Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
corosync.7417
Config-Flag-config-uidgid-entries.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File Config-Flag-config-uidgid-entries.patch of Package corosync.7417
commit f837f95dfe96d60f2367e900efd4def7a07b2a89 Author: Jan Friesse <jfriesse@redhat.com> Date: Wed Aug 3 16:51:51 2016 +0200 Config: Flag config uidgid entries Uidgid entries parsed from configuration files now has prefix (uidgid.config.) so they are distinguishable from dynamically added entries. Entries added from config file are pruned on reload if no longer exists in config file (dynamic one stays unaffected). Also whole uidgid.config. prefix is made read only. This make PCMK work again after configuration reload is called. Signed-off-by: Jan Friesse <jfriesse@redhat.com> Reviewed-by: Christine Caulfield <ccaulfie@redhat.com> diff --git a/exec/cfg.c b/exec/cfg.c index 87e49c4..4e62d73 100644 --- a/exec/cfg.c +++ b/exec/cfg.c @@ -703,7 +703,7 @@ static void message_handler_req_exec_cfg_reload_config ( remove_deleted_entries(temp_map, "totem."); remove_deleted_entries(temp_map, "nodelist."); remove_deleted_entries(temp_map, "quorum."); - remove_deleted_entries(temp_map, "uidgid."); + remove_deleted_entries(temp_map, "uidgid.config."); /* Remove entries that cannot be changed */ remove_ro_entries(temp_map); diff --git a/exec/coroparse.c b/exec/coroparse.c index 4c1fea9..374ed7d 100644 --- a/exec/coroparse.c +++ b/exec/coroparse.c @@ -794,7 +794,7 @@ static int main_config_parser_cb(const char *path, *error_string = error_string_response; return (0); } - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u", + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", uid); icmap_set_uint8_r(config_map, key_name, 1); add_as_string = 0; @@ -804,7 +804,7 @@ static int main_config_parser_cb(const char *path, *error_string = error_string_response; return (0); } - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", gid); icmap_set_uint8_r(config_map, key_name, 1); add_as_string = 0; @@ -1203,7 +1203,7 @@ static int uidgid_config_parser_cb(const char *path, *error_string = error_string_response; return (0); } - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.uid.%u", + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", uid); icmap_set_uint8_r(config_map, key_name, 1); } else if (strcmp(path, "uidgid.gid") == 0) { @@ -1212,7 +1212,7 @@ static int uidgid_config_parser_cb(const char *path, *error_string = error_string_response; return (0); } - snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", gid); icmap_set_uint8_r(config_map, key_name, 1); } else { diff --git a/exec/ipc_glue.c b/exec/ipc_glue.c index 79ee4df..c8cbbf8 100644 --- a/exec/ipc_glue.c +++ b/exec/ipc_glue.c @@ -194,10 +194,18 @@ static int32_t cs_ipcs_connection_accept (qb_ipcs_connection_t *c, uid_t euid, g if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) return 0; + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.uid.%u", euid); + if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) + return 0; + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.gid.%u", egid); if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) return 0; + snprintf(key_name, ICMAP_KEYNAME_MAXLEN, "uidgid.config.gid.%u", egid); + if (icmap_get_uint8(key_name, &u8) == CS_OK && u8 == 1) + return 0; + log_printf(LOGSYS_LEVEL_ERROR, "Denied connection attempt from %d:%d", euid, egid); return -EACCES; diff --git a/exec/main.c b/exec/main.c index 54df1b6..82fb808 100644 --- a/exec/main.c +++ b/exec/main.c @@ -1011,6 +1011,7 @@ static void set_icmap_ro_keys_flag (void) icmap_set_ro_access("runtime.totem.", CS_TRUE, CS_TRUE); icmap_set_ro_access("runtime.services.", CS_TRUE, CS_TRUE); icmap_set_ro_access("runtime.config.", CS_TRUE, CS_TRUE); + icmap_set_ro_access("uidgid.config.", CS_TRUE, CS_TRUE); /* * Set RO flag for constrete keys of configuration which can't be changed diff --git a/man/cmap_keys.8 b/man/cmap_keys.8 index a17147a..7517788 100644 --- a/man/cmap_keys.8 +++ b/man/cmap_keys.8 @@ -275,7 +275,9 @@ State of the client. Can be one of failed, stopped, running and waiting for quor .TP uidgid.* Information about users/groups which are allowed to make IPC connections to -corosync. +corosync. Entries loaded from configuration file are stored with +uidgid.config.* prefix and are pruned on configuration file reload. Dynamic +entries has uidgid.* prefix and a configuration file reload doesn't affect them. .TP quorum.cancel_wait_for_all
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor