import pacemaker-2.1.4-3.el8
This commit is contained in:
parent
e006306735
commit
e9c1665a44
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,2 +1,2 @@
|
|||||||
SOURCES/nagios-agents-metadata-105ab8a.tar.gz
|
SOURCES/nagios-agents-metadata-105ab8a.tar.gz
|
||||||
SOURCES/pacemaker-da2fd79.tar.gz
|
SOURCES/pacemaker-dc6eb43.tar.gz
|
||||||
|
@ -1,2 +1,2 @@
|
|||||||
ea6c0a27fd0ae8ce02f84a11f08a0d79377041c3 SOURCES/nagios-agents-metadata-105ab8a.tar.gz
|
ea6c0a27fd0ae8ce02f84a11f08a0d79377041c3 SOURCES/nagios-agents-metadata-105ab8a.tar.gz
|
||||||
34d71c1082290bf00bb7965c173f51aa243522d2 SOURCES/pacemaker-da2fd79.tar.gz
|
1dfac4c5f1958ce5f72bfcbb2a34890ab058c84c SOURCES/pacemaker-dc6eb43.tar.gz
|
||||||
|
127
SOURCES/001-stonith-enabled.patch
Normal file
127
SOURCES/001-stonith-enabled.patch
Normal file
@ -0,0 +1,127 @@
|
|||||||
|
From 243139b2ec0f6b17877a4e7f651fc3f70f76b11a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christine Caulfield <ccaulfie@redhat.com>
|
||||||
|
Date: Fri, 6 May 2022 15:23:43 +0100
|
||||||
|
Subject: [PATCH 1/2] fenced: Don't ignore CIB updates if stonith-enabled=false
|
||||||
|
|
||||||
|
Fixes: T378
|
||||||
|
---
|
||||||
|
daemons/fenced/pacemaker-fenced.c | 23 +++--------------------
|
||||||
|
1 file changed, 3 insertions(+), 20 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c
|
||||||
|
index caab7de83..dadd187b6 100644
|
||||||
|
--- a/daemons/fenced/pacemaker-fenced.c
|
||||||
|
+++ b/daemons/fenced/pacemaker-fenced.c
|
||||||
|
@@ -1136,11 +1136,8 @@ static void
|
||||||
|
update_cib_cache_cb(const char *event, xmlNode * msg)
|
||||||
|
{
|
||||||
|
int rc = pcmk_ok;
|
||||||
|
- xmlNode *stonith_enabled_xml = NULL;
|
||||||
|
- static gboolean stonith_enabled_saved = TRUE;
|
||||||
|
long timeout_ms_saved = stonith_watchdog_timeout_ms;
|
||||||
|
gboolean need_full_refresh = FALSE;
|
||||||
|
- bool value = false;
|
||||||
|
|
||||||
|
if(!have_cib_devices) {
|
||||||
|
crm_trace("Skipping updates until we get a full dump");
|
||||||
|
@@ -1191,32 +1188,18 @@ update_cib_cache_cb(const char *event, xmlNode * msg)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
CRM_ASSERT(local_cib != NULL);
|
||||||
|
- stonith_enabled_saved = FALSE; /* Trigger a full refresh below */
|
||||||
|
+ need_full_refresh = TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
pcmk__refresh_node_caches_from_cib(local_cib);
|
||||||
|
update_stonith_watchdog_timeout_ms(local_cib);
|
||||||
|
|
||||||
|
- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']",
|
||||||
|
- local_cib, LOG_NEVER);
|
||||||
|
- if (pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &value) == pcmk_rc_ok && !value) {
|
||||||
|
- crm_trace("Ignoring CIB updates while fencing is disabled");
|
||||||
|
- stonith_enabled_saved = FALSE;
|
||||||
|
-
|
||||||
|
- } else if (stonith_enabled_saved == FALSE) {
|
||||||
|
- crm_info("Updating fencing device and topology lists "
|
||||||
|
- "now that fencing is enabled");
|
||||||
|
- stonith_enabled_saved = TRUE;
|
||||||
|
- need_full_refresh = TRUE;
|
||||||
|
-
|
||||||
|
- } else {
|
||||||
|
- if (timeout_ms_saved != stonith_watchdog_timeout_ms) {
|
||||||
|
+ if (timeout_ms_saved != stonith_watchdog_timeout_ms) {
|
||||||
|
need_full_refresh = TRUE;
|
||||||
|
- } else {
|
||||||
|
+ } else {
|
||||||
|
update_fencing_topology(event, msg);
|
||||||
|
update_cib_stonith_devices(event, msg);
|
||||||
|
watchdog_device_update();
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
|
||||||
|
if (need_full_refresh) {
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
|
||||||
|
From c600ef49022e7473acbe121fae50a0c1aa2d7c03 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Christine Caulfield <ccaulfie@redhat.com>
|
||||||
|
Date: Thu, 9 Jun 2022 11:08:43 +0100
|
||||||
|
Subject: [PATCH 2/2] Also don't check for stonith-disabled in
|
||||||
|
update_stonith_watchdog_timeout_ms
|
||||||
|
|
||||||
|
---
|
||||||
|
daemons/fenced/pacemaker-fenced.c | 34 +++++++++++--------------------
|
||||||
|
1 file changed, 12 insertions(+), 22 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/daemons/fenced/pacemaker-fenced.c b/daemons/fenced/pacemaker-fenced.c
|
||||||
|
index dadd187b6..ec42d5bc2 100644
|
||||||
|
--- a/daemons/fenced/pacemaker-fenced.c
|
||||||
|
+++ b/daemons/fenced/pacemaker-fenced.c
|
||||||
|
@@ -643,31 +643,21 @@ watchdog_device_update(void)
|
||||||
|
static void
|
||||||
|
update_stonith_watchdog_timeout_ms(xmlNode *cib)
|
||||||
|
{
|
||||||
|
- xmlNode *stonith_enabled_xml = NULL;
|
||||||
|
- bool stonith_enabled = false;
|
||||||
|
- int rc = pcmk_rc_ok;
|
||||||
|
long timeout_ms = 0;
|
||||||
|
+ xmlNode *stonith_watchdog_xml = NULL;
|
||||||
|
+ const char *value = NULL;
|
||||||
|
|
||||||
|
- stonith_enabled_xml = get_xpath_object("//nvpair[@name='stonith-enabled']",
|
||||||
|
- cib, LOG_NEVER);
|
||||||
|
- rc = pcmk__xe_get_bool_attr(stonith_enabled_xml, XML_NVPAIR_ATTR_VALUE, &stonith_enabled);
|
||||||
|
-
|
||||||
|
- if (rc != pcmk_rc_ok || stonith_enabled) {
|
||||||
|
- xmlNode *stonith_watchdog_xml = NULL;
|
||||||
|
- const char *value = NULL;
|
||||||
|
-
|
||||||
|
- stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']",
|
||||||
|
- cib, LOG_NEVER);
|
||||||
|
- if (stonith_watchdog_xml) {
|
||||||
|
- value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE);
|
||||||
|
- }
|
||||||
|
- if (value) {
|
||||||
|
- timeout_ms = crm_get_msec(value);
|
||||||
|
- }
|
||||||
|
+ stonith_watchdog_xml = get_xpath_object("//nvpair[@name='stonith-watchdog-timeout']",
|
||||||
|
+ cib, LOG_NEVER);
|
||||||
|
+ if (stonith_watchdog_xml) {
|
||||||
|
+ value = crm_element_value(stonith_watchdog_xml, XML_NVPAIR_ATTR_VALUE);
|
||||||
|
+ }
|
||||||
|
+ if (value) {
|
||||||
|
+ timeout_ms = crm_get_msec(value);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
- if (timeout_ms < 0) {
|
||||||
|
- timeout_ms = pcmk__auto_watchdog_timeout();
|
||||||
|
- }
|
||||||
|
+ if (timeout_ms < 0) {
|
||||||
|
+ timeout_ms = pcmk__auto_watchdog_timeout();
|
||||||
|
}
|
||||||
|
|
||||||
|
stonith_watchdog_timeout_ms = timeout_ms;
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
425
SOURCES/002-acl_group.patch
Normal file
425
SOURCES/002-acl_group.patch
Normal file
@ -0,0 +1,425 @@
|
|||||||
|
From 80c64be80f2bffdcf5d2432e1e59d633fd68d516 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Grace Chin <gchin@redhat.com>
|
||||||
|
Date: Mon, 13 Jun 2022 09:02:32 -0400
|
||||||
|
Subject: [PATCH 1/4] Add pcmk__is_user_in_group()
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/common/crmcommon_private.h | 3 +++
|
||||||
|
lib/common/utils.c | 33 +++++++++++++++++++++++++++++++++
|
||||||
|
2 files changed, 36 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/common/crmcommon_private.h b/lib/common/crmcommon_private.h
|
||||||
|
index 6b7be9c68..c2fcb0adf 100644
|
||||||
|
--- a/lib/common/crmcommon_private.h
|
||||||
|
+++ b/lib/common/crmcommon_private.h
|
||||||
|
@@ -96,6 +96,9 @@ void pcmk__free_acls(GList *acls);
|
||||||
|
G_GNUC_INTERNAL
|
||||||
|
void pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user);
|
||||||
|
|
||||||
|
+G_GNUC_INTERNAL
|
||||||
|
+bool pcmk__is_user_in_group(const char *user, const char *group);
|
||||||
|
+
|
||||||
|
G_GNUC_INTERNAL
|
||||||
|
void pcmk__apply_acl(xmlNode *xml);
|
||||||
|
|
||||||
|
diff --git a/lib/common/utils.c b/lib/common/utils.c
|
||||||
|
index 2dfbef278..f23583acb 100644
|
||||||
|
--- a/lib/common/utils.c
|
||||||
|
+++ b/lib/common/utils.c
|
||||||
|
@@ -27,6 +27,7 @@
|
||||||
|
#include <time.h>
|
||||||
|
#include <libgen.h>
|
||||||
|
#include <signal.h>
|
||||||
|
+#include <grp.h>
|
||||||
|
|
||||||
|
#include <qb/qbdefs.h>
|
||||||
|
|
||||||
|
@@ -53,6 +54,38 @@ gboolean crm_config_error = FALSE;
|
||||||
|
gboolean crm_config_warning = FALSE;
|
||||||
|
char *crm_system_name = NULL;
|
||||||
|
|
||||||
|
+bool
|
||||||
|
+pcmk__is_user_in_group(const char *user, const char *group)
|
||||||
|
+{
|
||||||
|
+ struct group *grent;
|
||||||
|
+ char **gr_mem;
|
||||||
|
+
|
||||||
|
+ if (user == NULL || group == NULL) {
|
||||||
|
+ return false;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ setgrent();
|
||||||
|
+ while ((grent = getgrent()) != NULL) {
|
||||||
|
+ if (grent->gr_mem == NULL) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if(strcmp(group, grent->gr_name) != 0) {
|
||||||
|
+ continue;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ gr_mem = grent->gr_mem;
|
||||||
|
+ while (*gr_mem != NULL) {
|
||||||
|
+ if (!strcmp(user, *gr_mem++)) {
|
||||||
|
+ endgrent();
|
||||||
|
+ return true;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ endgrent();
|
||||||
|
+ return false;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
int
|
||||||
|
crm_user_lookup(const char *name, uid_t * uid, gid_t * gid)
|
||||||
|
{
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
|
||||||
|
From 5fbe5c310de00390fb36d866823a7745ba4812e3 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Grace Chin <gchin@redhat.com>
|
||||||
|
Date: Mon, 13 Jun 2022 09:04:57 -0400
|
||||||
|
Subject: [PATCH 2/4] Add unit test for pcmk__is_user_in_group()
|
||||||
|
|
||||||
|
---
|
||||||
|
lib/common/Makefile.am | 2 +-
|
||||||
|
lib/common/mock.c | 31 +++++--
|
||||||
|
lib/common/mock_private.h | 11 +++
|
||||||
|
lib/common/tests/acl/Makefile.am | 11 ++-
|
||||||
|
.../tests/acl/pcmk__is_user_in_group_test.c | 92 +++++++++++++++++++
|
||||||
|
5 files changed, 137 insertions(+), 10 deletions(-)
|
||||||
|
create mode 100644 lib/common/tests/acl/pcmk__is_user_in_group_test.c
|
||||||
|
|
||||||
|
diff --git a/lib/common/Makefile.am b/lib/common/Makefile.am
|
||||||
|
index d7aae53bf..04d56dc3c 100644
|
||||||
|
--- a/lib/common/Makefile.am
|
||||||
|
+++ b/lib/common/Makefile.am
|
||||||
|
@@ -94,7 +94,7 @@ libcrmcommon_la_SOURCES += watchdog.c
|
||||||
|
libcrmcommon_la_SOURCES += xml.c
|
||||||
|
libcrmcommon_la_SOURCES += xpath.c
|
||||||
|
|
||||||
|
-WRAPPED = calloc getenv getpwnam_r uname
|
||||||
|
+WRAPPED = calloc getenv getpwnam_r uname setgrent getgrent endgrent
|
||||||
|
WRAPPED_FLAGS = $(foreach fn,$(WRAPPED),-Wl,--wrap=$(fn))
|
||||||
|
|
||||||
|
libcrmcommon_test_la_SOURCES = $(libcrmcommon_la_SOURCES)
|
||||||
|
diff --git a/lib/common/mock.c b/lib/common/mock.c
|
||||||
|
index 55812ddbc..fa9431e6d 100644
|
||||||
|
--- a/lib/common/mock.c
|
||||||
|
+++ b/lib/common/mock.c
|
||||||
|
@@ -11,6 +11,7 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/utsname.h>
|
||||||
|
+#include <grp.h>
|
||||||
|
|
||||||
|
#include "mock_private.h"
|
||||||
|
|
||||||
|
@@ -18,13 +19,13 @@
|
||||||
|
* libcrmcommon_test.a, not into libcrmcommon.so. It is used to support
|
||||||
|
* constructing mock versions of library functions for unit testing.
|
||||||
|
*
|
||||||
|
- * Each unit test will only ever want to use a mocked version of one or two
|
||||||
|
- * library functions. However, we need to mark all the mocked functions as
|
||||||
|
- * wrapped (with -Wl,--wrap= in the LDFLAGS) in libcrmcommon_test.a so that
|
||||||
|
- * all those unit tests can share the same special test library. The unit
|
||||||
|
- * test then defines its own wrapped function. Because a unit test won't
|
||||||
|
- * define every single wrapped function, there will be undefined references
|
||||||
|
- * at link time.
|
||||||
|
+ * Each unit test will only ever want to use a mocked version of a few
|
||||||
|
+ * library functions (i.e. not all of them). However, we need to mark all
|
||||||
|
+ * the mocked functions as wrapped (with -Wl,--wrap= in the LDFLAGS) in
|
||||||
|
+ * libcrmcommon_test.a so that all those unit tests can share the same
|
||||||
|
+ * special test library. The unit test then defines its own wrapped
|
||||||
|
+ * function. Because a unit test won't define every single wrapped
|
||||||
|
+ * function, there will be undefined references at link time.
|
||||||
|
*
|
||||||
|
* This file takes care of those undefined references. It defines a
|
||||||
|
* wrapped version of every function that simply calls the real libc
|
||||||
|
@@ -74,3 +75,19 @@ int __attribute__((weak))
|
||||||
|
__wrap_uname(struct utsname *buf) {
|
||||||
|
return __real_uname(buf);
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+void __attribute__((weak))
|
||||||
|
+__wrap_setgrent(void) {
|
||||||
|
+ __real_setgrent();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+struct group * __attribute__((weak))
|
||||||
|
+__wrap_getgrent(void) {
|
||||||
|
+ return __real_getgrent();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void __attribute__((weak))
|
||||||
|
+__wrap_endgrent(void) {
|
||||||
|
+ __real_endgrent();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
diff --git a/lib/common/mock_private.h b/lib/common/mock_private.h
|
||||||
|
index 3df7c9839..0c1134cc3 100644
|
||||||
|
--- a/lib/common/mock_private.h
|
||||||
|
+++ b/lib/common/mock_private.h
|
||||||
|
@@ -14,6 +14,7 @@
|
||||||
|
#include <stdlib.h>
|
||||||
|
#include <sys/types.h>
|
||||||
|
#include <sys/utsname.h>
|
||||||
|
+#include <grp.h>
|
||||||
|
|
||||||
|
/* This header is for the sole use of libcrmcommon_test. */
|
||||||
|
|
||||||
|
@@ -31,4 +32,14 @@ int __wrap_getpwnam_r(const char *name, struct passwd *pwd,
|
||||||
|
int __real_uname(struct utsname *buf);
|
||||||
|
int __wrap_uname(struct utsname *buf);
|
||||||
|
|
||||||
|
+void __real_setgrent(void);
|
||||||
|
+void __wrap_setgrent(void);
|
||||||
|
+
|
||||||
|
+struct group *__real_getgrent(void);
|
||||||
|
+struct group *__wrap_getgrent(void);
|
||||||
|
+
|
||||||
|
+void __real_endgrent(void);
|
||||||
|
+void __wrap_endgrent(void);
|
||||||
|
+
|
||||||
|
+
|
||||||
|
#endif // MOCK_PRIVATE__H
|
||||||
|
diff --git a/lib/common/tests/acl/Makefile.am b/lib/common/tests/acl/Makefile.am
|
||||||
|
index 679c9cb8e..a73fc354c 100644
|
||||||
|
--- a/lib/common/tests/acl/Makefile.am
|
||||||
|
+++ b/lib/common/tests/acl/Makefile.am
|
||||||
|
@@ -1,19 +1,26 @@
|
||||||
|
#
|
||||||
|
-# Copyright 2021 the Pacemaker project contributors
|
||||||
|
+# Copyright 2021-2022 the Pacemaker project contributors
|
||||||
|
#
|
||||||
|
# The version control history for this file may have further details.
|
||||||
|
#
|
||||||
|
# This source code is licensed under the GNU General Public License version 2
|
||||||
|
# or later (GPLv2+) WITHOUT ANY WARRANTY.
|
||||||
|
#
|
||||||
|
-AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include
|
||||||
|
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_builddir)/include -I$(top_srcdir)/lib/common
|
||||||
|
LDADD = $(top_builddir)/lib/common/libcrmcommon.la -lcmocka
|
||||||
|
|
||||||
|
+pcmk__is_user_in_group_test_LDADD = $(top_builddir)/lib/common/libcrmcommon_test.la -lcmocka
|
||||||
|
+pcmk__is_user_in_group_test_LDFLAGS = \
|
||||||
|
+ -Wl,--wrap=setgrent \
|
||||||
|
+ -Wl,--wrap=getgrent \
|
||||||
|
+ -Wl,--wrap=endgrent
|
||||||
|
+
|
||||||
|
include $(top_srcdir)/mk/tap.mk
|
||||||
|
|
||||||
|
# Add "_test" to the end of all test program names to simplify .gitignore.
|
||||||
|
|
||||||
|
check_PROGRAMS = \
|
||||||
|
+ pcmk__is_user_in_group_test \
|
||||||
|
pcmk_acl_required_test \
|
||||||
|
xml_acl_denied_test \
|
||||||
|
xml_acl_enabled_test
|
||||||
|
diff --git a/lib/common/tests/acl/pcmk__is_user_in_group_test.c b/lib/common/tests/acl/pcmk__is_user_in_group_test.c
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..67b8c2c7c
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/lib/common/tests/acl/pcmk__is_user_in_group_test.c
|
||||||
|
@@ -0,0 +1,92 @@
|
||||||
|
+/*
|
||||||
|
+ * Copyright 2020-2022 the Pacemaker project contributors
|
||||||
|
+ *
|
||||||
|
+ * The version control history for this file may have further details.
|
||||||
|
+ *
|
||||||
|
+ * This source code is licensed under the GNU Lesser General Public License
|
||||||
|
+ * version 2.1 or later (LGPLv2.1+) WITHOUT ANY WARRANTY.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+#include <crm_internal.h>
|
||||||
|
+#include <crm/common/acl.h>
|
||||||
|
+#include "../../crmcommon_private.h"
|
||||||
|
+
|
||||||
|
+#include "mock_private.h"
|
||||||
|
+
|
||||||
|
+#include <stdarg.h>
|
||||||
|
+#include <stddef.h>
|
||||||
|
+#include <stdint.h>
|
||||||
|
+#include <setjmp.h>
|
||||||
|
+#include <cmocka.h>
|
||||||
|
+
|
||||||
|
+// THe index of the group that is going to be returned next from "get group entry" (getgrent)
|
||||||
|
+static int group_idx = 0;
|
||||||
|
+
|
||||||
|
+// Data used for testing
|
||||||
|
+static const char* grp0_members[] = {
|
||||||
|
+ "user0", "user1", NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char* grp1_members[] = {
|
||||||
|
+ "user1", NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+static const char* grp2_members[] = {
|
||||||
|
+ "user2", "user1", NULL
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+// an array of "groups" (a struct from grp.h), the members of the groups are initalized here to some testing data.
|
||||||
|
+// Casting away the consts to make the compiler happy and simplify initialization.
|
||||||
|
+// We never actually change these variables during the test!
|
||||||
|
+// string literal = const char* (cannot be changed b/c ? ) vs. char* (its getting casted to this)
|
||||||
|
+static const int NUM_GROUPS = 3;
|
||||||
|
+static struct group groups[] = {
|
||||||
|
+ {(char*)"grp0", (char*)"", 0, (char**)grp0_members},
|
||||||
|
+ {(char*)"grp1", (char*)"", 1, (char**)grp1_members},
|
||||||
|
+ {(char*)"grp2", (char*)"", 2, (char**)grp2_members},
|
||||||
|
+};
|
||||||
|
+
|
||||||
|
+// This function resets the group_idx to 0.
|
||||||
|
+void
|
||||||
|
+__wrap_setgrent(void) {
|
||||||
|
+ group_idx = 0;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+// This function returns the next group entry in the list of groups, or
|
||||||
|
+// NULL if there aren't any left.
|
||||||
|
+// group_idx is a global variable which keeps track of where you are in the list
|
||||||
|
+struct group *
|
||||||
|
+__wrap_getgrent(void) {
|
||||||
|
+ if(group_idx >= NUM_GROUPS) return NULL;
|
||||||
|
+ return &groups[group_idx++];
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+void
|
||||||
|
+__wrap_endgrent(void) {
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+is_pcmk__is_user_in_group(void **state)
|
||||||
|
+{
|
||||||
|
+ // null user
|
||||||
|
+ assert_false(pcmk__is_user_in_group(NULL, "grp0"));
|
||||||
|
+ // null group
|
||||||
|
+ assert_false(pcmk__is_user_in_group("user0", NULL));
|
||||||
|
+ // nonexistent group
|
||||||
|
+ assert_false(pcmk__is_user_in_group("user0", "nonexistent_group"));
|
||||||
|
+ // user is in group
|
||||||
|
+ assert_true(pcmk__is_user_in_group("user0", "grp0"));
|
||||||
|
+ // user is not in group
|
||||||
|
+ assert_false(pcmk__is_user_in_group("user2", "grp0"));
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+int
|
||||||
|
+main(int argc, char **argv)
|
||||||
|
+{
|
||||||
|
+ const struct CMUnitTest tests[] = {
|
||||||
|
+ cmocka_unit_test(is_pcmk__is_user_in_group)
|
||||||
|
+ };
|
||||||
|
+
|
||||||
|
+ cmocka_set_message_output(CM_OUTPUT_TAP);
|
||||||
|
+ return cmocka_run_group_tests(tests, NULL, NULL);
|
||||||
|
+}
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
|
||||||
|
From 1bb7fda60f5b8547d7457f20543b7e50089cf06b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Grace Chin <gchin@redhat.com>
|
||||||
|
Date: Mon, 13 Jun 2022 09:17:36 -0400
|
||||||
|
Subject: [PATCH 3/4] Add ACL group support
|
||||||
|
|
||||||
|
closes T61
|
||||||
|
---
|
||||||
|
lib/common/acl.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/lib/common/acl.c b/lib/common/acl.c
|
||||||
|
index f68069bbd..d7f8469b1 100644
|
||||||
|
--- a/lib/common/acl.c
|
||||||
|
+++ b/lib/common/acl.c
|
||||||
|
@@ -320,6 +320,13 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user)
|
||||||
|
crm_debug("Unpacking ACLs for user '%s'", id);
|
||||||
|
p->acls = parse_acl_entry(acls, child, p->acls);
|
||||||
|
}
|
||||||
|
+ } else if (!strcmp(tag, XML_ACL_TAG_GROUP)) {
|
||||||
|
+ const char *id = crm_element_value(child, XML_ATTR_ID);
|
||||||
|
+
|
||||||
|
+ if (id && pcmk__is_user_in_group(user,id)) {
|
||||||
|
+ crm_debug("Unpacking ACLs for group '%s'", id);
|
||||||
|
+ p->acls = parse_acl_entry(acls, child, p->acls);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
|
||||||
|
From f4efd55d9424d34908ba3e2bcffe16c00b2cf660 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Grace Chin <gchin@redhat.com>
|
||||||
|
Date: Mon, 13 Jun 2022 09:20:36 -0400
|
||||||
|
Subject: [PATCH 4/4] Allow acl_target and acl_group elements to take a 'name'
|
||||||
|
attribute to use a name different from 'id'
|
||||||
|
|
||||||
|
closes T60
|
||||||
|
---
|
||||||
|
include/crm/msg_xml.h | 1 +
|
||||||
|
lib/common/acl.c | 21 +++++++++++++++++----
|
||||||
|
2 files changed, 18 insertions(+), 4 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/include/crm/msg_xml.h b/include/crm/msg_xml.h
|
||||||
|
index b36dcf060..6470520b1 100644
|
||||||
|
--- a/include/crm/msg_xml.h
|
||||||
|
+++ b/include/crm/msg_xml.h
|
||||||
|
@@ -133,6 +133,7 @@ extern "C" {
|
||||||
|
# define XML_ATTR_VERSION "version"
|
||||||
|
# define XML_ATTR_DESC "description"
|
||||||
|
# define XML_ATTR_ID "id"
|
||||||
|
+# define XML_ATTR_NAME "name"
|
||||||
|
# define XML_ATTR_IDREF "id-ref"
|
||||||
|
# define XML_ATTR_ID_LONG "long-id"
|
||||||
|
# define XML_ATTR_TYPE "type"
|
||||||
|
diff --git a/lib/common/acl.c b/lib/common/acl.c
|
||||||
|
index d7f8469b1..b9f7472ee 100644
|
||||||
|
--- a/lib/common/acl.c
|
||||||
|
+++ b/lib/common/acl.c
|
||||||
|
@@ -278,8 +278,13 @@ pcmk__apply_acl(xmlNode *xml)
|
||||||
|
|
||||||
|
/*!
|
||||||
|
* \internal
|
||||||
|
- * \brief Unpack ACLs for a given user
|
||||||
|
- *
|
||||||
|
+ * \brief Unpack ACLs for a given user into the
|
||||||
|
+ * metadata of the target XML tree
|
||||||
|
+ *
|
||||||
|
+ * Taking the description of ACLs from the source XML tree and
|
||||||
|
+ * marking up the target XML tree with access information for the
|
||||||
|
+ * given user by tacking it onto the relevant nodes
|
||||||
|
+ *
|
||||||
|
* \param[in] source XML with ACL definitions
|
||||||
|
* \param[in,out] target XML that ACLs will be applied to
|
||||||
|
* \param[in] user Username whose ACLs need to be unpacked
|
||||||
|
@@ -314,14 +319,22 @@ pcmk__unpack_acl(xmlNode *source, xmlNode *target, const char *user)
|
||||||
|
|
||||||
|
if (!strcmp(tag, XML_ACL_TAG_USER)
|
||||||
|
|| !strcmp(tag, XML_ACL_TAG_USERv1)) {
|
||||||
|
- const char *id = crm_element_value(child, XML_ATTR_ID);
|
||||||
|
+ const char *id = crm_element_value(child, XML_ATTR_NAME);
|
||||||
|
+
|
||||||
|
+ if (id == NULL) {
|
||||||
|
+ id = crm_element_value(child, XML_ATTR_ID);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (id && strcmp(id, user) == 0) {
|
||||||
|
crm_debug("Unpacking ACLs for user '%s'", id);
|
||||||
|
p->acls = parse_acl_entry(acls, child, p->acls);
|
||||||
|
}
|
||||||
|
} else if (!strcmp(tag, XML_ACL_TAG_GROUP)) {
|
||||||
|
- const char *id = crm_element_value(child, XML_ATTR_ID);
|
||||||
|
+ const char *id = crm_element_value(child, XML_ATTR_NAME);
|
||||||
|
+
|
||||||
|
+ if (id == NULL) {
|
||||||
|
+ id = crm_element_value(child, XML_ATTR_ID);
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (id && pcmk__is_user_in_group(user,id)) {
|
||||||
|
crm_debug("Unpacking ACLs for group '%s'", id);
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
88
SOURCES/003-regression.patch
Normal file
88
SOURCES/003-regression.patch
Normal file
@ -0,0 +1,88 @@
|
|||||||
|
From 9853f4d05a376062d60f2e4c90938e587992237b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Lumens <clumens@redhat.com>
|
||||||
|
Date: Mon, 27 Jun 2022 12:06:24 -0400
|
||||||
|
Subject: [PATCH 1/2] Fix: tools: Don't output "(null)" in crm_attribute's
|
||||||
|
quiet mode.
