Send Linux-ha-cvs mailing list submissions to linux-ha-cvs@lists.linux-ha.org
To subscribe or unsubscribe via the World Wide Web, visit http://lists.community.tummy.com/mailman/listinfo/linux-ha-cvs or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Linux-ha-cvs digest..." Today's Topics: 1. Linux-HA CVS: resources by davidlee from (linux-ha-cvs@lists.linux-ha.org) 2. Linux-HA CVS: lib by davidlee from (linux-ha-cvs@lists.linux-ha.org) ---------------------------------------------------------------------- Message: 1 Date: Mon, 17 Jul 2006 11:00:06 -0600 (MDT) From: linux-ha-cvs@lists.linux-ha.org Subject: [Linux-ha-cvs] Linux-HA CVS: resources by davidlee from To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> linux-ha CVS committal Author : davidlee Host : Project : linux-ha Module : resources Dir : linux-ha/resources/OCF Modified Files: IPaddr.in Log Message: Allow CMD to be a chain of commands. Use an instance of this to work around a Solaris 10 OS bug. =================================================================== RCS file: /home/cvs/linux-ha/linux-ha/resources/OCF/IPaddr.in,v retrieving revision 1.45 retrieving revision 1.46 diff -u -3 -r1.45 -r1.46 --- IPaddr.in 10 Jul 2006 20:08:16 -0000 1.45 +++ IPaddr.in 17 Jul 2006 17:00:05 -0000 1.46 @@ -561,7 +561,13 @@ return $rc fi fi - CMD="$IFCONFIG $iface inet $ipaddr $netmask_text up" + # At Solaris 10, this single-command version sometimes broke. + # Almost certainly an S10 bug. + # CMD="$IFCONFIG $iface inet $ipaddr $netmask_text up" + # So hack the following workaround: + CMD="$IFCONFIG $iface inet $ipaddr" + CMD="$CMD && $IFCONFIG $iface $netmask_text" + CMD="$CMD && $IFCONFIG $iface up" ;; *BSD) @@ -573,11 +579,11 @@ ;; esac - ocf_log info "$CMD" - $CMD + ocf_log info "eval $CMD" + eval $CMD rc=$? if [ $rc != 0 ]; then - echo "ERROR: $CMD failed (rc=$rc)" + echo "ERROR: eval $CMD failed (rc=$rc)" fi return $rc ------------------------------ Message: 2 Date: Mon, 17 Jul 2006 11:02:47 -0600 (MDT) From: linux-ha-cvs@lists.linux-ha.org Subject: [Linux-ha-cvs] Linux-HA CVS: lib by davidlee from To: [EMAIL PROTECTED] Message-ID: <[EMAIL PROTECTED]> linux-ha CVS committal Author : davidlee Host : Project : linux-ha Module : lib Dir : linux-ha/lib/clplumbing Modified Files: ipcsocket.c Log Message: Solaris 10 offers 'getpeerucred()'. This should allow sockets (rather than streams) use. Sketch in the code. =================================================================== RCS file: /home/cvs/linux-ha/linux-ha/lib/clplumbing/ipcsocket.c,v retrieving revision 1.173 retrieving revision 1.174 diff -u -3 -r1.173 -r1.174 --- ipcsocket.c 2 Feb 2006 15:58:00 -0000 1.173 +++ ipcsocket.c 17 Jul 2006 17:02:46 -0000 1.174 @@ -1,4 +1,4 @@ -/* $Id: ipcsocket.c,v 1.173 2006/02/02 15:58:00 alan Exp $ */ +/* $Id: ipcsocket.c,v 1.174 2006/07/17 17:02:46 davidlee Exp $ */ /* * ipcsocket unix domain socket implementation of IPC abstraction. * @@ -59,6 +59,11 @@ # include <sys/ucred.h> #endif +/* For 'getpeerucred()' (Solaris 10 upwards) */ +#ifdef HAVE_UCRED_H +# include <ucred.h> +#endif + #ifdef HAVE_SYS_SOCKET_H # include <sys/socket.h> #endif @@ -135,8 +140,8 @@ # define USE_GETPEEREID #elif defined(SCM_CREDS) # define USE_SCM_CREDS -/* #elif HAVE_GETPEERUCRED */ /* e.g. Solaris 10 upwards */ -/* # define USE_GETPEERUCRED */ +#elif HAVE_GETPEERUCRED /* e.g. Solaris 10 upwards */ +# define USE_GETPEERUCRED #elif HB_IPC_METHOD == HB_IPC_STREAM # define USE_STREAM_CREDS #else @@ -2333,6 +2338,7 @@ /* get farside pid for our peer process */ +static pid_t socket_get_farside_pid(int sockfd) { @@ -2398,6 +2404,7 @@ return ret; } +static pid_t socket_get_farside_pid(int sock) { @@ -2547,6 +2554,7 @@ * information. */ +static pid_t socket_get_farside_pid(int sock) { @@ -2559,8 +2567,8 @@ /*********************************************************************** * Bind/Stat VERSION... (Supported on OSX/Darwin and 4.3+BSD at least...) * - * This is for use on systems such as OSX-Darwin and maybe Solaris where - * none of the other options are available. + * This is for use on systems such as OSX-Darwin where + * none of the other options is available. * * This implementation has been adapted from "Advanced Programming * in the Unix Environment", Section 15.5.2, by W. Richard Stevens. @@ -2635,6 +2643,7 @@ } +static pid_t socket_get_farside_pid(int sock) { @@ -2643,7 +2652,7 @@ #endif /* Bind/stat version */ /*********************************************************************** - * USE_STREAM_CREDS VERSION... (e.g. Solaris) + * USE_STREAM_CREDS VERSION... (e.g. Solaris pre-10) ***********************************************************************/ #ifdef USE_STREAM_CREDS static int @@ -2675,6 +2684,7 @@ return IPC_FAIL; } +static pid_t socket_get_farside_pid(int sock) { @@ -2684,8 +2694,6 @@ /*********************************************************************** * GETPEERUCRED VERSION... (e.g. Solaris 10 upwards) - * - * *** Not yet implemented *** ***********************************************************************/ #ifdef USE_GETPEERUCRED @@ -2693,26 +2701,68 @@ static int socket_verify_auth(struct IPC_CHANNEL* ch, struct IPC_AUTH * auth_info) { -# error getpeerucred() not yet implemeted - return IPC_FAIL; + struct SOCKET_CH_PRIVATE *conn_info; + ucred_t *ucred = NULL; + int rc = IPC_FAIL; + + if (ch == NULL || ch->ch_private == NULL) { + return IPC_FAIL; + } + + conn_info = (struct SOCKET_CH_PRIVATE *) ch->ch_private; + + if (auth_info == NULL + || (auth_info->uid == NULL && auth_info->gid == NULL)) { + return IPC_OK; /* no restriction for authentication */ + } + + if (getpeerucred(conn_info->s, &ucred) < 0) { + cl_perror("getpeereid() failure"); + return IPC_FAIL; + } + + /* Check credentials against authorization information */ + + if (auth_info->uid + && (g_hash_table_lookup(auth_info->uid, + GUINT_TO_POINTER((guint)ucred_geteuid(ucred))) != NULL)) { + rc = IPC_OK; + }else if (auth_info->gid + && (g_hash_table_lookup(auth_info->gid, + GUINT_TO_POINTER((guint)ucred_getegid(ucred))) != NULL)) { + rc = IPC_OK; + } + + ucred_free(ucred); + + return rc; } +static pid_t -socket_get_farside_pid(int sock) +socket_get_farside_pid(int sockfd) { - return -1; + ucred_t *ucred = NULL; + pid_t pid; + + if (getpeerucred(sockfd, &ucred) < 0) { + cl_perror("getpeereid() failure"); + return IPC_FAIL; + } + + pid = ucred_getpid(ucred); + + ucred_free(ucred); + + return pid; } #endif /*********************************************************************** * DUMMY VERSION... (other systems...) * - * I'm afraid Solaris falls into this category :-( * Other options that seem to be out there include * SCM_CREDENTIALS and LOCAL_CREDS - * Or maybe something called doors for Solaris - * Unfortunately, it looks like Doors is tied to threads :-( - * Can the streams credentials code be used with local domain sockets? * There are some kludgy things you can do with SCM_RIGHTS * to pass an fd which could only be opened by the user id to * validate the user id, but I don't know of a similar kludge which @@ -2731,6 +2781,7 @@ return IPC_FAIL; } +static pid_t socket_get_farside_pid(int sock) { ------------------------------ _______________________________________________ Linux-ha-cvs mailing list Linux-ha-cvs@lists.linux-ha.org http://lists.community.tummy.com/mailman/listinfo/linux-ha-cvs End of Linux-ha-cvs Digest, Vol 32, Issue 49 ********************************************