Bug 817959
| Summary: | auth.allow and reject seem to limit the input length | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Jacob Shucart <jshucart> |
| Component: | doc-Administration_Guide | Assignee: | Divya <divya> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Gowrishankar Rajaiyan <grajaiya> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | asriram, gluster-bugs, grajaiya, kaushal, kbarfiel, mhideo, rhs-bugs, rwheeler, sdharane, storage-doc |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-04-10 07:15:35 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jacob Shucart
2012-05-01 21:09:47 UTC
Hi Jacob. One question up front. What is the version of gluster being used? If it is gluster 3.3/RHS2.0, then the following should hold true. Else, we'd require more information. We use _POSIX_HOST_NAME_MAX, defined as 255 in /usr/include/bits/posix1_lim.h, to check the length of hostnames during validation of the address lists. A list of comma separated addresses, even longer than 256 bytes is accepted by gluster, and will be set if validation succeeds. However, even if one of the addresses in the list is longer than the defined limit, validation fails and the list is rejected. So unless, they are trying to set a single hostname longer than 255 bytes, the address list should be accepted. Thanks. Kaushal Jacob, any update on this? Was going to close this as WORKSFORME, but transferring this to Documentation just to make sure this is appropriately documented. Jacob, if you still see an issue please raise a new bug. Jacob, I am planning to update the documentation as follows: Option: auth.allow Available Options: Valid hostnames or IP address which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters. Option: auth.reject Description: IP addresses or hostnames of the clients which should be denied access to the volume. Default Value: none (reject none) Available Options: Valid hostnames or IP address which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters. Please let me know if this addresses your concern. Regards, Divya Jacob, I have incorporated the changes and it available at: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/chap-User_Guide-Managing_Volumes.html#sect-User_Guide-Managing_Volumes-Tuning Please confirm if this addresses your concern. Regards, Divya Incorporated the changes suggested by Jacob and the updated documentation is available at: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Storage/2.0/html-single/Administration_Guide/index.html#sect-User_Guide-Managing_Volumes-Tuning <snip> auth.allow IP addresses or hostnames of the clients which should be allowed to access the volume. Valid hostnames or IP addresses which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters. </snip> <snip> auth.reject IP addresses or hostnames of the clients which should be denied access to the volume. Valid hostnames or IP addresses which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters. </snip> Verified in link from comment #7. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |