The branch, master has been updated
via 32320ee278d1eec9aef18b400c0ddaa445d4211e (commit)
via ddfeecda87955b4e46777599f678e6926d37f4c4 (commit)
from 9bded1832179fbadc8bc94c5328ffa6c45a6d2ab (commit)
http://gitweb.samba.org/?p=ctdb.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 32320ee278d1eec9aef18b400c0ddaa445d4211e
Merge: ddfeecda87955b4e46777599f678e6926d37f4c4
9bded1832179fbadc8bc94c5328ffa6c45a6d2ab
Author: Ronnie Sahlberg <[email protected]>
Date: Mon Sep 5 16:42:49 2011 +1000
Merge branch 'master' of ssh://git.samba.org/data/git/ctdb
commit ddfeecda87955b4e46777599f678e6926d37f4c4
Author: Michael Adam <[email protected]>
Date: Fri Sep 2 16:42:10 2011 +0200
Add a tunable "AllowClientDBAttach" with default value 1.
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.
-----------------------------------------------------------------------
Summary of changes:
include/ctdb_private.h | 1 +
server/ctdb_ltdb_server.c | 6 ++++++
server/ctdb_tunables.c | 3 ++-
3 files changed, 9 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/include/ctdb_private.h b/include/ctdb_private.h
index 6d3e91e..b24efcc 100644
--- a/include/ctdb_private.h
+++ b/include/ctdb_private.h
@@ -121,6 +121,7 @@ struct ctdb_tunable {
uint32_t deferred_attach_timeout;
uint32_t vacuum_fast_path_count;
uint32_t lcp2_public_ip_assignment;
+ uint32_t allow_client_db_attach;
};
/*
diff --git a/server/ctdb_ltdb_server.c b/server/ctdb_ltdb_server.c
index a93e2fa..a0fe2c5 100644
--- a/server/ctdb_ltdb_server.c
+++ b/server/ctdb_ltdb_server.c
@@ -1010,6 +1010,12 @@ int32_t ctdb_control_db_attach(struct ctdb_context
*ctdb, TDB_DATA indata,
struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
struct ctdb_client *client = NULL;
+ if (ctdb->tunable.allow_client_db_attach == 0) {
+ DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable "
+ "AllowClientDBAccess == 0\n", db_name));
+ return -1;
+ }
+
/* dont allow any local clients to attach while we are in recovery mode
* except for the recovery daemon.
* allow all attach from the network since these are always from remote
diff --git a/server/ctdb_tunables.c b/server/ctdb_tunables.c
index 9da3cc8..ef86051 100644
--- a/server/ctdb_tunables.c
+++ b/server/ctdb_tunables.c
@@ -68,7 +68,8 @@ static const struct {
{ "UseStatusEvents", 0, offsetof(struct ctdb_tunable,
use_status_events_for_monitoring) },
{ "AllowUnhealthyDBRead", 0, offsetof(struct ctdb_tunable,
allow_unhealthy_db_read) },
{ "StatHistoryInterval", 1, offsetof(struct ctdb_tunable,
stat_history_interval) },
- { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable,
deferred_attach_timeout) }
+ { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable,
deferred_attach_timeout) },
+ { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable,
allow_client_db_attach) }
};
/*
--
CTDB repository
