git.samba.org / obnox / samba / samba-obnox.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: faf6710)
Add a tunable "AllowClientDBAttach" with default value 1.
authorMichael Adam <obnox@samba.org>
Fri, 2 Sep 2011 14:42:10 +0000 (16:42 +0200)
committerRonnie Sahlberg <ronniesahlberg@gmail.com>
Mon, 5 Sep 2011 06:17:39 +0000 (16:17 +1000)
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.

(This used to be ctdb commit ddfeecda87955b4e46777599f678e6926d37f4c4)

ctdb/include/ctdb_private.h patch | blob | history
ctdb/server/ctdb_ltdb_server.c patch | blob | history
ctdb/server/ctdb_tunables.c patch | blob | history

diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h
index 6d3e91e37bfc4a9d133d943fc7205432bdec0785..b24efcc64a03001e0cbccae59bba0ac8e69e5cc6 100644 (file)
--- a/ctdb/include/ctdb_private.h
+++ b/ctdb/include/ctdb_private.h
@@ -121,6 +121,7 @@ struct ctdb_tunable {
        uint32_t deferred_attach_timeout;
        uint32_t vacuum_fast_path_count;
        uint32_t lcp2_public_ip_assignment;
+       uint32_t allow_client_db_attach;
 };
 
 /*
diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index a93e2fa0c950a7cc3c50f2a838c3ff8a724a3ddf..a0fe2c529c606c4b033a4577fec97baa1a476df2 100644 (file)
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -1010,6 +1010,12 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata,
        struct ctdb_node *node = ctdb->nodes[ctdb->pnn];
        struct ctdb_client *client = NULL;
 
+       if (ctdb->tunable.allow_client_db_attach == 0) {
+               DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable "
+                                 "AllowClientDBAccess == 0\n", db_name));
+               return -1;
+       }
+
        /* dont allow any local clients to attach while we are in recovery mode
         * except for the recovery daemon.
         * allow all attach from the network since these are always from remote
diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c
index 9da3cc806562f1601797ecf040b0a5762a6de39c..ef86051cecf2ebd634dfa30b5c4d28dca4d9b1f3 100644 (file)
--- a/ctdb/server/ctdb_tunables.c
+++ b/ctdb/server/ctdb_tunables.c
@@ -68,7 +68,8 @@ static const struct {
        { "UseStatusEvents",     0,  offsetof(struct ctdb_tunable, use_status_events_for_monitoring) },
        { "AllowUnhealthyDBRead", 0,  offsetof(struct ctdb_tunable, allow_unhealthy_db_read) },
        { "StatHistoryInterval",  1,  offsetof(struct ctdb_tunable, stat_history_interval) },
-       { "DeferredAttachTO",  120,  offsetof(struct ctdb_tunable, deferred_attach_timeout) }
+       { "DeferredAttachTO",  120,  offsetof(struct ctdb_tunable, deferred_attach_timeout) },
+       { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable, allow_client_db_attach) }
 };
 
 /*
Michael's Samba GIT