Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE
pacemaker.8750
bug-1042054_pacemaker-cib-broadcast-pass-acl.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File bug-1042054_pacemaker-cib-broadcast-pass-acl.patch of Package pacemaker.8750
commit 643c352f82351d5a4d4e9b3d55377e51ae08a0d0 Author: Gao,Yan <ygao@suse.com> Date: Thu Jun 8 16:34:24 2017 +0200 Fix: cib: Broadcasts of cib changes should always pass ACLs check Previously in cib legacy mode, if a cib change was requested by an unprivileged user that had limited permissions to the cib, after it got accepted by the master cib daemon, the broadcast of the cib change would get denied by the ACLs check of the slave cib daemons since the user didn't have the permission to write the additional bits from the broadcast such as the cib properties like "epoch", "num_updates" and so on. Technically, the broadcast of a cib change is issued by the master cib daemon as CRM_DAEMON_USER instead of the user that originally requested the change. The broadcast should always pass the ACLs check when it's processed by the slave cib daemons. This commit fixes the issue by overwriting any existing F_CIB_USER field in a broadcast with the privileged user CRM_DAEMON_USER. diff --git a/cib/callbacks.c b/cib/callbacks.c index 3d13635eb..4708f1036 100644 --- a/cib/callbacks.c +++ b/cib/callbacks.c @@ -893,6 +893,7 @@ send_peer_reply(xmlNode * msg, xmlNode * result_diff, const char *originator, gb crm_xml_add(msg, F_CIB_ISREPLY, originator); crm_xml_add(msg, F_CIB_GLOBAL_UPDATE, XML_BOOLEAN_TRUE); crm_xml_add(msg, F_CIB_OPERATION, CIB_OP_APPLY_DIFF); + crm_xml_add(msg, F_CIB_USER, CRM_DAEMON_USER); if (format == 1) { CRM_ASSERT(digest != NULL);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor