Compare commits
3 commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
f202170a5c | ||
|
|
7259b297c7 | ||
|
|
c9229150d4 |
4 changed files with 143 additions and 3 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -26,3 +26,4 @@ corosync-1.2.7.tar.gz
|
|||
/corosync-2.3.3.tar.gz
|
||||
/corosync-2.3.4.tar.gz
|
||||
/corosync-2.3.5.tar.gz
|
||||
/corosync-2.3.6.tar.gz
|
||||
|
|
|
|||
129
Config-Flag-config-uidgid-entries.patch
Normal file
129
Config-Flag-config-uidgid-entries.patch
Normal file
|
|
@ -0,0 +1,129 @@
|
|||
From f837f95dfe96d60f2367e900efd4def7a07b2a89 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Friesse <jfriesse@redhat.com>
|
||||
Date: Wed, 3 Aug 2016 16:51:51 +0200
|
||||
Subject: [PATCH] Config: Flag config uidgid entries
|
||||
|
||||
Uidgid entries parsed from configuration files now has prefix
|
||||
(uidgid.config.) so they are distinguishable from dynamically added
|
||||
entries. Entries added from config file are pruned on reload if no
|
||||
longer exists in config file (dynamic one stays unaffected). Also whole
|
||||
uidgid.config. prefix is made read only.
|
||||
|
||||
This make PCMK work again after configuration reload is called.
|
||||
|
||||
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
|
||||
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>
|
||||
---
|
||||
exec/cfg.c | 2 +-
|
||||
exec/coroparse.c | 8 ++++----
|
||||
exec/ipc_glue.c | 8 ++++++++
|
||||
exec/main.c | 1 +
|
||||
man/cmap_keys.8 | 4 +++-
|
||||
5 files changed, 17 insertions(+), 6 deletions(-)
|
||||
|
||||
diff --git a/exec/cfg.c b/exec/cfg.c
|
||||
index 87e49c4..4e62d73 100644
|
||||
--- a/exec/cfg.c
|
||||
+++ b/exec/cfg.c
|
||||
@@ -703,7 +703,7 @@ static void message_handler_req_exec_cfg_reload_config (
|
||||
remove_deleted_entries(temp_map, "totem.");
|
||||
remove_deleted_entries(temp_map, "nodelist.");
|
||||
remove_deleted_entries(temp_map, "quorum.");
|
||||
- remove_deleted_entries(temp_map, "uidgid.");
|
||||
+ remove_deleted_entries(temp_map, "uidgid.config.");
|
||||
|
||||
/* Remove entries that cannot be changed */
|
||||
remove_ro_entries(temp_map);
|
||||
diff --git a/exec/coroparse.c b/exec/coroparse.c
|
||||
index 4c1fea9..374ed7d 100644
|
||||
--- a/exec/coroparse.c
|
||||
+++ b/exec/coroparse.c
|
||||
@@ -794,7 +794,7 @@ static int main_config_parser_cb(const char *path,
|
||||
*error_string = error_string_response;
|
||||
return (0);
|
||||
}
|
||||
- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u",
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u",
|
||||
uid);
|
||||
icmap_set_uint8_r(config_map, key_name, 1);
|
||||
add_as_string = 0;
|
||||
@@ -804,7 +804,7 @@ static int main_config_parser_cb(const char *path,
|
||||
*error_string = error_string_response;
|
||||
return (0);
|
||||
}
|
||||
- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u",
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u",
|
||||
gid);
|
||||
icmap_set_uint8_r(config_map, key_name, 1);
|
||||
add_as_string = 0;
|
||||
@@ -1203,7 +1203,7 @@ static int uidgid_config_parser_cb(const char *path,
|
||||
*error_string = error_string_response;
|
||||
return (0);
|
||||
}
|
||||
- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u",
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u",
|
||||
uid);
|
||||
icmap_set_uint8_r(config_map, key_name, 1);
|
||||
} else if (strcmp(path, "uidgid.gid") == 0) {
|
||||
@@ -1212,7 +1212,7 @@ static int uidgid_config_parser_cb(const char *path,
|
||||
*error_string = error_string_response;
|
||||
return (0);
|
||||
}
|
||||
- snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u",
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u",
|
||||
gid);
|
||||
icmap_set_uint8_r(config_map, key_name, 1);
|
||||
} else {
|
||||
diff --git a/exec/ipc_glue.c b/exec/ipc_glue.c
|
||||
index 79ee4df..c8cbbf8 100644
|
||||
--- a/exec/ipc_glue.c
|
||||
+++ b/exec/ipc_glue.c
|
||||
@@ -194,10 +194,18 @@ static int32_t cs_ipcs_connection_accept (qb_ipcs_connection_t *c, uid_t euid, g
|
||||
if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1)
|
||||
return 0;
|
||||
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", euid);
|
||||
+ if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1)
|
||||
+ return 0;
|
||||
+
|
||||
snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", egid);
|
||||
if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1)
|
||||
return 0;
|
||||
|
||||
+ snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", egid);
|
||||
+ if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1)
|
||||
+ return 0;
|
||||
+
|
||||
log_printf(LOGSYS_LEVEL_ERROR, "Denied connection attempt from %d:%d", euid, egid);
|
||||
|
||||
return -EACCES;
|
||||
diff --git a/exec/main.c b/exec/main.c
|
||||
index 54df1b6..82fb808 100644
|
||||
--- a/exec/main.c
|
||||
+++ b/exec/main.c
|
||||
@@ -1011,6 +1011,7 @@ static void set_icmap_ro_keys_flag (void)
|
||||
icmap_set_ro_access("runtime.totem.", CS_TRUE, CS_TRUE);
|
||||
icmap_set_ro_access("runtime.services.", CS_TRUE, CS_TRUE);
|
||||
icmap_set_ro_access("runtime.config.", CS_TRUE, CS_TRUE);
|
||||
+ icmap_set_ro_access("uidgid.config.", CS_TRUE, CS_TRUE);
|
||||
|
||||
/*
|
||||
* Set RO flag for constrete keys of configuration which can't be changed
|
||||
diff --git a/man/cmap_keys.8 b/man/cmap_keys.8
|
||||
index a17147a..7517788 100644
|
||||
--- a/man/cmap_keys.8
|
||||
+++ b/man/cmap_keys.8
|
||||
@@ -275,7 +275,9 @@ State of the client. Can be one of failed, stopped, running and waiting for quor
|
||||
.TP
|
||||
uidgid.*
|
||||
Information about users/groups which are allowed to make IPC connections to
|
||||
-corosync.
|
||||
+corosync. Entries loaded from configuration file are stored with
|
||||
+uidgid.config.* prefix and are pruned on configuration file reload. Dynamic
|
||||
+entries has uidgid.* prefix and a configuration file reload doesn't affect them.
|
||||
|
||||
.TP
|
||||
quorum.cancel_wait_for_all
|
||||
--
|
||||
1.7.1
|
||||
|
||||
|
|
@ -20,13 +20,15 @@
|
|||
|
||||
Name: corosync
|
||||
Summary: The Corosync Cluster Engine and Application Programming Interfaces
|
||||
Version: 2.3.5
|
||||
Release: 1%{?gitver}%{?dist}
|
||||
Version: 2.3.6
|
||||
Release: 2%{?gitver}%{?dist}
|
||||
License: BSD
|
||||
Group: System Environment/Base
|
||||
URL: http://corosync.github.io/corosync/
|
||||
Source0: http://build.clusterlabs.org/corosync/releases/%{name}-%{version}%{?gittarver}.tar.gz
|
||||
|
||||
Patch0: Config-Flag-config-uidgid-entries.patch
|
||||
|
||||
%if 0%{?rhel}
|
||||
ExclusiveArch: i686 x86_64
|
||||
%endif
|
||||
|
|
@ -74,6 +76,7 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
|
|||
|
||||
%prep
|
||||
%setup -q -n %{name}-%{version}%{?gittarver}
|
||||
%patch0 -p1 -b .flag-config-uidgid-entries
|
||||
|
||||
%build
|
||||
%if %{with runautogen}
|
||||
|
|
@ -337,6 +340,13 @@ The Corosync Cluster Engine APIs.
|
|||
%{_mandir}/man8/quorum_overview.8*
|
||||
|
||||
%changelog
|
||||
* Thu Aug 04 2016 Jan Friesse <jfriesse@redhat.com> 2.3.6-2
|
||||
- Config: Flag config uidgid entries
|
||||
- merge upstream commit f837f95dfe96d60f2367e900efd4def7a07b2a89
|
||||
|
||||
* Thu Jun 16 2016 Jan Friesse <jfriesse@redhat.com> - 2.3.6-1
|
||||
- New upstream release
|
||||
|
||||
* Wed Jul 01 2015 Jan Friesse <jfriesse@redhat.com> - 2.3.5-1
|
||||
- New upstream release
|
||||
|
||||
|
|
|
|||
2
sources
2
sources
|
|
@ -1 +1 @@
|
|||
8894f00d499e0755467b381e6346f9ff corosync-2.3.5.tar.gz
|
||||
ea1e0421d474017d9ef3d6b741b7aaad corosync-2.3.6.tar.gz
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue