Bug 817959 - auth.allow and reject seem to limit the input length [NEEDINFO]
auth.allow and reject seem to limit the input length
Status: CLOSED CURRENTRELEASE
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: doc-Administration_Guide (Show other bugs)
unspecified
Unspecified Unspecified
high Severity unspecified
: ---
: ---
Assigned To: Divya
Gowrishankar Rajaiyan
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-05-01 17:09 EDT by Jacob Shucart
Modified: 2016-09-20 01:17 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-10 03:15:35 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
divya: needinfo? (jshucart)


Attachments (Terms of Use)

  None (edit)
Description Jacob Shucart 2012-05-01 17:09:47 EDT
Description of problem:

It appears that you can only set an auth allow or reject string that is 256bytes.  Rhythm and Hues ran into an issue as they needed a larger list even though wildcards are supported.  Can we up this?  Is there a real reason for this limit?
Comment 1 Kaushal 2012-05-03 06:49:25 EDT
Hi Jacob.
One question up front. What is the version of gluster being used?
If it is gluster 3.3/RHS2.0, then the following should hold true. Else, we'd require more information. 

We use _POSIX_HOST_NAME_MAX, defined as 255 in /usr/include/bits/posix1_lim.h, to check the length of hostnames during validation of the address lists.

A list of comma separated addresses, even longer than 256 bytes is accepted by gluster, and will be set if validation succeeds. However, even if one of the addresses in the list is longer than the defined limit, validation fails and the list is rejected.

So unless, they are trying to set a single hostname longer than 255 bytes, the address list should be accepted.

Thanks.
Kaushal
Comment 3 Kaushal 2012-06-06 06:21:36 EDT
Jacob, any update on this?
Comment 4 Vidya Sakar 2012-09-17 07:18:29 EDT
Was going to close this as WORKSFORME, but transferring this to Documentation just to make sure this is appropriately documented. Jacob, if you still see an issue please raise a new bug.
Comment 5 Divya 2013-01-16 07:23:51 EST
Jacob,

I am planning to update the documentation as follows:

Option: auth.allow
Available Options: Valid hostnames or IP address which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters.

Option: auth.reject
Description: IP addresses or hostnames of the clients which should be denied access to the volume. 
Default Value: none (reject none)
Available Options: Valid hostnames or IP address which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters.

Please let me know if this addresses your concern.

Regards,
Divya
Comment 6 Divya 2013-02-18 03:53:16 EST
Jacob,

I have incorporated the changes and it available at: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Storage/2.0/html/Administration_Guide/chap-User_Guide-Managing_Volumes.html#sect-User_Guide-Managing_Volumes-Tuning

Please confirm if this addresses your concern.

Regards,
Divya
Comment 7 Divya 2013-02-25 06:25:53 EST
Incorporated the changes suggested by Jacob and the updated documentation is available at: http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Storage/2.0/html-single/Administration_Guide/index.html#sect-User_Guide-Managing_Volumes-Tuning
Comment 8 Gowrishankar Rajaiyan 2013-03-04 03:16:40 EST
<snip>
auth.allow	 

IP addresses or hostnames of the clients which should be allowed to access the volume.	 

Valid hostnames or IP addresses which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters.
</snip>


<snip>
auth.reject	 

IP addresses or hostnames of the clients which should be denied access to the volume.	 

Valid hostnames or IP addresses which includes wild card patterns including *, such as 192.168.1.*. A list of comma separated addresses is accepted, but a single hostname must not exceed 256 characters.	 
</snip>


Verified in link from comment #7.

Note You need to log in before you can comment on or make changes to this bug.