|
||||||
|
|
||||||
|
If the attribute queried for has no value, simply do not output
|
||||||
|
anything.
|
||||||
|
|
||||||
|
Regression in 2.1.3 introduced by 8c03553bbf
|
||||||
|
|
||||||
|
Fixes T502
|
||||||
|
See: rhbz#2099331
|
||||||
|
---
|
||||||
|
tools/crm_attribute.c | 4 +++-
|
||||||
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/tools/crm_attribute.c b/tools/crm_attribute.c
|
||||||
|
index 0bd9dee81..b1463f906 100644
|
||||||
|
--- a/tools/crm_attribute.c
|
||||||
|
+++ b/tools/crm_attribute.c
|
||||||
|
@@ -56,7 +56,9 @@ attribute_text(pcmk__output_t *out, va_list args)
|
||||||
|
char *host G_GNUC_UNUSED = va_arg(args, char *);
|
||||||
|
|
||||||
|
if (out->quiet) {
|
||||||
|
- pcmk__formatted_printf(out, "%s\n", value);
|
||||||
|
+ if (value != NULL) {
|
||||||
|
+ pcmk__formatted_printf(out, "%s\n", value);
|
||||||
|
+ }
|
||||||
|
} else {
|
||||||
|
out->info(out, "%s%s %s%s %s%s value=%s",
|
||||||
|
scope ? "scope=" : "", scope ? scope : "",
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
||||||
|
|
||||||
|
From 16d00a9b3ef27afd09f5c046ea1be50fc664ed84 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Chris Lumens <clumens@redhat.com>
|
||||||
|
Date: Mon, 27 Jun 2022 12:18:06 -0400
|
||||||
|
Subject: [PATCH 2/2] Test: cts: Add a test for querying an attribute that does
|
||||||
|
not exist.
|
||||||
|
|
||||||
|
---
|
||||||
|
cts/cli/regression.tools.exp | 4 ++++
|
||||||
|
cts/cts-cli.in | 5 +++++
|
||||||
|
2 files changed, 9 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/cts/cli/regression.tools.exp b/cts/cli/regression.tools.exp
|
||||||
|
index 0d1cfa2ab..464472d42 100644
|
||||||
|
--- a/cts/cli/regression.tools.exp
|
||||||
|
+++ b/cts/cli/regression.tools.exp
|
||||||
|
@@ -24,6 +24,10 @@ A new shadow instance was created. To begin using it paste the following into y
|
||||||
|
</cib>
|
||||||
|
=#=#=#= End test: Validate CIB - OK (0) =#=#=#=
|
||||||
|
* Passed: cibadmin - Validate CIB
|
||||||
|
+=#=#=#= Begin test: Query the value of an attribute that does not exist =#=#=#=
|
||||||
|
+crm_attribute: Error performing operation: No such device or address
|
||||||
|
+=#=#=#= End test: Query the value of an attribute that does not exist - No such object (105) =#=#=#=
|
||||||
|
+* Passed: crm_attribute - Query the value of an attribute that does not exist
|
||||||
|
=#=#=#= Begin test: Configure something before erasing =#=#=#=
|
||||||
|
=#=#=#= Current cib after: Configure something before erasing =#=#=#=
|
||||||
|
<cib epoch="2" num_updates="0" admin_epoch="0">
|
||||||
|
diff --git a/cts/cts-cli.in b/cts/cts-cli.in
|
||||||
|
index 8565c485a..b895d36ec 100755
|
||||||
|
--- a/cts/cts-cli.in
|
||||||
|
+++ b/cts/cts-cli.in
|
||||||
|
@@ -511,6 +511,10 @@ function test_tools() {
|
||||||
|
cmd="cibadmin -Q"
|
||||||
|
test_assert $CRM_EX_OK
|
||||||
|
|
||||||
|
+ desc="Query the value of an attribute that does not exist"
|
||||||
|
+ cmd="crm_attribute -n ABCD --query --quiet"
|
||||||
|
+ test_assert $CRM_EX_NOSUCH 0
|
||||||
|
+
|
||||||
|
desc="Configure something before erasing"
|
||||||
|
cmd="crm_attribute -n cluster-delay -v 60s"
|
||||||
|
test_assert $CRM_EX_OK
|
||||||
|
@@ -1980,6 +1984,7 @@ for t in $tests; do
|
||||||
|
-e 's/ end=\"[0-9][-+: 0-9]*Z*\"/ end=\"\"/' \
|
||||||
|
-e 's/ start=\"[0-9][-+: 0-9]*Z*\"/ start=\"\"/' \
|
||||||
|
-e 's/^Error checking rule: Device not configured/Error checking rule: No such device or address/' \
