Commit e0e66a79 authored by Tigran Mkrtchyan's avatar Tigran Mkrtchyan
Browse files

nfsv3: respect subnetmask in export file

added support for notations like
/export <A.B.C.D>[/bits]

Acked-By: Paul
Patch: http://rb.dcache.org/r/1326/
parent 4fee1b1c
......@@ -21,7 +21,19 @@ public class IPMatcher {
}else{
// ip
try {
return match(InetAddress.getByName(pattern), ip, 32);
int mask = 32;
String ipMask[] = pattern.split("/");
if(ipMask.length > 2 ) {
// invalid record - deny
return false;
}
if(ipMask.length == 2) {
mask = Integer.parseInt(ipMask[1]);
}
return match(InetAddress.getByName(ipMask[0]), ip, mask);
}catch(UnknownHostException uhe) {
return false;
}
......
package org.dcache.chimera.nfs;
import java.io.File;
import java.io.IOException;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.util.List;
import org.junit.Before;
import org.junit.Test;
import static org.junit.Assert.*;
public class FsExportTest {
private ExportFile _exportFile;
@Before
public void setUp() throws IOException {
_exportFile = new ExportFile(new File("test/org/dcache/chimera/nfs/exports"));
}
@Test
public void testIsEmpty() {
List<String> exports = _exportFile.getExports();
assertFalse("Export file should not produce empty export list", exports.isEmpty());
}
@Test
public void testIsLocalHostExplicit() throws UnknownHostException {
FsExport export = _exportFile.getExport("/pnfs");
InetAddress local = InetAddress.getByName("127.0.0.1");
assertNotNull("null returned for existing export", export);
assertTrue("localhost should always be allowed", export.isAllowed(local));
}
@Test
public void testLocalAlwaysAllowed() throws UnknownHostException {
FsExport export = _exportFile.getExport("/h1");
InetAddress local = InetAddress.getByName("127.0.0.1");
assertTrue("localhost should always be allowed", export.isAllowed(local));
}
@Test
public void testMultimpleClients() {
FsExport export = _exportFile.getExport("/h2");
List<String> clients = export.client();
assertEquals("Incorrect number on multiple allowed clients", 2, clients.size());
}
@Test
public void testTrustedMultimpleClients() throws UnknownHostException {
FsExport export = _exportFile.getExport("/trusted");
InetAddress trusted = InetAddress.getByName("nairi.desy.de");
InetAddress nontrusted = InetAddress.getByName("ani.desy.de");
assertTrue("trusted host not respected", export.isTrusted(trusted) );
assertFalse("nontrusted host respected", export.isTrusted(nontrusted) );
}
@Test
public void testSubnets_B() throws UnknownHostException {
FsExport export = _exportFile.getExport("/subnet_b");
InetAddress allowed = InetAddress.getByName("192.168.2.2");
InetAddress deny = InetAddress.getByName("192.168.3.1");
assertTrue("Allowed host not recognized", export.isAllowed(allowed));
assertFalse("Deny host not recognized", export.isAllowed(deny));
}
@Test
public void testSubnets_C() throws UnknownHostException {
FsExport export = _exportFile.getExport("/subnet_c");
InetAddress allowed = InetAddress.getByName("192.168.2.2");
InetAddress deny = InetAddress.getByName("192.169.2.2");
assertTrue("Allowed host not recognized", export.isAllowed(allowed));
assertFalse("Deny host not recognized", export.isAllowed(deny));
}
@Test
public void testSubnets_Bad() throws UnknownHostException {
FsExport export = _exportFile.getExport("/subnet_bad");
InetAddress deny1 = InetAddress.getByName("192.168.2.1");
InetAddress deny2 = InetAddress.getByName("192.169.2.2");
assertFalse("Deny host not recognized", export.isAllowed(deny1));
assertFalse("Deny host not recognized", export.isAllowed(deny2));
}
}
# sample /etc/exports file
/ master(rw) trusty(rw,no_root_squash)
/projects proj*.local.domain(rw)
/usr *.local.domain(ro) @trusted(rw)
/home/joe pc001(rw,all_squash,anonuid=150,anongid=100)
/pnfs localhost(rw,no_root_squash)
/h1 h1.desy.de
/h2 client1 client2
/trusted nairi.desy.de(no_root_squash) ani.desy.de
/subnet_b 192.168.2.1/24
/subnet_c 192.168.2.1/16
/subnet_bad 192.168.2.1/16/32
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment