[arch-commits] Commit in ceph/repos (16 files)

Bartłomiej Piotrowski bpiotrowski at archlinux.org
Sun Jan 1 21:10:13 UTC 2017


    Date: Sunday, January 1, 2017 @ 21:10:12
  Author: bpiotrowski
Revision: 285146

archrelease: copy trunk to staging-x86_64, staging-i686

Added:
  ceph/repos/staging-i686/
  ceph/repos/staging-i686/01-virtualenv2.patch
    (from rev 285145, ceph/trunk/01-virtualenv2.patch)
  ceph/repos/staging-i686/02-setup-python2.patch
    (from rev 285145, ceph/trunk/02-setup-python2.patch)
  ceph/repos/staging-i686/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
    (from rev 285145, ceph/trunk/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch)
  ceph/repos/staging-i686/04-fix-686-build.patch
    (from rev 285145, ceph/trunk/04-fix-686-build.patch)
  ceph/repos/staging-i686/PKGBUILD
    (from rev 285145, ceph/trunk/PKGBUILD)
  ceph/repos/staging-i686/ceph.install
    (from rev 285145, ceph/trunk/ceph.install)
  ceph/repos/staging-i686/ceph.sysusers
    (from rev 285145, ceph/trunk/ceph.sysusers)
  ceph/repos/staging-x86_64/
  ceph/repos/staging-x86_64/01-virtualenv2.patch
    (from rev 285145, ceph/trunk/01-virtualenv2.patch)
  ceph/repos/staging-x86_64/02-setup-python2.patch
    (from rev 285145, ceph/trunk/02-setup-python2.patch)
  ceph/repos/staging-x86_64/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
    (from rev 285145, ceph/trunk/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch)
  ceph/repos/staging-x86_64/04-fix-686-build.patch
    (from rev 285145, ceph/trunk/04-fix-686-build.patch)
  ceph/repos/staging-x86_64/PKGBUILD
    (from rev 285145, ceph/trunk/PKGBUILD)
  ceph/repos/staging-x86_64/ceph.install
    (from rev 285145, ceph/trunk/ceph.install)
  ceph/repos/staging-x86_64/ceph.sysusers
    (from rev 285145, ceph/trunk/ceph.sysusers)

-----------------------------------------------------------------+
 staging-i686/01-virtualenv2.patch                               |   11 
 staging-i686/02-setup-python2.patch                             |   38 +
 staging-i686/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch   |  309 ++++++++++
 staging-i686/04-fix-686-build.patch                             |  199 ++++++
 staging-i686/PKGBUILD                                           |   91 ++
 staging-i686/ceph.install                                       |   16 
 staging-i686/ceph.sysusers                                      |    1 
 staging-x86_64/01-virtualenv2.patch                             |   11 
 staging-x86_64/02-setup-python2.patch                           |   38 +
 staging-x86_64/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch |  309 ++++++++++
 staging-x86_64/04-fix-686-build.patch                           |  199 ++++++
 staging-x86_64/PKGBUILD                                         |   91 ++
 staging-x86_64/ceph.install                                     |   16 
 staging-x86_64/ceph.sysusers                                    |    1 
 14 files changed, 1330 insertions(+)

Copied: ceph/repos/staging-i686/01-virtualenv2.patch (from rev 285145, ceph/trunk/01-virtualenv2.patch)
===================================================================
--- staging-i686/01-virtualenv2.patch	                        (rev 0)
+++ staging-i686/01-virtualenv2.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,11 @@
+--- a/src/tools/setup-virtualenv.sh	2016-06-14 13:43:58.000000000 +0200
++++ b/src/tools/setup-virtualenv.sh	2016-08-18 02:13:31.418624320 +0200
+@@ -18,7 +18,7 @@
+ DIR=$1
+ rm -fr $DIR
+ mkdir -p $DIR
+-virtualenv --python python2.7 $DIR
++virtualenv2 --python python2.7 $DIR
+ . $DIR/bin/activate
+ # older versions of pip will not install wrap_console scripts
+ # when using wheel packages

Copied: ceph/repos/staging-i686/02-setup-python2.patch (from rev 285145, ceph/trunk/02-setup-python2.patch)
===================================================================
--- staging-i686/02-setup-python2.patch	                        (rev 0)
+++ staging-i686/02-setup-python2.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,38 @@
+--- a/src/Makefile.in	2016-06-14 13:44:59.000000000 +0200
++++ b/src/Makefile.in	2016-08-19 22:09:15.526703376 +0200
+@@ -32623,7 +32623,7 @@
+ 	cd $(srcdir)/ceph-detect-init ; ../tools/setup-virtualenv.sh ${CEPH_DETECT_INIT_VIRTUALENV} ; test -d wheelhouse && export NO_INDEX=--no-index ; ${CEPH_DETECT_INIT_VIRTUALENV}/bin/pip install $$NO_INDEX --use-wheel --find-links=file://$$(pwd)/wheelhouse -e .
+ 
+ ceph-detect-init-clean:
+-	cd $(srcdir)/ceph-detect-init ; python setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DETECT_INIT_VIRTUALENV} .coverage *.egg-info
++	cd $(srcdir)/ceph-detect-init ; python2 setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DETECT_INIT_VIRTUALENV} .coverage *.egg-info
+ 
+ ceph-detect-init-install-data:
+ 	cd $(srcdir)/ceph-detect-init ; \
+@@ -32635,7 +32635,7 @@
+ 		fi ; \
+ 		root="--root=$(DESTDIR)" ; \
+ 	fi ; \
+-	python setup.py install $$root $$options
++	python2 setup.py install $$root $$options
+ 
+ export CEPH_DISK_VIRTUALENV = ${CEPH_BUILD_VIRTUALENV}/ceph-disk-virtualenv
+ 
+@@ -32645,7 +32645,7 @@
+ 	cd $(srcdir)/ceph-disk ; ../tools/setup-virtualenv.sh ${CEPH_DISK_VIRTUALENV} ; test -d wheelhouse && export NO_INDEX=--no-index ; ${CEPH_DISK_VIRTUALENV}/bin/pip install $$NO_INDEX --use-wheel --find-links=file://$$(pwd)/wheelhouse -e .
+ 
+ ceph-disk-clean:
+-	cd $(srcdir)/ceph-disk ; python setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DISK_VIRTUALENV} .coverage *.egg-info
++	cd $(srcdir)/ceph-disk ; python2 setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DISK_VIRTUALENV} .coverage *.egg-info
+ 
+ ceph-disk-install-data:
+ 	cd $(srcdir)/ceph-disk ; \
+@@ -32657,7 +32657,7 @@
+ 		fi ; \
+ 		root="--root=$(DESTDIR) --install-script=/usr/sbin" ; \
+ 	fi ; \
+-	python setup.py install $$root $$options
++	python2 setup.py install $$root $$options
+ 
+ #crush_includedir = $(includedir)/crush
+ #crush_include_DATA = \

Copied: ceph/repos/staging-i686/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch (from rev 285145, ceph/trunk/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch)
===================================================================
--- staging-i686/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch	                        (rev 0)
+++ staging-i686/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,309 @@
+From b1099e8edcda1ab658eaac424bd2e09d6e7cbabd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu at seblu.net>
+Date: Sun, 9 Oct 2016 01:53:36 +0200
+Subject: [PATCH] Revert "rgw ldap: fix ldap bindpw parsing"
+
+This reverts commit fe57aceeb02ad9163feb2d196589b5927cedfa0f.
+---
+ src/rgw/librgw.cc         |  6 ++--
+ src/rgw/rgw_ldap.cc       | 35 ---------------------
+ src/rgw/rgw_ldap.h        | 54 ++++++++-------------------------
+ src/rgw/rgw_rest_s3.cc    | 77 +++++++++++------------------------------------
+ src/test/test_rgw_ldap.cc |  4 +--
+ 5 files changed, 34 insertions(+), 142 deletions(-)
+
+diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
+index c476129..37414fc 100644
+--- a/src/rgw/librgw.cc
++++ b/src/rgw/librgw.cc
+@@ -52,7 +52,6 @@
+ #include <string.h>
+ #include <mutex>
+ 
+-
+ #define dout_subsys ceph_subsys_rgw
+ 
+ bool global_stop = false;
+@@ -470,10 +469,9 @@ namespace rgw {
+     const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+     const string& ldap_dnattr =
+       store->ctx()->_conf->rgw_ldap_dnattr;
+-    std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
+-			      ldap_searchdn, ldap_dnattr);
++    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++			      ldap_dnattr);
+     ldh->init();
+     ldh->bind();
+ 
+diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
+index 6cca3b8..ac420e3 100644
+--- a/src/rgw/rgw_ldap.cc
++++ b/src/rgw/rgw_ldap.cc
+@@ -2,38 +2,3 @@
+ // vim: ts=8 sw=2 smarttab
+ 
+ #include "rgw_ldap.h"
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+-
+-#include "include/assert.h"
+-
+-#define dout_subsys ceph_subsys_rgw
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx)
+-{
+-  string ldap_bindpw;
+-  string ldap_secret = ctx->_conf->rgw_ldap_secret;
+-
+-  if (ldap_secret.empty()) {
+-    ldout(ctx, 10)
+-      << __func__ << " LDAP auth no rgw_ldap_secret file found in conf"
+-      << dendl;
+-    } else {
+-      char bindpw[1024];
+-      memset(bindpw, 0, 1024);
+-      int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(),
+-				 bindpw, 1023);
+-    if (pwlen) {
+-      ldap_bindpw = bindpw;
+-      boost::algorithm::trim(ldap_bindpw);
+-      if (ldap_bindpw.back() == '\n')
+-	ldap_bindpw.pop_back();
+-    }
+-  }
+-
+-  return std::move(ldap_bindpw);
+-}
+diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
+index b29e33ad..02eb61e 100644
+--- a/src/rgw/rgw_ldap.h
++++ b/src/rgw/rgw_ldap.h
+@@ -23,38 +23,27 @@ namespace rgw {
+   {
+     std::string uri;
+     std::string binddn;
+-    std::string bindpw;
+     std::string searchdn;
+     std::string dnattr;
+     LDAP *ldap;
+-    bool msad = false; /* TODO: possible future specialization */
+ 
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
+-      : uri(std::move(_uri)), binddn(std::move(_binddn)),
+-	bindpw(std::move(_bindpw)), searchdn(_searchdn), dnattr(_dnattr),
+-	ldap(nullptr) {
++    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++	      std::string _dnattr)
++      : uri(std::move(_uri)), binddn(std::move(_binddn)), searchdn(_searchdn),
++	dnattr(_dnattr), ldap(nullptr) {
+       // nothing
+     }
+ 
+     int init() {
+       int ret;
+       ret = ldap_initialize(&ldap, uri.c_str());
+-      if (ret == LDAP_SUCCESS) {
+-	unsigned long ldap_ver = LDAP_VERSION3;
+-	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+-			      (void*) &ldap_ver);
+-      }
+-      if (ret == LDAP_SUCCESS) {
+-	ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); 
+-      }
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+     int bind() {
+       int ret;
+-      ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
++      ret = ldap_simple_bind_s(ldap, nullptr, nullptr);
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+@@ -71,18 +60,11 @@ namespace rgw {
+     int auth(const std::string uid, const std::string pwd) {
+       int ret;
+       std::string filter;
+-      if (msad) {
+-	filter = "(&(objectClass=user)(sAMAccountName=";
+-	filter += uid;
+-	filter += "))";
+-      } else {
+-	/* openldap */
+-	filter = "(";
+-	filter += dnattr;
+-	filter += "=";
+-	filter += uid;
+-	filter += ")";
+-      }
++      filter = "(";
++      filter += dnattr;
++      filter += "=";
++      filter += uid;
++      filter += ")";
+       char *attrs[] = { const_cast<char*>(dnattr.c_str()), nullptr };
+       LDAPMessage *answer = nullptr, *entry = nullptr;
+       ret = ldap_search_s(ldap, searchdn.c_str(), LDAP_SCOPE_SUBTREE,
+@@ -113,8 +95,8 @@ namespace rgw {
+   class LDAPHelper
+   {
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
++    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++	      std::string _dnattr)
+       {}
+ 
+     int init() {
+@@ -135,17 +117,7 @@ namespace rgw {
+ 
+ 
+ #endif /* HAVE_OPENLDAP */
+-  
+-} /* namespace rgw */
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+-#include "include/assert.h"
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx);
++} /* namespace rgw */
+ 
+ #endif /* RGW_LDAP_H */
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index e9f24f3..bd952db 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -8,8 +8,6 @@
+ #include "common/Formatter.h"
+ #include "common/utf8.h"
+ #include "common/ceph_json.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+ #include "rgw_rest.h"
+ #include "rgw_rest_s3.h"
+@@ -1747,32 +1745,10 @@ int RGWPostObj_ObjStore_S3::get_policy()
+ 	  s->perm_mask = RGW_PERM_FULL_CONTROL;
+ 	}
+       } else if (store->ctx()->_conf->rgw_s3_auth_use_ldap &&
+-		 (! store->ctx()->_conf->rgw_ldap_uri.empty())) {
+-
+-	ldout(store->ctx(), 15)
+-	  << __func__ << " LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << dendl;
+-
++		store->ctx()->_conf->rgw_ldap_uri.empty()) {
+ 	RGWToken token{from_base64(s3_access_key)};
+-	if (! token.valid())
+-	  return -EACCES;
+-
+ 	rgw::LDAPHelper *ldh = RGW_Auth_S3::get_ldap_ctx(store);
+-	if (unlikely(!ldh)) {
+-	  ldout(store->ctx(), 0)
+-	    << __func__ << " RGW_Auth_S3::get_ldap_ctx() failed"
+-	    << dendl;
+-	  return -EACCES;
+-	}
+-
+-	ldout(store->ctx(), 10)
+-	  << __func__ << " try LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << " token.id=" << token.id
+-	  << dendl;
+-
+-	if (ldh->auth(token.id, token.key) != 0)
++	if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+ 	  return -EACCES;
+ 
+ 	/* ok, succeeded */
+@@ -3091,10 +3067,9 @@ void RGW_Auth_S3::init_impl(RGWRados* store)
+   const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+   const string& ldap_dnattr =
+     store->ctx()->_conf->rgw_ldap_dnattr;
+-  std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw,
+-			    ldap_searchdn, ldap_dnattr);
++  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++			    ldap_dnattr);
+ 
+   ldh->init();
+   ldh->bind();
+@@ -3935,45 +3910,29 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
+ 
+     RGW_Auth_S3::init(store);
+ 
+-    ldout(store->ctx(), 15)
+-      << __func__ << " LDAP auth uri="
+-      << store->ctx()->_conf->rgw_ldap_uri
+-      << dendl;
+-
+     RGWToken token{from_base64(auth_id)};
+-
+-    if (! token.valid())
++    if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+       external_auth_result = -EACCES;
+     else {
+-      ldout(store->ctx(), 10)
+-	<< __func__ << " try LDAP auth uri="
+-	<< store->ctx()->_conf->rgw_ldap_uri
+-	<< " token.id=" << token.id
+-	<< dendl;
+-
+-      if (ldh->auth(token.id, token.key) != 0)
+-	external_auth_result = -EACCES;
+-      else {
+-	/* ok, succeeded */
+-	external_auth_result = 0;
++      /* ok, succeeded */
++      external_auth_result = 0;
+ 
+-	/* create local account, if none exists */
+-	s->user->user_id = token.id;
+-	s->user->display_name = token.id; // cn?
+-	int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++      /* create local account, if none exists */
++      s->user->user_id = token.id;
++      s->user->display_name = token.id; // cn?
++      int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++      if (ret < 0) {
++	ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
++				  real_time(), true);
+ 	if (ret < 0) {
+-	  ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
+-				    real_time(), true);
+-	  if (ret < 0) {
+-	    dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
+-		     << dendl;
+-	  }
++	  dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
++		   << dendl;
+ 	}
++      }
+ 
+       /* set request perms */
+       s->perm_mask = RGW_PERM_FULL_CONTROL;
+-      } /* success */
+-    } /* token */
++    } /* success */
+   } /* ldap */
+ 
+   /* keystone failed (or not enabled); check if we want to use rados backend */
+ 
+-- 
+2.10.0
+

Copied: ceph/repos/staging-i686/04-fix-686-build.patch (from rev 285145, ceph/trunk/04-fix-686-build.patch)
===================================================================
--- staging-i686/04-fix-686-build.patch	                        (rev 0)
+++ staging-i686/04-fix-686-build.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,199 @@
+# https://github.com/ceph/ceph/pull/10855
+From 518883d939f34ec0afa03aea1bac35960fb579f2 Mon Sep 17 00:00:00 2001
+From: Loic Dachary <ldachary at redhat.com>
+Date: Thu, 25 Aug 2016 09:09:40 +0200
+Subject: [PATCH 1/4] Revert "common: add int64_t template for
+ strict_si_cast()"
+
+This reverts commit e3a99c082e3ebd56d5b40d7d94d98e35629df81e.
+---
+ src/common/strtol.cc |  2 --
+ src/test/strtol.cc   | 15 ---------------
+ 2 files changed, 17 deletions(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index f43d661..50598b9 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -189,8 +189,6 @@ template int strict_si_cast<int>(const char *str, std::string *err);
+ 
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+ 
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 3946736..646c055 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,21 +234,6 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("-2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("1T", &err);
+-    ASSERT_EQ(err, "");
+-  }
+ }
+ 
+ /*
+
+From f7cd28460147530cfd265a593b32d02adb93abe6 Mon Sep 17 00:00:00 2001
+From: Kefu Chai <tchaikov at gmail.com>
+Date: Sat, 30 Apr 2016 18:31:37 +0800
+Subject: [PATCH 2/4] common/config: cast OPT_U32 options using uint32_t
+
+the OPT_U32 options was translated using strict_si_cast<int>(), and then
+cast the converted result to uint32_t. this could cause integer
+underflow. we could have lifted the burden of checking invalid input
+from the user of this option to the strict_si_cast<>() function. so in
+this change, we use strict_si_cast<uint32_t>() instead, before casting
+the converted value into `uint32_t`.
+
+Signed-off-by: Kefu Chai <tchaikov at gmail.com>
+(cherry picked from commit b7babd6aa671d688eef0af61ca17fd11eec22773)
+---
+ src/common/config.cc | 2 +-
+ src/common/strtol.cc | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/config.cc b/src/common/config.cc
+index 622e237..d27bfbf 100644
+--- a/src/common/config.cc
++++ b/src/common/config.cc
+@@ -994,7 +994,7 @@ int md_config_t::set_val_raw(const char *val, const config_option *opt)
+       return 0;
+     case OPT_U32: {
+       std::string err;
+-      int f = strict_si_cast<int>(val, &err);
++      int f = strict_si_cast<uint32_t>(val, &err);
+       if (!err.empty())
+ 	return -EINVAL;
+       *(uint32_t*)opt->conf_ptr(this) = f;
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 50598b9..bc5ccc7 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,10 +186,9 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+-
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
++template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+ {
+
+From d93eda88048d2bcefe4be3ea0aaa6ca0289eabbf Mon Sep 17 00:00:00 2001
+From: Vikhyat Umrao <vumrao at redhat.com>
+Date: Thu, 26 May 2016 23:30:25 +0530
+Subject: [PATCH 3/4] common: add int64_t template for strict_si_cast()
+
+Signed-off-by: Vikhyat Umrao <vumrao at redhat.com>
+(cherry picked from commit 8e429d05370fbe7935212d0ae9608e7547f39860)
+---
+ src/common/strtol.cc |  1 +
+ src/test/strtol.cc   | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index bc5ccc7..0e7ea7d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -187,6 +187,7 @@ T strict_si_cast(const char *str, std::string *err)
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
++template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 646c055..3946736 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,6 +234,21 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("2E", &err);
++    ASSERT_EQ(err, "");
++  }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("-2E", &err);
++    ASSERT_EQ(err, "");
++  }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("1T", &err);
++    ASSERT_EQ(err, "");
++  }
+ }
+ 
+ /*
+
+From 117aa35094c059dbf5770b01ac13a583471e54aa Mon Sep 17 00:00:00 2001
+From: Kefu Chai <kchai at redhat.com>
+Date: Sun, 26 Jun 2016 01:02:03 +0800
+Subject: [PATCH 4/4] common: instantiate strict_si_cast<long> not
+ strict_si_cast<int64_t>
+
+this fixes the build on armf.
+
+on 32bit platforms, cstdint is very likely to
+
+ typedef long long int int64_t;
+
+this results in compilation error like
+
+ `common/strtol.cc:190:75: error: duplicate explicit instantiation of 'T
+ strict_si_cast(const char, std::string) [with T = long long int;
+ std::string = std::basic_string]'
+
+ [-fpermissive]
+ template int64_t strict_si_cast(const char *str, std::string *err);
+ ^`
+
+we can address this by instantiate the primitive type of `long long`
+instead of `in64_t`.
+
+Fixes: http://tracker.ceph.com/issues/16398
+Signed-off-by: Kefu Chai <kchai at redhat.com>
+(cherry picked from commit 31db4c5f9f725e13e38f3c90744e299e023d02a4)
+---
+ src/common/strtol.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 0e7ea7d..321521d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,8 +186,8 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
++template long strict_si_cast<long>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 

Copied: ceph/repos/staging-i686/PKGBUILD (from rev 285145, ceph/trunk/PKGBUILD)
===================================================================
--- staging-i686/PKGBUILD	                        (rev 0)
+++ staging-i686/PKGBUILD	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,91 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=ceph
+pkgver=10.2.3
+pkgrel=2
+pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system'
+arch=('x86_64' 'i686')
+url='https://ceph.com/'
+license=('GPL')
+makedepends=('boost' 'systemd' 'xfsprogs' 'python2-setuptools' 'python2-sphinx'
+             'python2-virtualenv' 'cython2')
+depends=('boost-libs' 'curl' 'expat' 'fcgi' 'fuse2' 'gcc-libs' 'glibc'
+  'gperftools' 'keyutils' 'leveldb' 'libaio' 'libatomic_ops' 'libedit'
+  'libsystemd' 'libutil-linux' 'ncurses' 'nss' 'python2' 'snappy')
+optdepends=('xfsprogs: support xfs backend')
+options=('emptydirs')
+install=ceph.install
+source=("https://ceph.com/download/$pkgname-$pkgver.tar.gz"
+        'ceph.sysusers'
+        '01-virtualenv2.patch'
+        '02-setup-python2.patch'
+        '03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch'
+        '04-fix-686-build.patch')
+md5sums=('5d660c78a211f6d53161e197729aebd2'
+         'b3e24e3aa005a657ab475f84bfe3291a'
+         'a3f72dc8e97f9fd5708d52256bcd9e75'
+         'f11582acceeb6c1790518c3a5a29bb18'
+         '6c4cbe6288858421832e751164617774'
+         'e8fbd2dfb359a8f6d2738d46441fbffa')
+
+prepare() {
+  cd $pkgname-$pkgver
+  # apply patch from the source array (should be a pacman feature)
+  local filename
+  for filename in "${source[@]}"; do
+    if [[ "$filename" =~ \.patch$ ]]; then
+      msg2 "Applying patch ${filename##*/}"
+      patch -p1 -N -i "$srcdir/${filename##*/}"
+    fi
+  done
+  :
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --libexecdir=/usr/lib \
+    --sysconfdir=/etc \
+    --localstatedir=/var \
+    --with-man-pages \
+    --with-radosgw \
+    --without-openldap \
+    PYTHON=/usr/bin/python2 \
+    CYTHON_CHECK=yes \
+    PYTHON_CONFIG_CHECK=yes \
+    SPHINX_BUILD=sphinx-build2
+  make
+}
+
+package() {
+  cd $pkgname-$pkgver
+
+  make DESTDIR="$pkgdir" install
+
+  # install tmpfiles.d
+  install -Dm644 systemd/ceph.tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+  install -Dm644 "$srcdir"/ceph.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+
+  cd "$pkgdir"
+
+  # fix sbin path
+  msg2 'Fix sbin paths'
+  mv -v usr/sbin/* usr/bin
+  rmdir -v usr/sbin
+
+  # fix bash completions path
+  msg2 'Fix bash completion path'
+  install -d -m 755 usr/share/bash-completion
+  mv etc/bash_completion.d usr/share/bash-completion/completions
+
+  # fix python2 shebang, did not do it in prepare() anymore because it
+  # confuse automake
+  msg2 'Fix python2 shebang'
+  find . -type f -executable -exec \
+    sed -i '1s,^#! \?/usr/bin/\(env \|\)python$,#!/usr/bin/python2,' {} \;
+}
+
+# vim:set ts=2 sw=2 et:

Copied: ceph/repos/staging-i686/ceph.install (from rev 285145, ceph/trunk/ceph.install)
===================================================================
--- staging-i686/ceph.install	                        (rev 0)
+++ staging-i686/ceph.install	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,16 @@
+# vim: ft=sh ts=2 sw=2 et:
+
+# arg 1:  the new package version
+post_install() {
+  systemd-sysusers ceph.conf
+  systemd-tmpfiles --create ceph.conf
+}
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  if (( "$(vercmp $2 '10.2.2-1')" < 0 )); then
+    systemd-sysusers ceph.conf
+    systemd-tmpfiles --create ceph.conf
+  fi
+}

Copied: ceph/repos/staging-i686/ceph.sysusers (from rev 285145, ceph/trunk/ceph.sysusers)
===================================================================
--- staging-i686/ceph.sysusers	                        (rev 0)
+++ staging-i686/ceph.sysusers	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1 @@
+u ceph - - /run/ceph

Copied: ceph/repos/staging-x86_64/01-virtualenv2.patch (from rev 285145, ceph/trunk/01-virtualenv2.patch)
===================================================================
--- staging-x86_64/01-virtualenv2.patch	                        (rev 0)
+++ staging-x86_64/01-virtualenv2.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,11 @@
+--- a/src/tools/setup-virtualenv.sh	2016-06-14 13:43:58.000000000 +0200
++++ b/src/tools/setup-virtualenv.sh	2016-08-18 02:13:31.418624320 +0200
+@@ -18,7 +18,7 @@
+ DIR=$1
+ rm -fr $DIR
+ mkdir -p $DIR
+-virtualenv --python python2.7 $DIR
++virtualenv2 --python python2.7 $DIR
+ . $DIR/bin/activate
+ # older versions of pip will not install wrap_console scripts
+ # when using wheel packages

Copied: ceph/repos/staging-x86_64/02-setup-python2.patch (from rev 285145, ceph/trunk/02-setup-python2.patch)
===================================================================
--- staging-x86_64/02-setup-python2.patch	                        (rev 0)
+++ staging-x86_64/02-setup-python2.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,38 @@
+--- a/src/Makefile.in	2016-06-14 13:44:59.000000000 +0200
++++ b/src/Makefile.in	2016-08-19 22:09:15.526703376 +0200
+@@ -32623,7 +32623,7 @@
+ 	cd $(srcdir)/ceph-detect-init ; ../tools/setup-virtualenv.sh ${CEPH_DETECT_INIT_VIRTUALENV} ; test -d wheelhouse && export NO_INDEX=--no-index ; ${CEPH_DETECT_INIT_VIRTUALENV}/bin/pip install $$NO_INDEX --use-wheel --find-links=file://$$(pwd)/wheelhouse -e .
+ 
+ ceph-detect-init-clean:
+-	cd $(srcdir)/ceph-detect-init ; python setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DETECT_INIT_VIRTUALENV} .coverage *.egg-info
++	cd $(srcdir)/ceph-detect-init ; python2 setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DETECT_INIT_VIRTUALENV} .coverage *.egg-info
+ 
+ ceph-detect-init-install-data:
+ 	cd $(srcdir)/ceph-detect-init ; \
+@@ -32635,7 +32635,7 @@
+ 		fi ; \
+ 		root="--root=$(DESTDIR)" ; \
+ 	fi ; \
+-	python setup.py install $$root $$options
++	python2 setup.py install $$root $$options
+ 
+ export CEPH_DISK_VIRTUALENV = ${CEPH_BUILD_VIRTUALENV}/ceph-disk-virtualenv
+ 
+@@ -32645,7 +32645,7 @@
+ 	cd $(srcdir)/ceph-disk ; ../tools/setup-virtualenv.sh ${CEPH_DISK_VIRTUALENV} ; test -d wheelhouse && export NO_INDEX=--no-index ; ${CEPH_DISK_VIRTUALENV}/bin/pip install $$NO_INDEX --use-wheel --find-links=file://$$(pwd)/wheelhouse -e .
+ 
+ ceph-disk-clean:
+-	cd $(srcdir)/ceph-disk ; python setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DISK_VIRTUALENV} .coverage *.egg-info
++	cd $(srcdir)/ceph-disk ; python2 setup.py clean ; rm -fr wheelhouse .tox build ${CEPH_DISK_VIRTUALENV} .coverage *.egg-info
+ 
+ ceph-disk-install-data:
+ 	cd $(srcdir)/ceph-disk ; \
+@@ -32657,7 +32657,7 @@
+ 		fi ; \
+ 		root="--root=$(DESTDIR) --install-script=/usr/sbin" ; \
+ 	fi ; \
+-	python setup.py install $$root $$options
++	python2 setup.py install $$root $$options
+ 
+ #crush_includedir = $(includedir)/crush
+ #crush_include_DATA = \

Copied: ceph/repos/staging-x86_64/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch (from rev 285145, ceph/trunk/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch)
===================================================================
--- staging-x86_64/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch	                        (rev 0)
+++ staging-x86_64/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,309 @@
+From b1099e8edcda1ab658eaac424bd2e09d6e7cbabd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu at seblu.net>
+Date: Sun, 9 Oct 2016 01:53:36 +0200
+Subject: [PATCH] Revert "rgw ldap: fix ldap bindpw parsing"
+
+This reverts commit fe57aceeb02ad9163feb2d196589b5927cedfa0f.
+---
+ src/rgw/librgw.cc         |  6 ++--
+ src/rgw/rgw_ldap.cc       | 35 ---------------------
+ src/rgw/rgw_ldap.h        | 54 ++++++++-------------------------
+ src/rgw/rgw_rest_s3.cc    | 77 +++++++++++------------------------------------
+ src/test/test_rgw_ldap.cc |  4 +--
+ 5 files changed, 34 insertions(+), 142 deletions(-)
+
+diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
+index c476129..37414fc 100644
+--- a/src/rgw/librgw.cc
++++ b/src/rgw/librgw.cc
+@@ -52,7 +52,6 @@
+ #include <string.h>
+ #include <mutex>
+ 
+-
+ #define dout_subsys ceph_subsys_rgw
+ 
+ bool global_stop = false;
+@@ -470,10 +469,9 @@ namespace rgw {
+     const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+     const string& ldap_dnattr =
+       store->ctx()->_conf->rgw_ldap_dnattr;
+-    std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
+-			      ldap_searchdn, ldap_dnattr);
++    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++			      ldap_dnattr);
+     ldh->init();
+     ldh->bind();
+ 
+diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
+index 6cca3b8..ac420e3 100644
+--- a/src/rgw/rgw_ldap.cc
++++ b/src/rgw/rgw_ldap.cc
+@@ -2,38 +2,3 @@
+ // vim: ts=8 sw=2 smarttab
+ 
+ #include "rgw_ldap.h"
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+-
+-#include "include/assert.h"
+-
+-#define dout_subsys ceph_subsys_rgw
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx)
+-{
+-  string ldap_bindpw;
+-  string ldap_secret = ctx->_conf->rgw_ldap_secret;
+-
+-  if (ldap_secret.empty()) {
+-    ldout(ctx, 10)
+-      << __func__ << " LDAP auth no rgw_ldap_secret file found in conf"
+-      << dendl;
+-    } else {
+-      char bindpw[1024];
+-      memset(bindpw, 0, 1024);
+-      int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(),
+-				 bindpw, 1023);
+-    if (pwlen) {
+-      ldap_bindpw = bindpw;
+-      boost::algorithm::trim(ldap_bindpw);
+-      if (ldap_bindpw.back() == '\n')
+-	ldap_bindpw.pop_back();
+-    }
+-  }
+-
+-  return std::move(ldap_bindpw);
+-}
+diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
+index b29e33ad..02eb61e 100644
+--- a/src/rgw/rgw_ldap.h
++++ b/src/rgw/rgw_ldap.h
+@@ -23,38 +23,27 @@ namespace rgw {
+   {
+     std::string uri;
+     std::string binddn;
+-    std::string bindpw;
+     std::string searchdn;
+     std::string dnattr;
+     LDAP *ldap;
+-    bool msad = false; /* TODO: possible future specialization */
+ 
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
+-      : uri(std::move(_uri)), binddn(std::move(_binddn)),
+-	bindpw(std::move(_bindpw)), searchdn(_searchdn), dnattr(_dnattr),
+-	ldap(nullptr) {
++    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++	      std::string _dnattr)
++      : uri(std::move(_uri)), binddn(std::move(_binddn)), searchdn(_searchdn),
++	dnattr(_dnattr), ldap(nullptr) {
+       // nothing
+     }
+ 
+     int init() {
+       int ret;
+       ret = ldap_initialize(&ldap, uri.c_str());
+-      if (ret == LDAP_SUCCESS) {
+-	unsigned long ldap_ver = LDAP_VERSION3;
+-	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+-			      (void*) &ldap_ver);
+-      }
+-      if (ret == LDAP_SUCCESS) {
+-	ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); 
+-      }
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+     int bind() {
+       int ret;
+-      ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
++      ret = ldap_simple_bind_s(ldap, nullptr, nullptr);
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+@@ -71,18 +60,11 @@ namespace rgw {
+     int auth(const std::string uid, const std::string pwd) {
+       int ret;
+       std::string filter;
+-      if (msad) {
+-	filter = "(&(objectClass=user)(sAMAccountName=";
+-	filter += uid;
+-	filter += "))";
+-      } else {
+-	/* openldap */
+-	filter = "(";
+-	filter += dnattr;
+-	filter += "=";
+-	filter += uid;
+-	filter += ")";
+-      }
++      filter = "(";
++      filter += dnattr;
++      filter += "=";
++      filter += uid;
++      filter += ")";
+       char *attrs[] = { const_cast<char*>(dnattr.c_str()), nullptr };
+       LDAPMessage *answer = nullptr, *entry = nullptr;
+       ret = ldap_search_s(ldap, searchdn.c_str(), LDAP_SCOPE_SUBTREE,
+@@ -113,8 +95,8 @@ namespace rgw {
+   class LDAPHelper
+   {
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
++    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
++	      std::string _dnattr)
+       {}
+ 
+     int init() {
+@@ -135,17 +117,7 @@ namespace rgw {
+ 
+ 
+ #endif /* HAVE_OPENLDAP */
+-  
+-} /* namespace rgw */
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+-#include "include/assert.h"
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx);
++} /* namespace rgw */
+ 
+ #endif /* RGW_LDAP_H */
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index e9f24f3..bd952db 100644
+--- a/src/rgw/rgw_rest_s3.cc
++++ b/src/rgw/rgw_rest_s3.cc
+@@ -8,8 +8,6 @@
+ #include "common/Formatter.h"
+ #include "common/utf8.h"
+ #include "common/ceph_json.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+ #include "rgw_rest.h"
+ #include "rgw_rest_s3.h"
+@@ -1747,32 +1745,10 @@ int RGWPostObj_ObjStore_S3::get_policy()
+ 	  s->perm_mask = RGW_PERM_FULL_CONTROL;
+ 	}
+       } else if (store->ctx()->_conf->rgw_s3_auth_use_ldap &&
+-		 (! store->ctx()->_conf->rgw_ldap_uri.empty())) {
+-
+-	ldout(store->ctx(), 15)
+-	  << __func__ << " LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << dendl;
+-
++		store->ctx()->_conf->rgw_ldap_uri.empty()) {
+ 	RGWToken token{from_base64(s3_access_key)};
+-	if (! token.valid())
+-	  return -EACCES;
+-
+ 	rgw::LDAPHelper *ldh = RGW_Auth_S3::get_ldap_ctx(store);
+-	if (unlikely(!ldh)) {
+-	  ldout(store->ctx(), 0)
+-	    << __func__ << " RGW_Auth_S3::get_ldap_ctx() failed"
+-	    << dendl;
+-	  return -EACCES;
+-	}
+-
+-	ldout(store->ctx(), 10)
+-	  << __func__ << " try LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << " token.id=" << token.id
+-	  << dendl;
+-
+-	if (ldh->auth(token.id, token.key) != 0)
++	if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+ 	  return -EACCES;
+ 
+ 	/* ok, succeeded */
+@@ -3091,10 +3067,9 @@ void RGW_Auth_S3::init_impl(RGWRados* store)
+   const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+   const string& ldap_dnattr =
+     store->ctx()->_conf->rgw_ldap_dnattr;
+-  std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw,
+-			    ldap_searchdn, ldap_dnattr);
++  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
++			    ldap_dnattr);
+ 
+   ldh->init();
+   ldh->bind();
+@@ -3935,45 +3910,29 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
+ 
+     RGW_Auth_S3::init(store);
+ 
+-    ldout(store->ctx(), 15)
+-      << __func__ << " LDAP auth uri="
+-      << store->ctx()->_conf->rgw_ldap_uri
+-      << dendl;
+-
+     RGWToken token{from_base64(auth_id)};
+-
+-    if (! token.valid())
++    if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+       external_auth_result = -EACCES;
+     else {
+-      ldout(store->ctx(), 10)
+-	<< __func__ << " try LDAP auth uri="
+-	<< store->ctx()->_conf->rgw_ldap_uri
+-	<< " token.id=" << token.id
+-	<< dendl;
+-
+-      if (ldh->auth(token.id, token.key) != 0)
+-	external_auth_result = -EACCES;
+-      else {
+-	/* ok, succeeded */
+-	external_auth_result = 0;
++      /* ok, succeeded */
++      external_auth_result = 0;
+ 
+-	/* create local account, if none exists */
+-	s->user->user_id = token.id;
+-	s->user->display_name = token.id; // cn?
+-	int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++      /* create local account, if none exists */
++      s->user->user_id = token.id;
++      s->user->display_name = token.id; // cn?
++      int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
++      if (ret < 0) {
++	ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
++				  real_time(), true);
+ 	if (ret < 0) {
+-	  ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
+-				    real_time(), true);
+-	  if (ret < 0) {
+-	    dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
+-		     << dendl;
+-	  }
++	  dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
++		   << dendl;
+ 	}
++      }
+ 
+       /* set request perms */
+       s->perm_mask = RGW_PERM_FULL_CONTROL;
+-      } /* success */
+-    } /* token */
++    } /* success */
+   } /* ldap */
+ 
+   /* keystone failed (or not enabled); check if we want to use rados backend */
+ 
+-- 
+2.10.0
+

Copied: ceph/repos/staging-x86_64/04-fix-686-build.patch (from rev 285145, ceph/trunk/04-fix-686-build.patch)
===================================================================
--- staging-x86_64/04-fix-686-build.patch	                        (rev 0)
+++ staging-x86_64/04-fix-686-build.patch	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,199 @@
+# https://github.com/ceph/ceph/pull/10855
+From 518883d939f34ec0afa03aea1bac35960fb579f2 Mon Sep 17 00:00:00 2001
+From: Loic Dachary <ldachary at redhat.com>
+Date: Thu, 25 Aug 2016 09:09:40 +0200
+Subject: [PATCH 1/4] Revert "common: add int64_t template for
+ strict_si_cast()"
+
+This reverts commit e3a99c082e3ebd56d5b40d7d94d98e35629df81e.
+---
+ src/common/strtol.cc |  2 --
+ src/test/strtol.cc   | 15 ---------------
+ 2 files changed, 17 deletions(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index f43d661..50598b9 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -189,8 +189,6 @@ template int strict_si_cast<int>(const char *str, std::string *err);
+ 
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+ 
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 3946736..646c055 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,21 +234,6 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("-2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("1T", &err);
+-    ASSERT_EQ(err, "");
+-  }
+ }
+ 
+ /*
+
+From f7cd28460147530cfd265a593b32d02adb93abe6 Mon Sep 17 00:00:00 2001
+From: Kefu Chai <tchaikov at gmail.com>
+Date: Sat, 30 Apr 2016 18:31:37 +0800
+Subject: [PATCH 2/4] common/config: cast OPT_U32 options using uint32_t
+
+the OPT_U32 options was translated using strict_si_cast<int>(), and then
+cast the converted result to uint32_t. this could cause integer
+underflow. we could have lifted the burden of checking invalid input
+from the user of this option to the strict_si_cast<>() function. so in
+this change, we use strict_si_cast<uint32_t>() instead, before casting
+the converted value into `uint32_t`.
+
+Signed-off-by: Kefu Chai <tchaikov at gmail.com>
+(cherry picked from commit b7babd6aa671d688eef0af61ca17fd11eec22773)
+---
+ src/common/config.cc | 2 +-
+ src/common/strtol.cc | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/config.cc b/src/common/config.cc
+index 622e237..d27bfbf 100644
+--- a/src/common/config.cc
++++ b/src/common/config.cc
+@@ -994,7 +994,7 @@ int md_config_t::set_val_raw(const char *val, const config_option *opt)
+       return 0;
+     case OPT_U32: {
+       std::string err;
+-      int f = strict_si_cast<int>(val, &err);
++      int f = strict_si_cast<uint32_t>(val, &err);
+       if (!err.empty())
+ 	return -EINVAL;
+       *(uint32_t*)opt->conf_ptr(this) = f;
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 50598b9..bc5ccc7 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,10 +186,9 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+-
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
++template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+ {
+
+From d93eda88048d2bcefe4be3ea0aaa6ca0289eabbf Mon Sep 17 00:00:00 2001
+From: Vikhyat Umrao <vumrao at redhat.com>
+Date: Thu, 26 May 2016 23:30:25 +0530
+Subject: [PATCH 3/4] common: add int64_t template for strict_si_cast()
+
+Signed-off-by: Vikhyat Umrao <vumrao at redhat.com>
+(cherry picked from commit 8e429d05370fbe7935212d0ae9608e7547f39860)
+---
+ src/common/strtol.cc |  1 +
+ src/test/strtol.cc   | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index bc5ccc7..0e7ea7d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -187,6 +187,7 @@ T strict_si_cast(const char *str, std::string *err)
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
++template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 646c055..3946736 100644
+--- a/src/test/strtol.cc
++++ b/src/test/strtol.cc
+@@ -234,6 +234,21 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("2E", &err);
++    ASSERT_EQ(err, "");
++  }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("-2E", &err);
++    ASSERT_EQ(err, "");
++  }
++  {
++    std::string err;
++    (void)strict_si_cast<int64_t>("1T", &err);
++    ASSERT_EQ(err, "");
++  }
+ }
+ 
+ /*
+
+From 117aa35094c059dbf5770b01ac13a583471e54aa Mon Sep 17 00:00:00 2001
+From: Kefu Chai <kchai at redhat.com>
+Date: Sun, 26 Jun 2016 01:02:03 +0800
+Subject: [PATCH 4/4] common: instantiate strict_si_cast<long> not
+ strict_si_cast<int64_t>
+
+this fixes the build on armf.
+
+on 32bit platforms, cstdint is very likely to
+
+ typedef long long int int64_t;
+
+this results in compilation error like
+
+ `common/strtol.cc:190:75: error: duplicate explicit instantiation of 'T
+ strict_si_cast(const char, std::string) [with T = long long int;
+ std::string = std::basic_string]'
+
+ [-fpermissive]
+ template int64_t strict_si_cast(const char *str, std::string *err);
+ ^`
+
+we can address this by instantiate the primitive type of `long long`
+instead of `in64_t`.
+
+Fixes: http://tracker.ceph.com/issues/16398
+Signed-off-by: Kefu Chai <kchai at redhat.com>
+(cherry picked from commit 31db4c5f9f725e13e38f3c90744e299e023d02a4)
+---
+ src/common/strtol.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 0e7ea7d..321521d 100644
+--- a/src/common/strtol.cc
++++ b/src/common/strtol.cc
+@@ -186,8 +186,8 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
++template long strict_si_cast<long>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 

Copied: ceph/repos/staging-x86_64/PKGBUILD (from rev 285145, ceph/trunk/PKGBUILD)
===================================================================
--- staging-x86_64/PKGBUILD	                        (rev 0)
+++ staging-x86_64/PKGBUILD	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,91 @@
+# $Id$
+# Maintainer: Sébastien "Seblu" Luttringer <seblu at archlinux.org>
+
+pkgname=ceph
+pkgver=10.2.3
+pkgrel=2
+pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system'
+arch=('x86_64' 'i686')
+url='https://ceph.com/'
+license=('GPL')
+makedepends=('boost' 'systemd' 'xfsprogs' 'python2-setuptools' 'python2-sphinx'
+             'python2-virtualenv' 'cython2')
+depends=('boost-libs' 'curl' 'expat' 'fcgi' 'fuse2' 'gcc-libs' 'glibc'
+  'gperftools' 'keyutils' 'leveldb' 'libaio' 'libatomic_ops' 'libedit'
+  'libsystemd' 'libutil-linux' 'ncurses' 'nss' 'python2' 'snappy')
+optdepends=('xfsprogs: support xfs backend')
+options=('emptydirs')
+install=ceph.install
+source=("https://ceph.com/download/$pkgname-$pkgver.tar.gz"
+        'ceph.sysusers'
+        '01-virtualenv2.patch'
+        '02-setup-python2.patch'
+        '03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch'
+        '04-fix-686-build.patch')
+md5sums=('5d660c78a211f6d53161e197729aebd2'
+         'b3e24e3aa005a657ab475f84bfe3291a'
+         'a3f72dc8e97f9fd5708d52256bcd9e75'
+         'f11582acceeb6c1790518c3a5a29bb18'
+         '6c4cbe6288858421832e751164617774'
+         'e8fbd2dfb359a8f6d2738d46441fbffa')
+
+prepare() {
+  cd $pkgname-$pkgver
+  # apply patch from the source array (should be a pacman feature)
+  local filename
+  for filename in "${source[@]}"; do
+    if [[ "$filename" =~ \.patch$ ]]; then
+      msg2 "Applying patch ${filename##*/}"
+      patch -p1 -N -i "$srcdir/${filename##*/}"
+    fi
+  done
+  :
+}
+
+build() {
+  cd $pkgname-$pkgver
+  ./configure \
+    --prefix=/usr \
+    --sbindir=/usr/bin \
+    --libexecdir=/usr/lib \
+    --sysconfdir=/etc \
+    --localstatedir=/var \
+    --with-man-pages \
+    --with-radosgw \
+    --without-openldap \
+    PYTHON=/usr/bin/python2 \
+    CYTHON_CHECK=yes \
+    PYTHON_CONFIG_CHECK=yes \
+    SPHINX_BUILD=sphinx-build2
+  make
+}
+
+package() {
+  cd $pkgname-$pkgver
+
+  make DESTDIR="$pkgdir" install
+
+  # install tmpfiles.d
+  install -Dm644 systemd/ceph.tmpfiles.d "$pkgdir/usr/lib/tmpfiles.d/$pkgname.conf"
+  install -Dm644 "$srcdir"/ceph.sysusers "$pkgdir/usr/lib/sysusers.d/$pkgname.conf"
+
+  cd "$pkgdir"
+
+  # fix sbin path
+  msg2 'Fix sbin paths'
+  mv -v usr/sbin/* usr/bin
+  rmdir -v usr/sbin
+
+  # fix bash completions path
+  msg2 'Fix bash completion path'
+  install -d -m 755 usr/share/bash-completion
+  mv etc/bash_completion.d usr/share/bash-completion/completions
+
+  # fix python2 shebang, did not do it in prepare() anymore because it
+  # confuse automake
+  msg2 'Fix python2 shebang'
+  find . -type f -executable -exec \
+    sed -i '1s,^#! \?/usr/bin/\(env \|\)python$,#!/usr/bin/python2,' {} \;
+}
+
+# vim:set ts=2 sw=2 et:

Copied: ceph/repos/staging-x86_64/ceph.install (from rev 285145, ceph/trunk/ceph.install)
===================================================================
--- staging-x86_64/ceph.install	                        (rev 0)
+++ staging-x86_64/ceph.install	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1,16 @@
+# vim: ft=sh ts=2 sw=2 et:
+
+# arg 1:  the new package version
+post_install() {
+  systemd-sysusers ceph.conf
+  systemd-tmpfiles --create ceph.conf
+}
+
+# arg 1:  the new package version
+# arg 2:  the old package version
+post_upgrade() {
+  if (( "$(vercmp $2 '10.2.2-1')" < 0 )); then
+    systemd-sysusers ceph.conf
+    systemd-tmpfiles --create ceph.conf
+  fi
+}

Copied: ceph/repos/staging-x86_64/ceph.sysusers (from rev 285145, ceph/trunk/ceph.sysusers)
===================================================================
--- staging-x86_64/ceph.sysusers	                        (rev 0)
+++ staging-x86_64/ceph.sysusers	2017-01-01 21:10:12 UTC (rev 285146)
@@ -0,0 +1 @@
+u ceph - - /run/ceph



More information about the arch-commits mailing list