810179 – auth.allow/reject is not working as expected when list of ip_address is specified

Bug 810179 - auth.allow/reject is not working as expected when list of ip_address is specified

Summary: auth.allow/reject is not working as expected when list of ip_address is speci...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	GlusterFS
Classification:	Community
Component:	cli
Sub Component:
Version:	mainline
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Kaushal
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	817967
TreeView+	depends on / blocked

Reported:	2012-04-05 10:04 UTC by Shwetha Panduranga
Modified:	2015-12-01 16:45 UTC (History)
CC List:	2 users (show)
Fixed In Version:	glusterfs-3.4.0
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-07-24 17:57:58 UTC
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Shwetha Panduranga 2012-04-05 10:04:28 UTC

Description of problem:
when a list of ip_address is specified as value for volume set auth.allow, auth.reject, nfs.rpc-auth-allow, nfs.rpc-auth-reject, the policy only applies for the first ip_address in the list. 

The rest of the ip_address is allowed or rejected depending on the option we have set. 

Version-Release number of selected component (if applicable):
3.3.0qa33

How reproducible:
often

Test cases:-
------------
[04/05/12 - 20:34:37 root@APP-SERVER1 ~]# gluster volume info
 
Volume Name: dstore
Type: Distributed-Replicate
Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35
Status: Started
Number of Bricks: 3 x 3 = 9
Transport-type: tcp
Bricks:
Brick1: 192.168.2.35:/export1/dstore1
Brick2: 192.168.2.36:/export1/dstore1
Brick3: 192.168.2.37:/export1/dstore1
Brick4: 192.168.2.35:/export2/dstore1
Brick5: 192.168.2.36:/export2/dstore1
Brick6: 192.168.2.37:/export2/dstore1
Brick7: 192.168.2.35:/export1/dstore2
Brick8: 192.168.2.36:/export1/dstore2
Brick9: 192.168.2.37:/export1/dstore2

Note
------
root@APP-CLIENT1 :- 192.168.2.34
root@Shwetha-Laptop :- 192.168.2.1

################################################################################
Test Case1:-
-------------
[04/05/12 - 20:34:40 root@APP-SERVER1 ~]# gluster volume set dstore auth.allow 192.168.2.34,192.168.2.1
Set volume successful
[04/05/12 - 20:37:42 root@APP-SERVER1 ~]# gluster volume info
 
Volume Name: dstore
Type: Distributed-Replicate
Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35
Status: Started
Number of Bricks: 3 x 3 = 9
Transport-type: tcp
Bricks:
Brick1: 192.168.2.35:/export1/dstore1
Brick2: 192.168.2.36:/export1/dstore1
Brick3: 192.168.2.37:/export1/dstore1
Brick4: 192.168.2.35:/export2/dstore1
Brick5: 192.168.2.36:/export2/dstore1
Brick6: 192.168.2.37:/export2/dstore1
Brick7: 192.168.2.35:/export1/dstore2
Brick8: 192.168.2.36:/export1/dstore2
Brick9: 192.168.2.37:/export1/dstore2
Options Reconfigured:
auth.allow: 192.168.2.34,192.168.2.1


[04/05/12 - 20:37:57 root@APP-CLIENT1 /]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1
Brick Log:- 
----------
[2012-04-05 20:38:04.773227] I [server-handshake.c:571:server_setvolume] 0-dstore-server: accepted client from 192.168.2.34:1012 (version: 3.3.0qa33)

[04/05/12 - 15:19:21 root@Shwetha-Laptop ~]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1
Mount failed. Please check the log file for more details.
Brick Log:-
----------
[2012-04-05 20:39:45.645589] E [authenticate.c:228:gf_authenticate] 0-auth: no authentication module is interested in accepting remote-client (null)
[2012-04-05 20:39:45.645750] E [server-handshake.c:582:server_setvolume] 0-dstore-server: Cannot authenticate client from 192.168.2.1:962 3.3.0qa33

################################################################################
Test Case2:-
--------------
[04/05/12 - 20:41:42 root@APP-SERVER1 ~]# gluster volume set dstore auth.reject 192.168.2.34,192.168.2.1
Set volume successful
[04/05/12 - 20:41:52 root@APP-SERVER1 ~]# gluster volume info
 
Volume Name: dstore
Type: Distributed-Replicate
Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35
Status: Started
Number of Bricks: 3 x 3 = 9
Transport-type: tcp
Bricks:
Brick1: 192.168.2.35:/export1/dstore1
Brick2: 192.168.2.36:/export1/dstore1
Brick3: 192.168.2.37:/export1/dstore1
Brick4: 192.168.2.35:/export2/dstore1
Brick5: 192.168.2.36:/export2/dstore1
Brick6: 192.168.2.37:/export2/dstore1
Brick7: 192.168.2.35:/export1/dstore2
Brick8: 192.168.2.36:/export1/dstore2
Brick9: 192.168.2.37:/export1/dstore2
Options Reconfigured:
auth.reject: 192.168.2.34,192.168.2.1

[04/05/12 - 20:42:18 root@APP-CLIENT1 /]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1
Mount failed. Please check the log file for more details.
Brick Log:-
-----------
[2012-04-05 20:42:23.556693] E [server-handshake.c:582:server_setvolume] 0-dstore-server: Cannot authenticate client from 192.168.2.34:1012 3.3.0qa33

[04/05/12 - 15:22:42 root@Shwetha-Laptop ~]# mount -t glusterfs 192.168.2.35:/dstore /mnt/gfsc1
Brick Log:-
-----------
[2012-04-05 20:42:59.835136] I [server-handshake.c:571:server_setvolume] 0-dstore-server: accepted client from 192.168.2.1:951 (version: 3.3.0qa33)

###############################################################################
Test Case 3:-
------------
[04/05/12 - 20:43:53 root@APP-SERVER1 ~]# gluster volume set dstore nfs.rpc-auth-reject 192.168.2.34,192.168.2.1
Set volume successful
[04/05/12 - 20:44:09 root@APP-SERVER1 ~]# gluster volume info
 
Volume Name: dstore
Type: Distributed-Replicate
Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35
Status: Started
Number of Bricks: 3 x 3 = 9
Transport-type: tcp
Bricks:
Brick1: 192.168.2.35:/export1/dstore1
Brick2: 192.168.2.36:/export1/dstore1
Brick3: 192.168.2.37:/export1/dstore1
Brick4: 192.168.2.35:/export2/dstore1
Brick5: 192.168.2.36:/export2/dstore1
Brick6: 192.168.2.37:/export2/dstore1
Brick7: 192.168.2.35:/export1/dstore2
Brick8: 192.168.2.36:/export1/dstore2
Brick9: 192.168.2.37:/export1/dstore2
Options Reconfigured:
nfs.rpc-auth-reject: 192.168.2.34,192.168.2.1


[04/05/12 - 20:44:25 root@APP-CLIENT1 /]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1
mount.nfs: access denied by server while mounting 192.168.2.35:/dstore

[04/05/12 - 15:25:30 root@Shwetha-Laptop ~]#  mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1

##############################################################################
Case 4:-
---------
[04/05/12 - 20:47:31 root@APP-SERVER1 ~]# gluster volume set dstore nfs.rpc-auth-allow 192.168.2.34,192.168.2.1
Set volume successful
[04/05/12 - 20:47:40 root@APP-SERVER1 ~]# gluster volume info
 
Volume Name: dstore
Type: Distributed-Replicate
Volume ID: f965e26e-b647-4db8-90d5-47c350d65b35
Status: Started
Number of Bricks: 3 x 3 = 9
Transport-type: tcp
Bricks:
Brick1: 192.168.2.35:/export1/dstore1
Brick2: 192.168.2.36:/export1/dstore1
Brick3: 192.168.2.37:/export1/dstore1
Brick4: 192.168.2.35:/export2/dstore1
Brick5: 192.168.2.36:/export2/dstore1
Brick6: 192.168.2.37:/export2/dstore1
Brick7: 192.168.2.35:/export1/dstore2
Brick8: 192.168.2.36:/export1/dstore2
Brick9: 192.168.2.37:/export1/dstore2
Options Reconfigured:
nfs.rpc-auth-allow: 192.168.2.34,192.168.2.1

[04/05/12 - 20:48:03 root@APP-CLIENT1 /]# mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1

[04/05/12 - 15:29:19 root@Shwetha-Laptop ~]#  mount -t nfs -o vers=3 192.168.2.35:/dstore /mnt/nfsc1
mount.nfs: access denied by server while mounting 192.168.2.35:/dstore

Additional Info:-
-----------------
nfs server doesn't report any log message for accepting the client connection or rejecting the client connection.

Comment 1 Anand Avati 2012-04-13 07:55:57 UTC

CHANGE: http://review.gluster.com/3104 (xlator/server,xlator/nfs : Fix authentication for address lists) merged in master by Vijay Bellur (vijay)

Comment 2 Shwetha Panduranga 2012-04-16 05:00:51 UTC

verified on "3git built on Apr 16 2012 15:32:30". works fine now.

Note You need to log in before you can comment on or make changes to this bug.