extra/ceph to 10.2.3-1

2025-01-17 23:34:07 +00:00 · 2016-10-30 20:37:21 +00:00 · 2016-10-30 20:37:21 +00:00 · d2f5ec686d
commit d2f5ec686d
parent 931718dc9b
3 changed files with 515 additions and 9 deletions
--- a/extra/ceph/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
+++ b/extra/ceph/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch
@ -0,0 +1,309 @@
+From b1099e8edcda1ab658eaac424bd2e09d6e7cbabd Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= <seblu@seblu.net>
+Date: Sun, 9 Oct 2016 01:53:36 +0200
+Subject: [PATCH] Revert "rgw ldap: fix ldap bindpw parsing"
+
+This reverts commit fe57aceeb02ad9163feb2d196589b5927cedfa0f.
+---
+ src/rgw/librgw.cc         |  6 ++--
+ src/rgw/rgw_ldap.cc       | 35 ---------------------
+ src/rgw/rgw_ldap.h        | 54 ++++++++-------------------------
+ src/rgw/rgw_rest_s3.cc    | 77 +++++++++++------------------------------------
+ src/test/test_rgw_ldap.cc |  4 +--
+ 5 files changed, 34 insertions(+), 142 deletions(-)
+
+diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc
+index c476129..37414fc 100644
+--- a/src/rgw/librgw.cc
+++ b/src/rgw/librgw.cc
+@@ -52,7 +52,6 @@
+ #include <string.h>
+ #include <mutex>
+ 
+-
+ #define dout_subsys ceph_subsys_rgw
+ 
+ bool global_stop = false;
+@@ -470,10 +469,9 @@ namespace rgw {
+     const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+     const string& ldap_dnattr =
+       store->ctx()->_conf->rgw_ldap_dnattr;
+-    std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(),
+-			      ldap_searchdn, ldap_dnattr);
+    ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
+			      ldap_dnattr);
+     ldh->init();
+     ldh->bind();
+ 
+diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc
+index 6cca3b8..ac420e3 100644
+--- a/src/rgw/rgw_ldap.cc
+++ b/src/rgw/rgw_ldap.cc
+@@ -2,38 +2,3 @@
+ // vim: ts=8 sw=2 smarttab
+ 
+ #include "rgw_ldap.h"
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+-
+-#include "include/assert.h"
+-
+-#define dout_subsys ceph_subsys_rgw
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx)
+-{
+-  string ldap_bindpw;
+-  string ldap_secret = ctx->_conf->rgw_ldap_secret;
+-
+-  if (ldap_secret.empty()) {
+-    ldout(ctx, 10)
+-      << __func__ << " LDAP auth no rgw_ldap_secret file found in conf"
+-      << dendl;
+-    } else {
+-      char bindpw[1024];
+-      memset(bindpw, 0, 1024);
+-      int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(),
+-				 bindpw, 1023);
+-    if (pwlen) {
+-      ldap_bindpw = bindpw;
+-      boost::algorithm::trim(ldap_bindpw);
+-      if (ldap_bindpw.back() == '\n')
+-	ldap_bindpw.pop_back();
+-    }
+-  }
+-
+-  return std::move(ldap_bindpw);
+-}
+diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h
+index b29e33ad..02eb61e 100644
+--- a/src/rgw/rgw_ldap.h
+++ b/src/rgw/rgw_ldap.h
+@@ -23,38 +23,27 @@ namespace rgw {
+   {
+     std::string uri;
+     std::string binddn;
+-    std::string bindpw;
+     std::string searchdn;
+     std::string dnattr;
+     LDAP *ldap;
+-    bool msad = false; /* TODO: possible future specialization */
+ 
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
+-      : uri(std::move(_uri)), binddn(std::move(_binddn)),
+-	bindpw(std::move(_bindpw)), searchdn(_searchdn), dnattr(_dnattr),
+-	ldap(nullptr) {
+    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
+	      std::string _dnattr)
+      : uri(std::move(_uri)), binddn(std::move(_binddn)), searchdn(_searchdn),
+	dnattr(_dnattr), ldap(nullptr) {
+       // nothing
+     }
+ 
+     int init() {
+       int ret;
+       ret = ldap_initialize(&ldap, uri.c_str());
+-      if (ret == LDAP_SUCCESS) {
+-	unsigned long ldap_ver = LDAP_VERSION3;
+-	ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION,
+-			      (void*) &ldap_ver);
+-      }
+-      if (ret == LDAP_SUCCESS) {
+-	ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); 
+-      }
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+     int bind() {
+       int ret;
+-      ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str());
+      ret = ldap_simple_bind_s(ldap, nullptr, nullptr);
+       return (ret == LDAP_SUCCESS) ? ret : -EINVAL;
+     }
+ 
+@@ -71,18 +60,11 @@ namespace rgw {
+     int auth(const std::string uid, const std::string pwd) {
+       int ret;
+       std::string filter;
+-      if (msad) {
+-	filter = "(&(objectClass=user)(sAMAccountName=";
+-	filter += uid;
+-	filter += "))";
+-      } else {
+-	/* openldap */
+-	filter = "(";
+-	filter += dnattr;
+-	filter += "=";
+-	filter += uid;
+-	filter += ")";
+-      }
+      filter = "(";
+      filter += dnattr;
+      filter += "=";
+      filter += uid;
+      filter += ")";
+       char *attrs[] = { const_cast<char*>(dnattr.c_str()), nullptr };
+       LDAPMessage *answer = nullptr, *entry = nullptr;
+       ret = ldap_search_s(ldap, searchdn.c_str(), LDAP_SCOPE_SUBTREE,
+@@ -113,8 +95,8 @@ namespace rgw {
+   class LDAPHelper
+   {
+   public:
+-    LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw,
+-	       std::string _searchdn, std::string _dnattr)
+    LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn,
+	      std::string _dnattr)
+       {}
+ 
+     int init() {
+@@ -135,17 +117,7 @@ namespace rgw {
+ 
+ 
+ #endif /* HAVE_OPENLDAP */
+-  
+-} /* namespace rgw */
+-
+-#include "common/ceph_context.h"
+-#include "common/common_init.h"
+-#include "common/dout.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+-#include "include/assert.h"
+-
+-std::string parse_rgw_ldap_bindpw(CephContext* ctx);
+} /* namespace rgw */
+ 
+ #endif /* RGW_LDAP_H */
+diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
+index e9f24f3..bd952db 100644
+--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
+@@ -8,8 +8,6 @@
+ #include "common/Formatter.h"
+ #include "common/utf8.h"
+ #include "common/ceph_json.h"
+-#include "common/safe_io.h"
+-#include <boost/algorithm/string.hpp>
+ 
+ #include "rgw_rest.h"
+ #include "rgw_rest_s3.h"
+@@ -1747,32 +1745,10 @@ int RGWPostObj_ObjStore_S3::get_policy()
+ 	  s->perm_mask = RGW_PERM_FULL_CONTROL;
+ 	}
+       } else if (store->ctx()->_conf->rgw_s3_auth_use_ldap &&
+-		 (! store->ctx()->_conf->rgw_ldap_uri.empty())) {
+-
+-	ldout(store->ctx(), 15)
+-	  << __func__ << " LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << dendl;
+-
+		store->ctx()->_conf->rgw_ldap_uri.empty()) {
+ 	RGWToken token{from_base64(s3_access_key)};
+-	if (! token.valid())
+-	  return -EACCES;
+-
+ 	rgw::LDAPHelper *ldh = RGW_Auth_S3::get_ldap_ctx(store);
+-	if (unlikely(!ldh)) {
+-	  ldout(store->ctx(), 0)
+-	    << __func__ << " RGW_Auth_S3::get_ldap_ctx() failed"
+-	    << dendl;
+-	  return -EACCES;
+-	}
+-
+-	ldout(store->ctx(), 10)
+-	  << __func__ << " try LDAP auth uri="
+-	  << store->ctx()->_conf->rgw_ldap_uri
+-	  << " token.id=" << token.id
+-	  << dendl;
+-
+-	if (ldh->auth(token.id, token.key) != 0)
+	if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+ 	  return -EACCES;
+ 
+ 	/* ok, succeeded */
+@@ -3091,10 +3067,9 @@ void RGW_Auth_S3::init_impl(RGWRados* store)
+   const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn;
+   const string& ldap_dnattr =
+     store->ctx()->_conf->rgw_ldap_dnattr;
+-  std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx());
+ 
+-  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw,
+-			    ldap_searchdn, ldap_dnattr);
+  ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn,
+			    ldap_dnattr);
+ 
+   ldh->init();
+   ldh->bind();
+@@ -3935,45 +3910,29 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s)
+ 
+     RGW_Auth_S3::init(store);
+ 
+-    ldout(store->ctx(), 15)
+-      << __func__ << " LDAP auth uri="
+-      << store->ctx()->_conf->rgw_ldap_uri
+-      << dendl;
+-
+     RGWToken token{from_base64(auth_id)};
+-
+-    if (! token.valid())
+    if ((! token.valid()) || ldh->auth(token.id, token.key) != 0)
+       external_auth_result = -EACCES;
+     else {
+-      ldout(store->ctx(), 10)
+-	<< __func__ << " try LDAP auth uri="
+-	<< store->ctx()->_conf->rgw_ldap_uri
+-	<< " token.id=" << token.id
+-	<< dendl;
+-
+-      if (ldh->auth(token.id, token.key) != 0)
+-	external_auth_result = -EACCES;
+-      else {
+-	/* ok, succeeded */
+-	external_auth_result = 0;
+      /* ok, succeeded */
+      external_auth_result = 0;
+ 
+-	/* create local account, if none exists */
+-	s->user->user_id = token.id;
+-	s->user->display_name = token.id; // cn?
+-	int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
+      /* create local account, if none exists */
+      s->user->user_id = token.id;
+      s->user->display_name = token.id; // cn?
+      int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user));
+      if (ret < 0) {
+	ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
+				  real_time(), true);
+ 	if (ret < 0) {
+-	  ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr,
+-				    real_time(), true);
+-	  if (ret < 0) {
+-	    dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
+-		     << dendl;
+-	  }
+	  dout(10) << "NOTICE: failed to store new user's info: ret=" << ret
+		   << dendl;
+ 	}
+      }
+ 
+       /* set request perms */
+       s->perm_mask = RGW_PERM_FULL_CONTROL;
+-      } /* success */
+-    } /* token */
+    } /* success */
+   } /* ldap */
+ 
+   /* keystone failed (or not enabled); check if we want to use rados backend */
+ 
+-- 
+2.10.0
+
--- a/extra/ceph/04-fix-686-build.patch
+++ b/extra/ceph/04-fix-686-build.patch
@ -0,0 +1,199 @@
+# https://github.com/ceph/ceph/pull/10855
+From 518883d939f34ec0afa03aea1bac35960fb579f2 Mon Sep 17 00:00:00 2001
+From: Loic Dachary <ldachary@redhat.com>
+Date: Thu, 25 Aug 2016 09:09:40 +0200
+Subject: [PATCH 1/4] Revert "common: add int64_t template for
+ strict_si_cast()"
+
+This reverts commit e3a99c082e3ebd56d5b40d7d94d98e35629df81e.
+---
+ src/common/strtol.cc |  2 --
+ src/test/strtol.cc   | 15 ---------------
+ 2 files changed, 17 deletions(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index f43d661..50598b9 100644
+--- a/src/common/strtol.cc
+++ b/src/common/strtol.cc
+@@ -189,8 +189,6 @@ template int strict_si_cast<int>(const char *str, std::string *err);
+ 
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+ 
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 3946736..646c055 100644
+--- a/src/test/strtol.cc
+++ b/src/test/strtol.cc
+@@ -234,21 +234,6 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("-2E", &err);
+-    ASSERT_EQ(err, "");
+-  }
+-  {
+-    std::string err;
+-    (void)strict_si_cast<int64_t>("1T", &err);
+-    ASSERT_EQ(err, "");
+-  }
+ }
+ 
+ /*
+
+From f7cd28460147530cfd265a593b32d02adb93abe6 Mon Sep 17 00:00:00 2001
+From: Kefu Chai <tchaikov@gmail.com>
+Date: Sat, 30 Apr 2016 18:31:37 +0800
+Subject: [PATCH 2/4] common/config: cast OPT_U32 options using uint32_t
+
+the OPT_U32 options was translated using strict_si_cast<int>(), and then
+cast the converted result to uint32_t. this could cause integer
+underflow. we could have lifted the burden of checking invalid input
+from the user of this option to the strict_si_cast<>() function. so in
+this change, we use strict_si_cast<uint32_t>() instead, before casting
+the converted value into `uint32_t`.
+
+Signed-off-by: Kefu Chai <tchaikov@gmail.com>
+(cherry picked from commit b7babd6aa671d688eef0af61ca17fd11eec22773)
+---
+ src/common/config.cc | 2 +-
+ src/common/strtol.cc | 3 +--
+ 2 files changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/src/common/config.cc b/src/common/config.cc
+index 622e237..d27bfbf 100644
+--- a/src/common/config.cc
+++ b/src/common/config.cc
+@@ -994,7 +994,7 @@ int md_config_t::set_val_raw(const char *val, const config_option *opt)
+       return 0;
+     case OPT_U32: {
+       std::string err;
+-      int f = strict_si_cast<int>(val, &err);
+      int f = strict_si_cast<uint32_t>(val, &err);
+       if (!err.empty())
+ 	return -EINVAL;
+       *(uint32_t*)opt->conf_ptr(this) = f;
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 50598b9..bc5ccc7 100644
+--- a/src/common/strtol.cc
+++ b/src/common/strtol.cc
+@@ -186,10 +186,9 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+-
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+ uint64_t strict_sistrtoll(const char *str, std::string *err)
+ {
+
+From d93eda88048d2bcefe4be3ea0aaa6ca0289eabbf Mon Sep 17 00:00:00 2001
+From: Vikhyat Umrao <vumrao@redhat.com>
+Date: Thu, 26 May 2016 23:30:25 +0530
+Subject: [PATCH 3/4] common: add int64_t template for strict_si_cast()
+
+Signed-off-by: Vikhyat Umrao <vumrao@redhat.com>
+(cherry picked from commit 8e429d05370fbe7935212d0ae9608e7547f39860)
+---
+ src/common/strtol.cc |  1 +
+ src/test/strtol.cc   | 15 +++++++++++++++
+ 2 files changed, 16 insertions(+)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index bc5ccc7..0e7ea7d 100644
+--- a/src/common/strtol.cc
+++ b/src/common/strtol.cc
+@@ -187,6 +187,7 @@ T strict_si_cast(const char *str, std::string *err)
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
+diff --git a/src/test/strtol.cc b/src/test/strtol.cc
+index 646c055..3946736 100644
+--- a/src/test/strtol.cc
+++ b/src/test/strtol.cc
+@@ -234,6 +234,21 @@ TEST(StrictSICast, Error) {
+     (void)strict_si_cast<int>("1T", &err);
+     ASSERT_NE(err, "");
+   }
+  {
+    std::string err;
+    (void)strict_si_cast<int64_t>("2E", &err);
+    ASSERT_EQ(err, "");
+  }
+  {
+    std::string err;
+    (void)strict_si_cast<int64_t>("-2E", &err);
+    ASSERT_EQ(err, "");
+  }
+  {
+    std::string err;
+    (void)strict_si_cast<int64_t>("1T", &err);
+    ASSERT_EQ(err, "");
+  }
+ }
+ 
+ /*
+
+From 117aa35094c059dbf5770b01ac13a583471e54aa Mon Sep 17 00:00:00 2001
+From: Kefu Chai <kchai@redhat.com>
+Date: Sun, 26 Jun 2016 01:02:03 +0800
+Subject: [PATCH 4/4] common: instantiate strict_si_cast<long> not
+ strict_si_cast<int64_t>
+
+this fixes the build on armf.
+
+on 32bit platforms, cstdint is very likely to
+
+ typedef long long int int64_t;
+
+this results in compilation error like
+
+ `common/strtol.cc:190:75: error: duplicate explicit instantiation of 'T
+ strict_si_cast(const char, std::string) [with T = long long int;
+ std::string = std::basic_string]'
+
+ [-fpermissive]
+ template int64_t strict_si_cast(const char *str, std::string *err);
+ ^`
+
+we can address this by instantiate the primitive type of `long long`
+instead of `in64_t`.
+
+Fixes: http://tracker.ceph.com/issues/16398
+Signed-off-by: Kefu Chai <kchai@redhat.com>
+(cherry picked from commit 31db4c5f9f725e13e38f3c90744e299e023d02a4)
+---
+ src/common/strtol.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/common/strtol.cc b/src/common/strtol.cc
+index 0e7ea7d..321521d 100644
+--- a/src/common/strtol.cc
+++ b/src/common/strtol.cc
+@@ -186,8 +186,8 @@ T strict_si_cast(const char *str, std::string *err)
+ }
+ 
+ template int strict_si_cast<int>(const char *str, std::string *err);
+template long strict_si_cast<long>(const char *str, std::string *err);
+ template long long strict_si_cast<long long>(const char *str, std::string *err);
+-template int64_t strict_si_cast<int64_t>(const char *str, std::string *err);
+ template uint64_t strict_si_cast<uint64_t>(const char *str, std::string *err);
+ template uint32_t strict_si_cast<uint32_t>(const char *str, std::string *err);
+ 
--- a/extra/ceph/PKGBUILD
+++ b/extra/ceph/PKGBUILD
@ -6,8 +6,8 @@
 #  - patch to remove incompatible gcc flag

 pkgname=ceph
-pkgver=10.2.2
-pkgrel=2
+pkgver=10.2.3
+pkgrel=1
 pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system'
 arch=('x86_64' 'i686')
 url='http://ceph.com/'
@ -24,8 +24,9 @@ source=("http://ceph.com/download/$pkgname-$pkgver.tar.gz"
        'ceph.sysusers'
        '01-virtualenv2.patch'
        '02-setup-python2.patch'
-        'no-neon.patch'
-        'no-omit-leaf-frame-pointer.diff')
+        '03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch'
+        '04-fix-686-build.patch'
+        'no-neon.patch')
 md5sums=('5cba47af53b3b17002aad3c854e5405c'
         'b3e24e3aa005a657ab475f84bfe3291a'
         'a3f72dc8e97f9fd5708d52256bcd9e75'
@ -44,9 +45,6 @@ prepare() {
    fi
  done
  :
-  if [[ $CARCH != "aarch64" ]]; then
-    patch -p1 -i ../no-omit-leaf-frame-pointer.diff
-  fi
 }

 build() {
@ -80,8 +78,8 @@ package() {

  # fix sbin path
  msg2 'Fix sbin paths'
-  mv -v sbin/* usr/sbin/* usr/bin
-  rmdir -v sbin usr/sbin
+  mv -v usr/sbin/* usr/bin
+  rmdir -v usr/sbin

  # fix bash completions path
  msg2 'Fix bash completion path'