From c9229150d4eee707c042388a739a058cf9eaedaf Mon Sep 17 00:00:00 2001 From: Jan Friesse Date: Thu, 16 Jun 2016 11:44:57 +0200 Subject: [PATCH 1/3] New upstream release Signed-off-by: Jan Friesse --- .gitignore | 1 + corosync.spec | 5 ++++- sources | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitignore b/.gitignore index 4ab6972..4fff9c4 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,4 @@ corosync-1.2.7.tar.gz /corosync-2.3.3.tar.gz /corosync-2.3.4.tar.gz /corosync-2.3.5.tar.gz +/corosync-2.3.6.tar.gz diff --git a/corosync.spec b/corosync.spec index b062b66..ee92e8e 100644 --- a/corosync.spec +++ b/corosync.spec @@ -20,7 +20,7 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces -Version: 2.3.5 +Version: 2.3.6 Release: 1%{?gitver}%{?dist} License: BSD Group: System Environment/Base @@ -337,6 +337,9 @@ The Corosync Cluster Engine APIs. %{_mandir}/man8/quorum_overview.8* %changelog +* Thu Jun 16 2016 Jan Friesse - 2.3.6-1 +- New upstream release + * Wed Jul 01 2015 Jan Friesse - 2.3.5-1 - New upstream release diff --git a/sources b/sources index c5cfc17..e64b846 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -8894f00d499e0755467b381e6346f9ff corosync-2.3.5.tar.gz +ea1e0421d474017d9ef3d6b741b7aaad corosync-2.3.6.tar.gz From 7259b297c7dbf738346753d37bd309e8e653b097 Mon Sep 17 00:00:00 2001 From: Jan Friesse Date: Thu, 4 Aug 2016 18:58:18 +0200 Subject: [PATCH 2/3] Config: Flag config uidgid entries Signed-off-by: Jan Friesse --- corosync.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/corosync.spec b/corosync.spec index ee92e8e..5b1774e 100644 --- a/corosync.spec +++ b/corosync.spec @@ -21,12 +21,14 @@ Name: corosync Summary: The Corosync Cluster Engine and Application Programming Interfaces Version: 2.3.6 -Release: 1%{?gitver}%{?dist} +Release: 2%{?gitver}%{?dist} License: BSD Group: System Environment/Base URL: http://corosync.github.io/corosync/ Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz +Patch0: Config-Flag-config-uidgid-entries.patch + %if 0%{?rhel} ExclusiveArch: i686 x86_64 %endif @@ -74,6 +76,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) %prep %setup -q -n %{name}-%{version}%{?gittarver} +%patch0 -p1 -b .flag-config-uidgid-entries %build %if %{with runautogen} @@ -337,6 +340,10 @@ The Corosync Cluster Engine APIs. %{_mandir}/man8/quorum_overview.8* %changelog +* Thu Aug 04 2016 Jan Friesse 2.3.6-2 +- Config: Flag config uidgid entries +- merge upstream commit f837f95dfe96d60f2367e900efd4def7a07b2a89 + * Thu Jun 16 2016 Jan Friesse - 2.3.6-1 - New upstream release From f202170a5cff8449e6d622e12915de80f6cb25d4 Mon Sep 17 00:00:00 2001 From: Jan Friesse Date: Thu, 4 Aug 2016 19:01:25 +0200 Subject: [PATCH 3/3] Really add patch for flag config uidgid entries Signed-off-by: Jan Friesse --- Config-Flag-config-uidgid-entries.patch | 129 ++++++++++++++++++++++++ 1 file changed, 129 insertions(+) create mode 100644 Config-Flag-config-uidgid-entries.patch diff --git a/Config-Flag-config-uidgid-entries.patch b/Config-Flag-config-uidgid-entries.patch new file mode 100644 index 0000000..fa9d90d --- /dev/null +++ b/Config-Flag-config-uidgid-entries.patch @@ -0,0 +1,129 @@ +From f837f95dfe96d60f2367e900efd4def7a07b2a89 Mon Sep 17 00:00:00 2001 +From: Jan Friesse +Date: Wed, 3 Aug 2016 16:51:51 +0200 +Subject: [PATCH] Config: Flag config uidgid entries + +Uidgid entries parsed from configuration files now has prefix +(uidgid.config.) so they are distinguishable from dynamically added +entries. Entries added from config file are pruned on reload if no +longer exists in config file (dynamic one stays unaffected). Also whole +uidgid.config. prefix is made read only. + +This make PCMK work again after configuration reload is called. + +Signed-off-by: Jan Friesse +Reviewed-by: Christine Caulfield +--- + exec/cfg.c | 2 +- + exec/coroparse.c | 8 ++++---- + exec/ipc_glue.c | 8 ++++++++ + exec/main.c | 1 + + man/cmap_keys.8 | 4 +++- + 5 files changed, 17 insertions(+), 6 deletions(-) + +diff --git a/exec/cfg.c b/exec/cfg.c +index 87e49c4..4e62d73 100644 +--- a/exec/cfg.c ++++ b/exec/cfg.c +@@ -703,7 +703,7 @@ static void message_handler_req_exec_cfg_reload_config ( + remove_deleted_entries(temp_map, "totem."); + remove_deleted_entries(temp_map, "nodelist."); + remove_deleted_entries(temp_map, "quorum."); +- remove_deleted_entries(temp_map, "uidgid."); ++ remove_deleted_entries(temp_map, "uidgid.config."); + + /* Remove entries that cannot be changed */ + remove_ro_entries(temp_map); +diff --git a/exec/coroparse.c b/exec/coroparse.c +index 4c1fea9..374ed7d 100644 +--- a/exec/coroparse.c ++++ b/exec/coroparse.c +@@ -794,7 +794,7 @@ static int main_config_parser_cb(const char *path, + *error_string = error_string_response; + return (0); + } +- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u", ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", + uid); + icmap_set_uint8_r(config_map, key_name, 1); + add_as_string = 0; +@@ -804,7 +804,7 @@ static int main_config_parser_cb(const char *path, + *error_string = error_string_response; + return (0); + } +- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", + gid); + icmap_set_uint8_r(config_map, key_name, 1); + add_as_string = 0; +@@ -1203,7 +1203,7 @@ static int uidgid_config_parser_cb(const char *path, + *error_string = error_string_response; + return (0); + } +- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u", ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", + uid); + icmap_set_uint8_r(config_map, key_name, 1); + } else if (strcmp(path, "uidgid.gid") == 0) { +@@ -1212,7 +1212,7 @@ static int uidgid_config_parser_cb(const char *path, + *error_string = error_string_response; + return (0); + } +- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", + gid); + icmap_set_uint8_r(config_map, key_name, 1); + } else { +diff --git a/exec/ipc_glue.c b/exec/ipc_glue.c +index 79ee4df..c8cbbf8 100644 +--- a/exec/ipc_glue.c ++++ b/exec/ipc_glue.c +@@ -194,10 +194,18 @@ static int32_t cs_ipcs_connection_accept (qb_ipcs_connection_t *c, uid_t euid, g + if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) + return 0; + ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", euid); ++ if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) ++ return 0; ++ + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", egid); + if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) + return 0; + ++ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", egid); ++ if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) ++ return 0; ++ + log_printf(LOGSYS_LEVEL_ERROR, "Denied connection attempt from %d:%d", euid, egid); + + return -EACCES; +diff --git a/exec/main.c b/exec/main.c +index 54df1b6..82fb808 100644 +--- a/exec/main.c ++++ b/exec/main.c +@@ -1011,6 +1011,7 @@ static void set_icmap_ro_keys_flag (void) + icmap_set_ro_access("runtime.totem.", CS_TRUE, CS_TRUE); + icmap_set_ro_access("runtime.services.", CS_TRUE, CS_TRUE); + icmap_set_ro_access("runtime.config.", CS_TRUE, CS_TRUE); ++ icmap_set_ro_access("uidgid.config.", CS_TRUE, CS_TRUE); + + /* + * Set RO flag for constrete keys of configuration which can't be changed +diff --git a/man/cmap_keys.8 b/man/cmap_keys.8 +index a17147a..7517788 100644 +--- a/man/cmap_keys.8 ++++ b/man/cmap_keys.8 +@@ -275,7 +275,9 @@ State of the client. Can be one of failed, stopped, running and waiting for quor + .TP + uidgid.* + Information about users/groups which are allowed to make IPC connections to +-corosync. ++corosync. Entries loaded from configuration file are stored with ++uidgid.config.* prefix and are pruned on configuration file reload. Dynamic ++entries has uidgid.* prefix and a configuration file reload doesn't affect them. + + .TP + quorum.cancel_wait_for_all +-- +1.7.1 +