import booth-1.0-251.3.bfb2f92.git.el9_0.1

This commit is contained in:
CentOS Sources 2022-09-20 07:42:07 -04:00 committed by Stepan Oksanichenko
parent a58e7d7173
commit bf4b0d5eee
3 changed files with 155 additions and 5 deletions

View File

@ -0,0 +1,30 @@
From 35bf0b7b048d715f671eb68974fb6b4af6528c67 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Mon, 4 Jul 2022 09:39:47 +0200
Subject: [PATCH] Revert "Refactor: main: substitute is_auth_req macro"
This reverts commit da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c.
authfile != authkey
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
src/main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/main.c b/src/main.c
index b50a883..b4a174f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -364,7 +364,7 @@ static int setup_config(int type)
if (rv < 0)
goto out;
- if (is_auth_req()) {
+ if (booth_conf->authfile[0] != '\0') {
rv = read_authkey();
if (rv < 0)
goto out;
--
2.37.1

View File

@ -0,0 +1,106 @@
From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001
From: Jan Friesse <jfriesse@redhat.com>
Date: Tue, 26 Jul 2022 18:39:38 +0200
Subject: [PATCH] config: Add enable-authfile option
This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.
Default is 'no'.
Booth usage of authfile was broken for long time (since commit
da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).
Pcs was adding authfile by default, but it was not used. Once booth bug
was fixed problem appears because mixed clusters (with fixed version and
without fixed one) stops working.
This non-upstream option is added and used to allow use of
authfile without breaking compatibility for clusters
consisting of mixed versions (usually happens before all nodes are
updated) of booth (user have to explicitly
enable usage of authfile).
This patch is transitional and will be removed in future major version of
distribution.
Signed-off-by: Jan Friesse <jfriesse@redhat.com>
---
docs/boothd.8.txt | 7 +++++++
src/config.c | 17 +++++++++++++++++
src/config.h | 1 +
src/main.c | 2 +-
4 files changed, 26 insertions(+), 1 deletion(-)
diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt
index f58f27e..12f66f9 100644
--- a/docs/boothd.8.txt
+++ b/docs/boothd.8.txt
@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.
parameter to a higher value. The time skew test is performed
only in concert with authentication.
+*'enable-authfile'*::
+ Enables (or disables) usage of authfile. Can be 'yes' or 'no'.
+ Default is 'no'.
+ This is non-upstream option used to allow use of authfile without
+ breaking compatibility for clusters consisting of mixed
+ versions of booth.
+
*'site'*::
Defines a site Raft member with the given IP. Sites can
acquire tickets. The sites' IP should be managed by the cluster.
diff --git a/src/config.c b/src/config.c
index 8e41553..b9df3e3 100644
--- a/src/config.c
+++ b/src/config.c
@@ -729,6 +729,23 @@ no_value:
booth_conf->maxtimeskew = atoi(val);
continue;
}
+
+ if (strcmp(key, "enable-authfile") == 0) {
+ if (strcasecmp(val, "yes") == 0 ||
+ strcasecmp(val, "on") == 0 ||
+ strcasecmp(val, "1") == 0) {
+ booth_conf->enable_authfile = 1;
+ } else if (strcasecmp(val, "no") == 0 ||
+ strcasecmp(val, "off") == 0 ||
+ strcasecmp(val, "0") == 0) {
+ booth_conf->enable_authfile = 0;
+ } else {
+ error = "Expected yes/no value for enable-authfile";
+ goto err;
+ }
+
+ continue;
+ }
#endif
if (strcmp(key, "site") == 0) {
diff --git a/src/config.h b/src/config.h
index bca73bc..da1e917 100644
--- a/src/config.h
+++ b/src/config.h
@@ -297,6 +297,7 @@ struct booth_config {
struct stat authstat;
char authkey[BOOTH_MAX_KEY_LEN];
int authkey_len;
+ int enable_authfile;
/** Maximum time skew between peers allowed */
int maxtimeskew;
diff --git a/src/main.c b/src/main.c
index b4a174f..0fdb295 100644
--- a/src/main.c
+++ b/src/main.c
@@ -364,7 +364,7 @@ static int setup_config(int type)
if (rv < 0)
goto out;
- if (booth_conf->authfile[0] != '\0') {
+ if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {
rv = read_authkey();
if (rv < 0)
goto out;
--
2.37.1

View File

@ -31,7 +31,7 @@
%global git_describe_str v1.0-251-gbfb2f924c07db823f5c934d1aafbc5181bb25148
# Set this to 1 when rebasing (changing git_describe_str) and increase otherwise
%global release 2
%global release 3
# Run shell script to parse git_describe str into version, numcomm and sha1 hash
%global booth_ver %(s=%{git_describe_str}; vver=${s%%%%-*}; echo ${vver:1})
@ -57,11 +57,13 @@
Name: booth
Version: %{booth_ver}
Release: %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}
Release: %{booth_numcomm}.%{release}.%{booth_short_sha1}.git%{?dist}.1
Summary: Ticket Manager for Multi-site Clusters
License: GPLv2+
Url: https://github.com/%{github_owner}/%{name}
Source0: https://github.com/%{github_owner}/%{name}/archive/%{booth_short_sha1}/%{booth_archive_name}.tar.gz
Patch0: bz2113970-1-Revert-Refactor-main-substitute-is_auth_req-macro.patch
Patch1: bz2113970-2-config-Add-enable-authfile-option.patch
# direct build process dependencies
BuildRequires: autoconf
@ -144,13 +146,13 @@ Support for running Booth, ticket manager for multi-site clusters,
as an arbitrator.
%post arbitrator
%systemd_post booth@.service booth-arbitrator.service
%systemd_post booth-arbitrator.service
%preun arbitrator
%systemd_preun booth@.service booth-arbitrator.service
%systemd_preun booth-arbitrator.service
%postun arbitrator
%systemd_postun_with_restart booth@.service booth-arbitrator.service
%systemd_postun_with_restart booth-arbitrator.service
%package site
Summary: Booth support for running as a full-fledged site
@ -310,6 +312,18 @@ VERBOSE=1 make check
%{_usr}/lib/ocf/resource.d/booth/sharedrsc
%changelog
* Tue Aug 09 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.3.bfb2f92.git.1
- Related: rhbz#2113970
- Remove template unit from systemd_(post|preun|postun_with_restart) macro
* Thu Aug 04 2022 Jan Friesse <jfriesse@redhat.com> - 1.0-251.2.bfb2f92.git.1
- Resolves: rhbz#2113970
- Fix authfile directive handling in booth config file
(fixes CVE-2022-2553)
- Add enable-authfile option
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.0-251.2.bfb2f92.git
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688