF_CB(get_flow_module_list);
static DOTCONF_CB(get_root_squash);
+static DOTCONF_CB(get_root_squash_exceptions);
static DOTCONF_CB(get_read_only);
static DOTCONF_CB(get_all_squash);
static DOTCONF_CB(get_anon_gid);
@@ -707,6 +708,16 @@
*/
{"RootSquash", ARG_LIST, get_root_squash, NULL,
CTX_EXPORT, ""},
+
+ /* RootSquashExceptions option specifies exceoptions to the
RootSquash
+ * list. This is an optional parameter that needs to be
specified as
+ * part of the ExportOptions context and is a list of BMI URL
+ * specification of client addresses for which RootSquash
+ * has to be enforced.
+ * RootSquash tcp://[EMAIL PROTECTED] tcp://10.0.0.* tcp://
192.168.* ...
+ */
+ {"RootSquashExceptions", ARG_LIST, get_root_squash_exceptions,
NULL,
+ CTX_EXPORT, ""},
/* ReadOnly option specifies whether the exported file-system
needs to
* disallow write accesses from clients or anything that
modifies the
@@ -1690,6 +1701,50 @@
return NULL;
}
+DOTCONF_CB(get_root_squash_exceptions)
+{
+ struct filesystem_configuration_s *fs_conf = NULL;
+ struct server_configuration_s *config_s =
+ (struct server_configuration_s *)cmd->context;
+
+ fs_conf = (struct filesystem_configuration_s *)
+ PINT_llist_head(config_s->file_systems);
+ assert(fs_conf);
+
+ if (cmd->arg_count != 0)
+ {
+ fs_conf->root_squash_exceptions_netmasks = (int *) calloc
(cmd->arg_count, sizeof(int));
+ if (fs_conf->root_squash_exceptions_netmasks == NULL)
+ {
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not allocate memory for
root_squash_exceptions_netmasks\n");
+ }
+ if (get_list_of_strings(cmd->arg_count, cmd->data.list,
+ &fs_conf->root_squash_exceptions_hosts) < 0)
+ {
+ free(fs_conf->root_squash_exceptions_netmasks);
+ fs_conf->root_squash_exceptions_netmasks = NULL;
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not allocate memory for
root_squash_exceptions_hosts\n");
+ }
+ fs_conf->root_squash_exceptions_count = cmd->arg_count;
+ /* Setup the netmasks */
+ if (setup_netmasks(fs_conf->root_squash_exceptions_count,
fs_conf->root_squash_exceptions_hosts,
+ fs_conf->root_squash_exceptions_netmasks) < 0)
+ {
+ free(fs_conf->root_squash_exceptions_netmasks);
+ fs_conf->root_squash_exceptions_netmasks = NULL;
+ free_list_of_strings(fs_conf-
>root_squash_exceptions_count, &fs_conf-
>root_squash_exceptions_hosts);
+ fs_conf->root_squash_exceptions_count = 0;
+ return("Could not setup netmasks for
root_squash_exceptions_hosts\n");
+ }
+ gossip_debug(GOSSIP_SERVER_DEBUG, "Parsed %d
RootSquashExceptions wildcard entries\n",
+ cmd->arg_count);
+ }
+ return NULL;
+}
+
+
DOTCONF_CB(get_read_only)
{
struct filesystem_configuration_s *fs_conf = NULL;
diff -Naur pvfs2/src/common/misc/server-config.h pvfs2-new/src/
common/misc/server-config.h
--- pvfs2/src/common/misc/server-config.h 2007-08-17
00:04:24.000000000 -0400
+++ pvfs2-new/src/common/misc/server-config.h 2007-10-02
13:09:23.000000000 -0400
@@ -105,6 +105,10 @@
char **root_squash_hosts;
int *root_squash_netmasks;
+ int root_squash_exceptions_count;
+ char **root_squash_exceptions_hosts;
+ int *root_squash_exceptions_netmasks;
+
int all_squash_count;
char **all_squash_hosts;
int *all_squash_netmasks;
diff -Naur pvfs2/src/server/prelude.sm pvfs2-new/src/server/prelude.sm
--- pvfs2/src/server/prelude.sm 2007-08-29 20:13:44.000000000 -0400
+++ pvfs2-new/src/server/prelude.sm 2007-10-02 13:09:23.000000000
-0400
@@ -327,10 +327,25 @@
{
int i;
+ /* check exceptions first */
+ for (i = 0; i < fsconfig->root_squash_exceptions_count; i++)
+ {
+ gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
lld, %s, netmask: %i\n",
+ lld(client_addr), fsconfig-
>root_squash_exceptions_hosts[i],
+ fsconfig->root_squash_exceptions_netmasks[i]);
+ if (BMI_query_addr_range(client_addr, fsconfig-
>root_squash_exceptions_hosts[i],
+ fsconfig->root_squash_exceptions_netmasks[i]) == 1)
+ {
+ /* in the exception list, do not squash */
+ return 0;
+ }
+ }
+
for (i = 0; i < fsconfig->root_squash_count; i++)
{
- gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
lld, %s\n",
- lld(client_addr), fsconfig->root_squash_hosts[i]);
+ gossip_debug(GOSSIP_SERVER_DEBUG, "BMI_query_addr_range %
lld, %s, netmask: %i\n",
+ lld(client_addr), fsconfig->root_squash_hosts[i],
+ fsconfig->root_squash_netmasks[i]);
if (BMI_query_addr_range(client_addr, fsconfig-
>root_squash_hosts[i],
fsconfig->root_squash_netmasks[i]) == 1)
{
_______________________________________________
Pvfs2-developers mailing list
[email protected]
http://www.beowulf-underground.org/mailman/listinfo/pvfs2-developers
