[arch-commits] Commit in ceph/trunk (3 files)
Sébastien Luttringer
seblu at archlinux.org
Sun Oct 9 15:31:54 UTC 2016
Date: Sunday, October 9, 2016 @ 15:31:53
Author: seblu
Revision: 277967
upgpkg: ceph 10.2.3-1
Added:
ceph/trunk/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
ceph/trunk/04-fix-686-build.patch
Modified:
ceph/trunk/PKGBUILD
--------------------------------------------------+
03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch | 309 +++++++++++++++++++++
04-fix-686-build.patch | 199 +++++++++++++
PKGBUILD | 18 -
3 files changed, 519 insertions(+), 7 deletions(-)
Added: 03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
===================================================================
--- 03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch (rev 0)
+++ 03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch 2016-10-09 15:31:53 UTC (rev 277967)
@@ -0,0 +1,309 @@
+From b1099e8edcda1ab658eaac424bd2e09d6e7cbabd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu at seblu.net>
+Date: Sun, 9 Oct 2016 01:53:36 +0200
+Subject: [PATCH] Revert "rgw ldap: fix ldap bindpw parsing"
+
+This reverts commit fe57aceeb02ad9163feb2d196589b5927cedfa0f.
+---
+ src/rgw/librgw.cc | 6 ++--
+ src/rgw/rgw_ldap.cc | 35 ---------------------
+ src/rgw/rgw_ldap.h | 54 ++++++++-------------------------
+ src/rgw/rgw_rest_s3.cc | 77 +++++++++++------------------------------------
+ src/test/test_rgw_ldap.cc | 4 +--
+ 5 files changed, 34 insertions(+), 142 deletions(-)
+
+diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
+index c476129..37414fc 100644
+--- a/src/rgw/librgw.cc
++++ b/src/rgw/librgw.cc
+@@ -52,7 +52,6 @@
+ #include <string.h>
+ #include <mutex>
+
+-
+ #define dout_subsys ceph_subsys_rgw
+
+ bool global_stop = false;
+@@ -470,10 +469,9 @@ namespace rgw {
+ const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+ const string& ldap_dnattr =
+ store->ctx()->_conf->rgw_ldap_dnattr;
+- std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+
+- ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
+- ldap_searchdn, ldap_dnattr);
++ ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++ ldap_dnattr);
+ ldh->init();
+ ldh->bind();
+
+diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
+index 6cca3b8..ac420e3 100644
+--- a/src/rgw/rgw_ldap.cc
++++ b/src/rgw/rgw_ldap.cc
+@@ -2,38 +2,3 @@
+ // vim: ts=8 sw=2 smarttab
+
+ #include "rgw_ldap.h"
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+-
+-#include "include/assert.h"
+-
+-#define dout_subsys ceph_subsys_rgw
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx)
+-{
+- string ldap_bindpw;
+- string ldap_secret = ctx->_conf->rgw_ldap_secret;
+-
+- if (ldap_secret.empty()) {
+- ldout(ctx, 10)
+- << __func__ << " LDAP auth no rgw_ldap_secret file found in conf"
+- << dendl;
+- } else {
+- char bindpw[1024];
+- memset(bindpw, 0, 1024);
+- int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(),
+- bindpw, 1023);
+- if (pwlen) {
+- ldap_bindpw = bindpw;
+- boost::algorithm::trim(ldap_bindpw);
+- if (ldap_bindpw.back() == '\n')
+- ldap_bindpw.pop_back();
+- }
+- }
+-
+- return std::move(ldap_bindpw);
+-}
+diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
+index b29e33ad..02eb61e 100644
+--- a/src/rgw/rgw_ldap.h
++++ b/src/rgw/rgw_ldap.h
+@@ -23,38 +23,27 @@ namespace rgw {
+ {
+ std::string uri;
+ std::string binddn;
+- std::string bindpw;
+ std::string searchdn;
+ std::string dnattr;
+ LDAP *ldap;
+- bool msad = false; /* TODO: possible future specialization */
+
+ public:
+- LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+- std::string _searchdn, std::string _dnattr)
+- : uri(std::move(_uri)), binddn(std::move(_binddn)),
+- bindpw(std::move(_bindpw)), searchdn(_searchdn), dnattr(_dnattr),
+- ldap(nullptr) {
++ LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++ std::string _dnattr)
++ : uri(std::move(_uri)), binddn(std::move(_binddn)), searchdn(_searchdn),
++ dnattr(_dnattr), ldap(nullptr) {
+ // nothing
+ }
+
+ int init() {
+ int ret;
+ ret = ldap_initialize(&ldap, uri.c_str());
+- if (ret == LDAP_SUCCESS) {
+- unsigned long ldap_ver = LDAP_VERSION3;
+- ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+- (void*) &ldap_ver);
+- }
+- if (ret == LDAP_SUCCESS) {
+- ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF);
+- }
+ return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+ }
+
+ int bind() {
+ int ret;
+- ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
++ ret = ldap_simple_bind_s(ldap, nullptr, nullptr);
+ return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+ }
+
+@@ -71,18 +60,11 @@ namespace rgw {
+ int auth(const std::string uid, const std::string pwd) {
+ int ret;
+ std::string filter;
+- if (msad) {
+- filter = "(&(objectClass=user)(sAMAccountName=";
+- filter += uid;
+- filter += "))";
+- } else {
+- /* openldap */
+- filter = "(";
+- filter += dnattr;
+- filter += "=";
+- filter += uid;
+- filter += ")";
+- }
++ filter = "(";
++ filter += dnattr;
++ filter += "=";
++ filter += uid;
++ filter += ")";
+ char *attrs[] = { const_cast<char*>(dnattr.c_str()), nullptr };
+ LDAPMessage *answer = nullptr, *entry = nullptr;
+ ret = ldap_search_s(ldap, searchdn.c_str(), LDAP_SCOPE_SUBTREE,
+@@ -113,8 +95,8 @@ namespace rgw {
+ class LDAPHelper
+ {
+ public:
+- LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+- std::string _searchdn, std::string _dnattr)
++ LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++ std::string _dnattr)
+ {}
+
+ int init() {
+@@ -135,17 +117,7 @@ namespace rgw {
+
+
+ #endif /* HAVE_OPENLDAP */
+-
+-} /* namespace rgw */
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+
+-#include "include/assert.h"
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx);
++} /* namespace rgw */
+
+ #endif /* RGW_LDAP_H */
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index e9f24f3..bd952db 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -8,8 +8,6 @@
+ #include "common/Formatter.h"
+ #include "common/utf8.h"
+ #include "common/ceph_json.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+
+ #include "rgw_rest.h"
+ #include "rgw_rest_s3.h"
+@@ -1747,32 +1745,10 @@ int RGWPostObj_ObjStore_S3::get_policy()
+ s->perm_mask = RGW_PERM_FULL_CONTROL;
+ }
+ } else if (store->ctx()->_conf->rgw_s3_auth_use_ldap &&
+- (! store->ctx()->_conf->rgw_ldap_uri.empty())) {
+-
+- ldout(store->ctx(), 15)
+- << __func__ << " LDAP auth uri="
+- << store->ctx()->_conf->rgw_ldap_uri
+- << dendl;
+-
++ store->ctx()->_conf->rgw_ldap_uri.empty()) {
+ RGWToken token{from_base64(s3_access_key)};
+- if (! token.valid())
+- return -EACCES;
+-
+ rgw::LDAPHelper *ldh = RGW_Auth_S3::get_ldap_ctx(store);
+- if (unlikely(!ldh)) {
+- ldout(store->ctx(), 0)
+- << __func__ << " RGW_Auth_S3::get_ldap_ctx() failed"
+- << dendl;
+- return -EACCES;
+- }
+-
+- ldout(store->ctx(), 10)
+- << __func__ << " try LDAP auth uri="
+- << store->ctx()->_conf->rgw_ldap_uri
+- << " token.id=" << token.id
+- << dendl;
+-
+- if (ldh->auth(token.id, token.key) != 0)
++ if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+ return -EACCES;
+
+ /* ok, succeeded */
+@@ -3091,10 +3067,9 @@ void RGW_Auth_S3::init_impl(RGWRados* store)
+ const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+ const string& ldap_dnattr =
+ store->ctx()->_conf->rgw_ldap_dnattr;
+- std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+
+- ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw,
+- ldap_searchdn, ldap_dnattr);
++ ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++ ldap_dnattr);
+
+ ldh->init();
+ ldh->bind();
+@@ -3935,45 +3910,29 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
+
+ RGW_Auth_S3::init(store);
+
+- ldout(store->ctx(), 15)
+- << __func__ << " LDAP auth uri="
+- << store->ctx()->_conf->rgw_ldap_uri
+- << dendl;
+-
+ RGWToken token{from_base64(auth_id)};
+-
+- if (! token.valid())
++ if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+ external_auth_result = -EACCES;
+ else {
+- ldout(store->ctx(), 10)
+- << __func__ << " try LDAP auth uri="
+- << store->ctx()->_conf->rgw_ldap_uri
+- << " token.id=" << token.id
+- << dendl;
+-
+- if (ldh->auth(token.id, token.key) != 0)
+- external_auth_result = -EACCES;
+- else {
+- /* ok, succeeded */
+- external_auth_result = 0;
++ /* ok, succeeded */
++ external_auth_result = 0;
+
+- /* create local account, if none exists */
+- s->user->user_id = token.id;
+- s->user->display_name = token.id; // cn?
+- int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++ /* create local account, if none exists */
++ s->user->user_id = token.id;
++ s->user->display_name = token.id; // cn?
++ int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++ if (ret < 0) {
++ ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
++ real_time(), true);
+ if (ret < 0) {
+- ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
+- real_time(), true);
+- if (ret < 0) {
+- dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
+- << dendl;
+- }
++ dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
++ << dendl;
+ }
++ }
+
+ /* set request perms */
+ s->perm_mask = RGW_PERM_FULL_CONTROL;
+- } /* success */
+- } /* token */
++ } /* success */
+ } /* ldap */
+
+ /* keystone failed (or not enabled); check if we want to use rados backend */
+
+--
+2.10.0
+
Added: 04-fix-686-build.patch
===================================================================
--- 04-fix-686-build.patch (rev 0)
+++ 04-fix-686-build.patch 2016-10-09 15:31:53 UTC (rev 277967)
@@ -0,0 +1,199 @@
+# https://github.com/ceph/ceph/pull/10855
+From 518883d939f34ec0afa03aea1bac35960fb579f2 Mon Sep 17 00:00:00 2001
+From: Loic Dachary <ldachary at redhat.com>
+Date: Thu, 25 Aug 2016 09:09:40 +0200
+Subject: [PATCH 1/4] Revert "common: add int64_t template for
+ strict_si_cast()"
+
+This reverts commit e3a99c082e3ebd56d5b40d7d94d98e35629df81e.
+---
+ src/common/strtol.cc | 2 --
+ src/test/strtol.cc | 15 ---------------
+ 2 files changed, 17 deletions(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index f43d661..50598b9 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -189,8 +189,6 @@ template int strict_si_cast<int>(const char *str, std::string *err);
+
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 3946736..646c055 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,21 +234,6 @@ TEST(StrictSICast, Error) {
+ (void)strict_si_cast<int>("1T", &err);
+ ASSERT_NE(err, "");
+ }
+- {
+- std::string err;
+- (void)strict_si_cast<int64_t>("2E", &err);
+- ASSERT_EQ(err, "");
+- }
+- {
+- std::string err;
+- (void)strict_si_cast<int64_t>("-2E", &err);
+- ASSERT_EQ(err, "");
+- }
+- {
+- std::string err;
+- (void)strict_si_cast<int64_t>("1T", &err);
+- ASSERT_EQ(err, "");
+- }
+ }
+
+ /*
+
+From f7cd28460147530cfd265a593b32d02adb93abe6 Mon Sep 17 00:00:00 2001
+From: Kefu Chai <tchaikov at gmail.com>
+Date: Sat, 30 Apr 2016 18:31:37 +0800
+Subject: [PATCH 2/4] common/config: cast OPT_U32 options using uint32_t
+
+the OPT_U32 options was translated using strict_si_cast<int>(), and then
+cast the converted result to uint32_t. this could cause integer
+underflow. we could have lifted the burden of checking invalid input
+from the user of this option to the strict_si_cast<>() function. so in
+this change, we use strict_si_cast<uint32_t>() instead, before casting
+the converted value into `uint32_t`.
+
+Signed-off-by: Kefu Chai <tchaikov at gmail.com>
+(cherry picked from commit b7babd6aa671d688eef0af61ca17fd11eec22773)
+---
+ src/common/config.cc | 2 +-
+ src/common/strtol.cc | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/config.cc b/src/common/config.cc
+index 622e237..d27bfbf 100644
+--- a/src/common/config.cc
++++ b/src/common/config.cc
+@@ -994,7 +994,7 @@ int md_config_t::set_val_raw(const char *val, const config_option *opt)
+ return 0;
+ case OPT_U32: {
+ std::string err;
+- int f = strict_si_cast<int>(val, &err);
++ int f = strict_si_cast<uint32_t>(val, &err);
+ if (!err.empty())
+ return -EINVAL;
+ *(uint32_t*)opt->conf_ptr(this) = f;
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 50598b9..bc5ccc7 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,10 +186,9 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+
+ template int strict_si_cast<int>(const char *str, std::string *err);
+-
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
++template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+ {
+
+From d93eda88048d2bcefe4be3ea0aaa6ca0289eabbf Mon Sep 17 00:00:00 2001
+From: Vikhyat Umrao <vumrao at redhat.com>
+Date: Thu, 26 May 2016 23:30:25 +0530
+Subject: [PATCH 3/4] common: add int64_t template for strict_si_cast()
+
+Signed-off-by: Vikhyat Umrao <vumrao at redhat.com>
+(cherry picked from commit 8e429d05370fbe7935212d0ae9608e7547f39860)
+---
+ src/common/strtol.cc | 1 +
+ src/test/strtol.cc | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index bc5ccc7..0e7ea7d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -187,6 +187,7 @@ T strict_si_cast(const char *str, std::string *err)
+
+ template int strict_si_cast<int>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
++template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 646c055..3946736 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,6 +234,21 @@ TEST(StrictSICast, Error) {
+ (void)strict_si_cast<int>("1T", &err);
+ ASSERT_NE(err, "");
+ }
++ {
++ std::string err;
++ (void)strict_si_cast<int64_t>("2E", &err);
++ ASSERT_EQ(err, "");
++ }
++ {
++ std::string err;
++ (void)strict_si_cast<int64_t>("-2E", &err);
++ ASSERT_EQ(err, "");
++ }
++ {
++ std::string err;
++ (void)strict_si_cast<int64_t>("1T", &err);
++ ASSERT_EQ(err, "");
++ }
+ }
+
+ /*
+
+From 117aa35094c059dbf5770b01ac13a583471e54aa Mon Sep 17 00:00:00 2001
+From: Kefu Chai <kchai at redhat.com>
+Date: Sun, 26 Jun 2016 01:02:03 +0800
+Subject: [PATCH 4/4] common: instantiate strict_si_cast<long> not
+ strict_si_cast<int64_t>
+
+this fixes the build on armf.
+
+on 32bit platforms, cstdint is very likely to
+
+ typedef long long int int64_t;
+
+this results in compilation error like
+
+ `common/strtol.cc:190:75: error: duplicate explicit instantiation of 'T
+ strict_si_cast(const char, std::string) [with T = long long int;
+ std::string = std::basic_string]'
+
+ [-fpermissive]
+ template int64_t strict_si_cast(const char *str, std::string *err);
+ ^`
+
+we can address this by instantiate the primitive type of `long long`
+instead of `in64_t`.
+
+Fixes: http://tracker.ceph.com/issues/16398
+Signed-off-by: Kefu Chai <kchai at redhat.com>
+(cherry picked from commit 31db4c5f9f725e13e38f3c90744e299e023d02a4)
+---
+ src/common/strtol.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 0e7ea7d..321521d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,8 +186,8 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+
+ template int strict_si_cast<int>(const char *str, std::string *err);
++template long strict_si_cast<long>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2016-10-09 15:29:15 UTC (rev 277966)
+++ PKGBUILD 2016-10-09 15:31:53 UTC (rev 277967)
@@ -2,8 +2,8 @@
# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
pkgname=ceph
-pkgver=10.2.2
-pkgrel=2
+pkgver=10.2.3
+pkgrel=1
pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system'
arch=('x86_64' 'i686')
url='http://ceph.com/'
@@ -19,11 +19,15 @@
source=("http://ceph.com/download/$pkgname-$pkgver.tar.gz"
'ceph.sysusers'
'01-virtualenv2.patch'
- '02-setup-python2.patch')
-md5sums=('5cba47af53b3b17002aad3c854e5405c'
+ '02-setup-python2.patch'
+ '03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch'
+ '04-fix-686-build.patch')
+md5sums=('5d660c78a211f6d53161e197729aebd2'
'b3e24e3aa005a657ab475f84bfe3291a'
'a3f72dc8e97f9fd5708d52256bcd9e75'
- 'f11582acceeb6c1790518c3a5a29bb18')
+ 'f11582acceeb6c1790518c3a5a29bb18'
+ '6c4cbe6288858421832e751164617774'
+ 'e8fbd2dfb359a8f6d2738d46441fbffa')
prepare() {
cd $pkgname-$pkgver
@@ -69,8 +73,8 @@
# fix sbin path
msg2 'Fix sbin paths'
- mv -v sbin/* usr/sbin/* usr/bin
- rmdir -v sbin usr/sbin
+ mv -v usr/sbin/* usr/bin
+ rmdir -v usr/sbin
# fix bash completions path
msg2 'Fix bash completion path'
More information about the arch-commits
mailing list