File bug-1042054_pacemaker-broadcasts-of-cib-changes... of Package pacemaker

Overview Repositories Revisions Requests Users Attributes Meta

File bug-1042054_pacemaker-broadcasts-of-cib-changes-should-always-pass-acls-check.patch of Package pacemaker

From 643c352f82351d5a4d4e9b3d55377e51ae08a0d0 Mon Sep 17 00:00:00 2001
From: "Gao,Yan" <ygao@suse.com>
Date: Thu, 8 Jun 2017 16:34:24 +0200
Subject: [PATCH] Fix: cib: Broadcasts of cib changes should always pass ACLs
 check

Previously in cib legacy mode, if a cib change was requested by an
unprivileged user that had limited permissions to the cib, after it got
accepted by the master cib daemon, the broadcast of the cib change would
get denied by the ACLs check of the slave cib daemons since the user
didn't have the permission to write the additional bits from the
broadcast such as the cib properties like "epoch", "num_updates" and so
on.

Technically, the broadcast of a cib change is issued by the master cib
daemon as CRM_DAEMON_USER instead of the user that originally requested
the change. The broadcast should always pass the ACLs check when it's
processed by the slave cib daemons.

This commit fixes the issue by overwriting any existing F_CIB_USER field
in a broadcast with the privileged user CRM_DAEMON_USER.
---
 cib/callbacks.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cib/callbacks.c b/cib/callbacks.c
index 3d13635eb1..4708f10364 100644
--- a/cib/callbacks.c
+++ b/cib/callbacks.c
@@ -893,6 +893,7 @@ send_peer_reply(xmlNode * msg, xmlNode * result_diff, const char *originator, gb
         crm_xml_add(msg, F_CIB_ISREPLY, originator);
         crm_xml_add(msg, F_CIB_GLOBAL_UPDATE, XML_BOOLEAN_TRUE);
         crm_xml_add(msg, F_CIB_OPERATION, CIB_OP_APPLY_DIFF);
+        crm_xml_add(msg, F_CIB_USER, CRM_DAEMON_USER);
 
         if (format == 1) {
             CRM_ASSERT(digest != NULL);

Places

File bug-1042054_pacemaker-broadcasts-of-cib-changes-should-always-pass-acls-check.patch of Package pacemaker

Places