Send Linux-ha-cvs mailing list submissions to
linux-ha-cvs@lists.linux-ha.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.community.tummy.com/mailman/listinfo/linux-ha-cvs
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Linux-ha-cvs digest..."
Today's Topics:
1. Linux-HA CVS: resources by davidlee from
(linux-ha-cvs@lists.linux-ha.org)
2. Linux-HA CVS: lib by davidlee from
(linux-ha-cvs@lists.linux-ha.org)
----------------------------------------------------------------------
Message: 1
Date: Mon, 17 Jul 2006 11:00:06 -0600 (MDT)
From: linux-ha-cvs@lists.linux-ha.org
Subject: [Linux-ha-cvs] Linux-HA CVS: resources by davidlee from
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
linux-ha CVS committal
Author : davidlee
Host :
Project : linux-ha
Module : resources
Dir : linux-ha/resources/OCF
Modified Files:
IPaddr.in
Log Message:
Allow CMD to be a chain of commands. Use an instance of this to work around a
Solaris 10 OS bug.
===================================================================
RCS file: /home/cvs/linux-ha/linux-ha/resources/OCF/IPaddr.in,v
retrieving revision 1.45
retrieving revision 1.46
diff -u -3 -r1.45 -r1.46
--- IPaddr.in 10 Jul 2006 20:08:16 -0000 1.45
+++ IPaddr.in 17 Jul 2006 17:00:05 -0000 1.46
@@ -561,7 +561,13 @@
return $rc
fi
fi
- CMD="$IFCONFIG $iface inet $ipaddr $netmask_text up"
+ # At Solaris 10, this single-command version sometimes broke.
+ # Almost certainly an S10 bug.
+ # CMD="$IFCONFIG $iface inet $ipaddr $netmask_text up"
+ # So hack the following workaround:
+ CMD="$IFCONFIG $iface inet $ipaddr"
+ CMD="$CMD && $IFCONFIG $iface $netmask_text"
+ CMD="$CMD && $IFCONFIG $iface up"
;;
*BSD)
@@ -573,11 +579,11 @@
;;
esac
- ocf_log info "$CMD"
- $CMD
+ ocf_log info "eval $CMD"
+ eval $CMD
rc=$?
if [ $rc != 0 ]; then
- echo "ERROR: $CMD failed (rc=$rc)"
+ echo "ERROR: eval $CMD failed (rc=$rc)"
fi
return $rc
------------------------------
Message: 2
Date: Mon, 17 Jul 2006 11:02:47 -0600 (MDT)
From: linux-ha-cvs@lists.linux-ha.org
Subject: [Linux-ha-cvs] Linux-HA CVS: lib by davidlee from
To: [EMAIL PROTECTED]
Message-ID: <[EMAIL PROTECTED]>
linux-ha CVS committal
Author : davidlee
Host :
Project : linux-ha
Module : lib
Dir : linux-ha/lib/clplumbing
Modified Files:
ipcsocket.c
Log Message:
Solaris 10 offers 'getpeerucred()'. This should allow sockets (rather than
streams) use. Sketch in the code.
===================================================================
RCS file: /home/cvs/linux-ha/linux-ha/lib/clplumbing/ipcsocket.c,v
retrieving revision 1.173
retrieving revision 1.174
diff -u -3 -r1.173 -r1.174
--- ipcsocket.c 2 Feb 2006 15:58:00 -0000 1.173
+++ ipcsocket.c 17 Jul 2006 17:02:46 -0000 1.174
@@ -1,4 +1,4 @@
-/* $Id: ipcsocket.c,v 1.173 2006/02/02 15:58:00 alan Exp $ */
+/* $Id: ipcsocket.c,v 1.174 2006/07/17 17:02:46 davidlee Exp $ */
/*
* ipcsocket unix domain socket implementation of IPC abstraction.
*
@@ -59,6 +59,11 @@
# include <sys/ucred.h>
#endif
+/* For 'getpeerucred()' (Solaris 10 upwards) */
+#ifdef HAVE_UCRED_H
+# include <ucred.h>
+#endif
+
#ifdef HAVE_SYS_SOCKET_H
# include <sys/socket.h>
#endif
@@ -135,8 +140,8 @@
# define USE_GETPEEREID
#elif defined(SCM_CREDS)
# define USE_SCM_CREDS
-/* #elif HAVE_GETPEERUCRED */ /* e.g. Solaris 10 upwards */
-/* # define USE_GETPEERUCRED */
+#elif HAVE_GETPEERUCRED /* e.g. Solaris 10 upwards */
+# define USE_GETPEERUCRED
#elif HB_IPC_METHOD == HB_IPC_STREAM
# define USE_STREAM_CREDS
#else
@@ -2333,6 +2338,7 @@
/* get farside pid for our peer process */
+static
pid_t
socket_get_farside_pid(int sockfd)
{
@@ -2398,6 +2404,7 @@
return ret;
}
+static
pid_t
socket_get_farside_pid(int sock)
{
@@ -2547,6 +2554,7 @@
* information.
*/
+static
pid_t
socket_get_farside_pid(int sock)
{
@@ -2559,8 +2567,8 @@
/***********************************************************************
* Bind/Stat VERSION... (Supported on OSX/Darwin and 4.3+BSD at least...)
*
- * This is for use on systems such as OSX-Darwin and maybe Solaris where
- * none of the other options are available.
+ * This is for use on systems such as OSX-Darwin where
+ * none of the other options is available.
*
* This implementation has been adapted from "Advanced Programming
* in the Unix Environment", Section 15.5.2, by W. Richard Stevens.
@@ -2635,6 +2643,7 @@
}
+static
pid_t
socket_get_farside_pid(int sock)
{
@@ -2643,7 +2652,7 @@
#endif /* Bind/stat version */
/***********************************************************************
- * USE_STREAM_CREDS VERSION... (e.g. Solaris)
+ * USE_STREAM_CREDS VERSION... (e.g. Solaris pre-10)
***********************************************************************/
#ifdef USE_STREAM_CREDS
static int
@@ -2675,6 +2684,7 @@
return IPC_FAIL;
}
+static
pid_t
socket_get_farside_pid(int sock)
{
@@ -2684,8 +2694,6 @@
/***********************************************************************
* GETPEERUCRED VERSION... (e.g. Solaris 10 upwards)
- *
- * *** Not yet implemented ***
***********************************************************************/
#ifdef USE_GETPEERUCRED
@@ -2693,26 +2701,68 @@
static int
socket_verify_auth(struct IPC_CHANNEL* ch, struct IPC_AUTH * auth_info)
{
-# error getpeerucred() not yet implemeted
- return IPC_FAIL;
+ struct SOCKET_CH_PRIVATE *conn_info;
+ ucred_t *ucred = NULL;
+ int rc = IPC_FAIL;
+
+ if (ch == NULL || ch->ch_private == NULL) {
+ return IPC_FAIL;
+ }
+
+ conn_info = (struct SOCKET_CH_PRIVATE *) ch->ch_private;
+
+ if (auth_info == NULL
+ || (auth_info->uid == NULL && auth_info->gid == NULL)) {
+ return IPC_OK; /* no restriction for authentication */
+ }
+
+ if (getpeerucred(conn_info->s, &ucred) < 0) {
+ cl_perror("getpeereid() failure");
+ return IPC_FAIL;
+ }
+
+ /* Check credentials against authorization information */
+
+ if (auth_info->uid
+ && (g_hash_table_lookup(auth_info->uid,
+ GUINT_TO_POINTER((guint)ucred_geteuid(ucred))) != NULL)) {
+ rc = IPC_OK;
+ }else if (auth_info->gid
+ && (g_hash_table_lookup(auth_info->gid,
+ GUINT_TO_POINTER((guint)ucred_getegid(ucred))) != NULL)) {
+ rc = IPC_OK;
+ }
+
+ ucred_free(ucred);
+
+ return rc;
}
+static
pid_t
-socket_get_farside_pid(int sock)
+socket_get_farside_pid(int sockfd)
{
- return -1;
+ ucred_t *ucred = NULL;
+ pid_t pid;
+
+ if (getpeerucred(sockfd, &ucred) < 0) {
+ cl_perror("getpeereid() failure");
+ return IPC_FAIL;
+ }
+
+ pid = ucred_getpid(ucred);
+
+ ucred_free(ucred);
+
+ return pid;
}
#endif
/***********************************************************************
* DUMMY VERSION... (other systems...)
*
- * I'm afraid Solaris falls into this category :-(
* Other options that seem to be out there include
* SCM_CREDENTIALS and LOCAL_CREDS
- * Or maybe something called doors for Solaris
- * Unfortunately, it looks like Doors is tied to threads :-(
- * Can the streams credentials code be used with local domain sockets?
* There are some kludgy things you can do with SCM_RIGHTS
* to pass an fd which could only be opened by the user id to
* validate the user id, but I don't know of a similar kludge which
@@ -2731,6 +2781,7 @@
return IPC_FAIL;
}
+static
pid_t
socket_get_farside_pid(int sock)
{
------------------------------
_______________________________________________
Linux-ha-cvs mailing list
Linux-ha-cvs@lists.linux-ha.org
http://lists.community.tummy.com/mailman/listinfo/linux-ha-cvs
End of Linux-ha-cvs Digest, Vol 32, Issue 49
********************************************