|
||||||
|
+ -e 's/Error performing operation: Device not configured/Error performing operation: No such device or address/' \
|
||||||
|
-e 's/\(Injecting attribute last-failure-ping#monitor_10000=\)[0-9]*/\1/' \
|
||||||
|
-e 's/^lt-//' \
|
||||||
|
-e 's/ocf::/ocf:/' \
|
||||||
|
--
|
||||||
|
2.31.1
|
||||||
|
|
@ -35,11 +35,11 @@
|
|||||||
## Upstream pacemaker version, and its package version (specversion
|
## Upstream pacemaker version, and its package version (specversion
|
||||||
## can be incremented to build packages reliably considered "newer"
|
## can be incremented to build packages reliably considered "newer"
|
||||||
## than previously built packages with the same pcmkversion)
|
## than previously built packages with the same pcmkversion)
|
||||||
%global pcmkversion 2.1.3
|
%global pcmkversion 2.1.4
|
||||||
%global specversion 2
|
%global specversion 3
|
||||||
|
|
||||||
## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build
|
## Upstream commit (full commit ID, abbreviated commit ID, or tag) to build
|
||||||
%global commit da2fd79c89a8b148a2505b57b31e22a187c10d4f
|
%global commit dc6eb4362e67c1497a413434eba097063bf1ef83
|
||||||
|
|
||||||
## Since git v2.11, the extent of abbreviation is autoscaled by default
|
## Since git v2.11, the extent of abbreviation is autoscaled by default
|
||||||
## (used to be constant of 7), so we need to convey it for non-tags, too.
|
## (used to be constant of 7), so we need to convey it for non-tags, too.
|
||||||
@ -264,7 +264,9 @@ Source0: https://codeload.github.com/%{github_owner}/%{name}/tar.gz/%{arch
|
|||||||
Source1: nagios-agents-metadata-%{nagios_hash}.tar.gz
|
Source1: nagios-agents-metadata-%{nagios_hash}.tar.gz
|
||||||
|
|
||||||
# upstream commits
|
# upstream commits
|
||||||
#Patch001: 001-xxxx.patch
|
Patch001: 001-stonith-enabled.patch
|
||||||
|
Patch002: 002-acl_group.patch
|
||||||
|
Patch003: 003-regression.patch
|
||||||
|
|
||||||
# downstream-only commits
|
# downstream-only commits
|
||||||
#Patch1xx: 1xx-xxxx.patch
|
#Patch1xx: 1xx-xxxx.patch
|
||||||
@ -953,6 +955,22 @@ exit 0
|
|||||||
%license %{nagios_name}-%{nagios_hash}/COPYING
|
%license %{nagios_name}-%{nagios_hash}/COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Jun 29 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-3
|
||||||
|
- Add support for ACL groups
|
||||||
|
- Resolves: rhbz1724310
|
||||||
|
|
||||||
|
* Tue Jun 28 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-2
|
||||||
|
- Restore crm_attribute query behavior when attribute does not exist
|
||||||
|
- Resolves: rhbz2072107
|
||||||
|
|
||||||
|
* Wed Jun 15 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.4-1
|
||||||
|
- Fencer should not ignore CIB updates when stonith is disabled
|
||||||
|
- Rebase pacemaker on upstream 2.1.4 final release
|
||||||
|
- Fix typo in ocf:pacemaker:HealthSMART meta-data
|
||||||
|
- Resolves: rhbz2055935
|
||||||
|
- Resolves: rhbz2072107
|
||||||
|
- Resolves: rhbz2094855
|
||||||
|
|
||||||
* Wed Jun 1 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.3-2
|
* Wed Jun 1 2022 Ken Gaillot <kgaillot@redhat.com> - 2.1.3-2
|
||||||
- crm_attribute works on remote node command line when hostname differs
|
- crm_attribute works on remote node command line when hostname differs
|
||||||
- Rebase pacemaker on upstream 2.1.3 final release
|
- Rebase pacemaker on upstream 2.1.3 final release
|
||||||
|
Loading…
Reference in New Issue
Block a user