diff options
| author | Michael Adam <obnox@samba.org> | 2011-09-02 16:42:10 +0200 |
|---|---|---|
| committer | Ronnie Sahlberg <ronniesahlberg@gmail.com> | 2011-09-05 16:17:39 +1000 |
| commit | a3e007956864f5d902f7bec22a2c51d1c391a7ff (patch) | |
| tree | 96ee0284704742e2d09cca4099f85b7d61428f2e | |
| parent | faf6710cde103e4abce734a65c1470a3522bd917 (diff) | |
| download | samba-a3e007956864f5d902f7bec22a2c51d1c391a7ff.tar.gz samba-a3e007956864f5d902f7bec22a2c51d1c391a7ff.tar.xz samba-a3e007956864f5d902f7bec22a2c51d1c391a7ff.zip | |
Add a tunable "AllowClientDBAttach" with default value 1.
When set to 0, clients will not be able to attach to databases
via the db_attach control. This might can be useful for maintenance
where ctdb should be kept running but clients should not be able
to modify databases.
(This used to be ctdb commit ddfeecda87955b4e46777599f678e6926d37f4c4)
| -rw-r--r-- | ctdb/include/ctdb_private.h | 1 | ||||
| -rw-r--r-- | ctdb/server/ctdb_ltdb_server.c | 6 | ||||
| -rw-r--r-- | ctdb/server/ctdb_tunables.c | 3 |
3 files changed, 9 insertions, 1 deletions
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h index 6d3e91e37b..b24efcc64a 100644 --- a/ctdb/include/ctdb_private.h +++ b/ctdb/include/ctdb_private.h @@ -121,6 +121,7 @@ struct ctdb_tunable { uint32_t deferred_attach_timeout; uint32_t vacuum_fast_path_count; uint32_t lcp2_public_ip_assignment; + uint32_t allow_client_db_attach; }; /* diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c index a93e2fa0c9..a0fe2c529c 100644 --- a/ctdb/server/ctdb_ltdb_server.c +++ b/ctdb/server/ctdb_ltdb_server.c @@ -1010,6 +1010,12 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata, struct ctdb_node *node = ctdb->nodes[ctdb->pnn]; struct ctdb_client *client = NULL; + if (ctdb->tunable.allow_client_db_attach == 0) { + DEBUG(DEBUG_ERR, ("DB Attach to database %s denied by tunable " + "AllowClientDBAccess == 0\n", db_name)); + return -1; + } + /* dont allow any local clients to attach while we are in recovery mode * except for the recovery daemon. * allow all attach from the network since these are always from remote diff --git a/ctdb/server/ctdb_tunables.c b/ctdb/server/ctdb_tunables.c index 9da3cc8065..ef86051cec 100644 --- a/ctdb/server/ctdb_tunables.c +++ b/ctdb/server/ctdb_tunables.c @@ -68,7 +68,8 @@ static const struct { { "UseStatusEvents", 0, offsetof(struct ctdb_tunable, use_status_events_for_monitoring) }, { "AllowUnhealthyDBRead", 0, offsetof(struct ctdb_tunable, allow_unhealthy_db_read) }, { "StatHistoryInterval", 1, offsetof(struct ctdb_tunable, stat_history_interval) }, - { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable, deferred_attach_timeout) } + { "DeferredAttachTO", 120, offsetof(struct ctdb_tunable, deferred_attach_timeout) }, + { "AllowClientDBAttach", 1, offsetof(struct ctdb_tunable, allow_client_db_attach) } }; /* |