diff --git a/extra/ceph/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch b/extra/ceph/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch new file mode 100644 index 000000000..8128ec6e1 --- /dev/null +++ b/extra/ceph/03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch @@ -0,0 +1,309 @@ +From b1099e8edcda1ab658eaac424bd2e09d6e7cbabd Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Luttringer?= +Date: Sun, 9 Oct 2016 01:53:36 +0200 +Subject: [PATCH] Revert "rgw ldap: fix ldap bindpw parsing" + +This reverts commit fe57aceeb02ad9163feb2d196589b5927cedfa0f. +--- + src/rgw/librgw.cc | 6 ++-- + src/rgw/rgw_ldap.cc | 35 --------------------- + src/rgw/rgw_ldap.h | 54 ++++++++------------------------- + src/rgw/rgw_rest_s3.cc | 77 +++++++++++------------------------------------ + src/test/test_rgw_ldap.cc | 4 +-- + 5 files changed, 34 insertions(+), 142 deletions(-) + +diff --git a/src/rgw/librgw.cc b/src/rgw/librgw.cc +index c476129..37414fc 100644 +--- a/src/rgw/librgw.cc ++++ b/src/rgw/librgw.cc +@@ -52,7 +52,6 @@ + #include + #include + +- + #define dout_subsys ceph_subsys_rgw + + bool global_stop = false; +@@ -470,10 +469,9 @@ namespace rgw { + const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn; + const string& ldap_dnattr = + store->ctx()->_conf->rgw_ldap_dnattr; +- std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx()); + +- ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw.c_str(), +- ldap_searchdn, ldap_dnattr); ++ ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn, ++ ldap_dnattr); + ldh->init(); + ldh->bind(); + +diff --git a/src/rgw/rgw_ldap.cc b/src/rgw/rgw_ldap.cc +index 6cca3b8..ac420e3 100644 +--- a/src/rgw/rgw_ldap.cc ++++ b/src/rgw/rgw_ldap.cc +@@ -2,38 +2,3 @@ + // vim: ts=8 sw=2 smarttab + + #include "rgw_ldap.h" +- +-#include "common/ceph_context.h" +-#include "common/common_init.h" +-#include "common/dout.h" +-#include "common/safe_io.h" +-#include +- +-#include "include/assert.h" +- +-#define dout_subsys ceph_subsys_rgw +- +-std::string parse_rgw_ldap_bindpw(CephContext* ctx) +-{ +- string ldap_bindpw; +- string ldap_secret = ctx->_conf->rgw_ldap_secret; +- +- if (ldap_secret.empty()) { +- ldout(ctx, 10) +- << __func__ << " LDAP auth no rgw_ldap_secret file found in conf" +- << dendl; +- } else { +- char bindpw[1024]; +- memset(bindpw, 0, 1024); +- int pwlen = safe_read_file("" /* base */, ldap_secret.c_str(), +- bindpw, 1023); +- if (pwlen) { +- ldap_bindpw = bindpw; +- boost::algorithm::trim(ldap_bindpw); +- if (ldap_bindpw.back() == '\n') +- ldap_bindpw.pop_back(); +- } +- } +- +- return std::move(ldap_bindpw); +-} +diff --git a/src/rgw/rgw_ldap.h b/src/rgw/rgw_ldap.h +index b29e33ad..02eb61e 100644 +--- a/src/rgw/rgw_ldap.h ++++ b/src/rgw/rgw_ldap.h +@@ -23,38 +23,27 @@ namespace rgw { + { + std::string uri; + std::string binddn; +- std::string bindpw; + std::string searchdn; + std::string dnattr; + LDAP *ldap; +- bool msad = false; /* TODO: possible future specialization */ + + public: +- LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw, +- std::string _searchdn, std::string _dnattr) +- : uri(std::move(_uri)), binddn(std::move(_binddn)), +- bindpw(std::move(_bindpw)), searchdn(_searchdn), dnattr(_dnattr), +- ldap(nullptr) { ++ LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn, ++ std::string _dnattr) ++ : uri(std::move(_uri)), binddn(std::move(_binddn)), searchdn(_searchdn), ++ dnattr(_dnattr), ldap(nullptr) { + // nothing + } + + int init() { + int ret; + ret = ldap_initialize(&ldap, uri.c_str()); +- if (ret == LDAP_SUCCESS) { +- unsigned long ldap_ver = LDAP_VERSION3; +- ret = ldap_set_option(ldap, LDAP_OPT_PROTOCOL_VERSION, +- (void*) &ldap_ver); +- } +- if (ret == LDAP_SUCCESS) { +- ret = ldap_set_option(ldap, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); +- } + return (ret == LDAP_SUCCESS) ? ret : -EINVAL; + } + + int bind() { + int ret; +- ret = ldap_simple_bind_s(ldap, binddn.c_str(), bindpw.c_str()); ++ ret = ldap_simple_bind_s(ldap, nullptr, nullptr); + return (ret == LDAP_SUCCESS) ? ret : -EINVAL; + } + +@@ -71,18 +60,11 @@ namespace rgw { + int auth(const std::string uid, const std::string pwd) { + int ret; + std::string filter; +- if (msad) { +- filter = "(&(objectClass=user)(sAMAccountName="; +- filter += uid; +- filter += "))"; +- } else { +- /* openldap */ +- filter = "("; +- filter += dnattr; +- filter += "="; +- filter += uid; +- filter += ")"; +- } ++ filter = "("; ++ filter += dnattr; ++ filter += "="; ++ filter += uid; ++ filter += ")"; + char *attrs[] = { const_cast(dnattr.c_str()), nullptr }; + LDAPMessage *answer = nullptr, *entry = nullptr; + ret = ldap_search_s(ldap, searchdn.c_str(), LDAP_SCOPE_SUBTREE, +@@ -113,8 +95,8 @@ namespace rgw { + class LDAPHelper + { + public: +- LDAPHelper(std::string _uri, std::string _binddn, std::string _bindpw, +- std::string _searchdn, std::string _dnattr) ++ LDAPHelper(std::string _uri, std::string _binddn, std::string _searchdn, ++ std::string _dnattr) + {} + + int init() { +@@ -135,17 +117,7 @@ namespace rgw { + + + #endif /* HAVE_OPENLDAP */ +- +-} /* namespace rgw */ +- +-#include "common/ceph_context.h" +-#include "common/common_init.h" +-#include "common/dout.h" +-#include "common/safe_io.h" +-#include + +-#include "include/assert.h" +- +-std::string parse_rgw_ldap_bindpw(CephContext* ctx); ++} /* namespace rgw */ + + #endif /* RGW_LDAP_H */ +diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc +index e9f24f3..bd952db 100644 +--- a/src/rgw/rgw_rest_s3.cc ++++ b/src/rgw/rgw_rest_s3.cc +@@ -8,8 +8,6 @@ + #include "common/Formatter.h" + #include "common/utf8.h" + #include "common/ceph_json.h" +-#include "common/safe_io.h" +-#include + + #include "rgw_rest.h" + #include "rgw_rest_s3.h" +@@ -1747,32 +1745,10 @@ int RGWPostObj_ObjStore_S3::get_policy() + s->perm_mask = RGW_PERM_FULL_CONTROL; + } + } else if (store->ctx()->_conf->rgw_s3_auth_use_ldap && +- (! store->ctx()->_conf->rgw_ldap_uri.empty())) { +- +- ldout(store->ctx(), 15) +- << __func__ << " LDAP auth uri=" +- << store->ctx()->_conf->rgw_ldap_uri +- << dendl; +- ++ store->ctx()->_conf->rgw_ldap_uri.empty()) { + RGWToken token{from_base64(s3_access_key)}; +- if (! token.valid()) +- return -EACCES; +- + rgw::LDAPHelper *ldh = RGW_Auth_S3::get_ldap_ctx(store); +- if (unlikely(!ldh)) { +- ldout(store->ctx(), 0) +- << __func__ << " RGW_Auth_S3::get_ldap_ctx() failed" +- << dendl; +- return -EACCES; +- } +- +- ldout(store->ctx(), 10) +- << __func__ << " try LDAP auth uri=" +- << store->ctx()->_conf->rgw_ldap_uri +- << " token.id=" << token.id +- << dendl; +- +- if (ldh->auth(token.id, token.key) != 0) ++ if ((! token.valid()) || ldh->auth(token.id, token.key) != 0) + return -EACCES; + + /* ok, succeeded */ +@@ -3091,10 +3067,9 @@ void RGW_Auth_S3::init_impl(RGWRados* store) + const string& ldap_searchdn = store->ctx()->_conf->rgw_ldap_searchdn; + const string& ldap_dnattr = + store->ctx()->_conf->rgw_ldap_dnattr; +- std::string ldap_bindpw = parse_rgw_ldap_bindpw(store->ctx()); + +- ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_bindpw, +- ldap_searchdn, ldap_dnattr); ++ ldh = new rgw::LDAPHelper(ldap_uri, ldap_binddn, ldap_searchdn, ++ ldap_dnattr); + + ldh->init(); + ldh->bind(); +@@ -3935,45 +3910,29 @@ int RGW_Auth_S3::authorize_v2(RGWRados *store, struct req_state *s) + + RGW_Auth_S3::init(store); + +- ldout(store->ctx(), 15) +- << __func__ << " LDAP auth uri=" +- << store->ctx()->_conf->rgw_ldap_uri +- << dendl; +- + RGWToken token{from_base64(auth_id)}; +- +- if (! token.valid()) ++ if ((! token.valid()) || ldh->auth(token.id, token.key) != 0) + external_auth_result = -EACCES; + else { +- ldout(store->ctx(), 10) +- << __func__ << " try LDAP auth uri=" +- << store->ctx()->_conf->rgw_ldap_uri +- << " token.id=" << token.id +- << dendl; +- +- if (ldh->auth(token.id, token.key) != 0) +- external_auth_result = -EACCES; +- else { +- /* ok, succeeded */ +- external_auth_result = 0; ++ /* ok, succeeded */ ++ external_auth_result = 0; + +- /* create local account, if none exists */ +- s->user->user_id = token.id; +- s->user->display_name = token.id; // cn? +- int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user)); ++ /* create local account, if none exists */ ++ s->user->user_id = token.id; ++ s->user->display_name = token.id; // cn? ++ int ret = rgw_get_user_info_by_uid(store, s->user->user_id, *(s->user)); ++ if (ret < 0) { ++ ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr, ++ real_time(), true); + if (ret < 0) { +- ret = rgw_store_user_info(store, *(s->user), nullptr, nullptr, +- real_time(), true); +- if (ret < 0) { +- dout(10) << "NOTICE: failed to store new user's info: ret=" << ret +- << dendl; +- } ++ dout(10) << "NOTICE: failed to store new user's info: ret=" << ret ++ << dendl; + } ++ } + + /* set request perms */ + s->perm_mask = RGW_PERM_FULL_CONTROL; +- } /* success */ +- } /* token */ ++ } /* success */ + } /* ldap */ + + /* keystone failed (or not enabled); check if we want to use rados backend */ + +-- +2.10.0 + diff --git a/extra/ceph/04-fix-686-build.patch b/extra/ceph/04-fix-686-build.patch new file mode 100644 index 000000000..e73db5d78 --- /dev/null +++ b/extra/ceph/04-fix-686-build.patch @@ -0,0 +1,199 @@ +# https://github.com/ceph/ceph/pull/10855 +From 518883d939f34ec0afa03aea1bac35960fb579f2 Mon Sep 17 00:00:00 2001 +From: Loic Dachary +Date: Thu, 25 Aug 2016 09:09:40 +0200 +Subject: [PATCH 1/4] Revert "common: add int64_t template for + strict_si_cast()" + +This reverts commit e3a99c082e3ebd56d5b40d7d94d98e35629df81e. +--- + src/common/strtol.cc | 2 -- + src/test/strtol.cc | 15 --------------- + 2 files changed, 17 deletions(-) + +diff --git a/src/common/strtol.cc b/src/common/strtol.cc +index f43d661..50598b9 100644 +--- a/src/common/strtol.cc ++++ b/src/common/strtol.cc +@@ -189,8 +189,6 @@ template int strict_si_cast(const char *str, std::string *err); + + template long long strict_si_cast(const char *str, std::string *err); + +-template int64_t strict_si_cast(const char *str, std::string *err); +- + template uint64_t strict_si_cast(const char *str, std::string *err); + + uint64_t strict_sistrtoll(const char *str, std::string *err) +diff --git a/src/test/strtol.cc b/src/test/strtol.cc +index 3946736..646c055 100644 +--- a/src/test/strtol.cc ++++ b/src/test/strtol.cc +@@ -234,21 +234,6 @@ TEST(StrictSICast, Error) { + (void)strict_si_cast("1T", &err); + ASSERT_NE(err, ""); + } +- { +- std::string err; +- (void)strict_si_cast("2E", &err); +- ASSERT_EQ(err, ""); +- } +- { +- std::string err; +- (void)strict_si_cast("-2E", &err); +- ASSERT_EQ(err, ""); +- } +- { +- std::string err; +- (void)strict_si_cast("1T", &err); +- ASSERT_EQ(err, ""); +- } + } + + /* + +From f7cd28460147530cfd265a593b32d02adb93abe6 Mon Sep 17 00:00:00 2001 +From: Kefu Chai +Date: Sat, 30 Apr 2016 18:31:37 +0800 +Subject: [PATCH 2/4] common/config: cast OPT_U32 options using uint32_t + +the OPT_U32 options was translated using strict_si_cast(), and then +cast the converted result to uint32_t. this could cause integer +underflow. we could have lifted the burden of checking invalid input +from the user of this option to the strict_si_cast<>() function. so in +this change, we use strict_si_cast() instead, before casting +the converted value into `uint32_t`. + +Signed-off-by: Kefu Chai +(cherry picked from commit b7babd6aa671d688eef0af61ca17fd11eec22773) +--- + src/common/config.cc | 2 +- + src/common/strtol.cc | 3 +-- + 2 files changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/common/config.cc b/src/common/config.cc +index 622e237..d27bfbf 100644 +--- a/src/common/config.cc ++++ b/src/common/config.cc +@@ -994,7 +994,7 @@ int md_config_t::set_val_raw(const char *val, const config_option *opt) + return 0; + case OPT_U32: { + std::string err; +- int f = strict_si_cast(val, &err); ++ int f = strict_si_cast(val, &err); + if (!err.empty()) + return -EINVAL; + *(uint32_t*)opt->conf_ptr(this) = f; +diff --git a/src/common/strtol.cc b/src/common/strtol.cc +index 50598b9..bc5ccc7 100644 +--- a/src/common/strtol.cc ++++ b/src/common/strtol.cc +@@ -186,10 +186,9 @@ T strict_si_cast(const char *str, std::string *err) + } + + template int strict_si_cast(const char *str, std::string *err); +- + template long long strict_si_cast(const char *str, std::string *err); +- + template uint64_t strict_si_cast(const char *str, std::string *err); ++template uint32_t strict_si_cast(const char *str, std::string *err); + + uint64_t strict_sistrtoll(const char *str, std::string *err) + { + +From d93eda88048d2bcefe4be3ea0aaa6ca0289eabbf Mon Sep 17 00:00:00 2001 +From: Vikhyat Umrao +Date: Thu, 26 May 2016 23:30:25 +0530 +Subject: [PATCH 3/4] common: add int64_t template for strict_si_cast() + +Signed-off-by: Vikhyat Umrao +(cherry picked from commit 8e429d05370fbe7935212d0ae9608e7547f39860) +--- + src/common/strtol.cc | 1 + + src/test/strtol.cc | 15 +++++++++++++++ + 2 files changed, 16 insertions(+) + +diff --git a/src/common/strtol.cc b/src/common/strtol.cc +index bc5ccc7..0e7ea7d 100644 +--- a/src/common/strtol.cc ++++ b/src/common/strtol.cc +@@ -187,6 +187,7 @@ T strict_si_cast(const char *str, std::string *err) + + template int strict_si_cast(const char *str, std::string *err); + template long long strict_si_cast(const char *str, std::string *err); ++template int64_t strict_si_cast(const char *str, std::string *err); + template uint64_t strict_si_cast(const char *str, std::string *err); + template uint32_t strict_si_cast(const char *str, std::string *err); + +diff --git a/src/test/strtol.cc b/src/test/strtol.cc +index 646c055..3946736 100644 +--- a/src/test/strtol.cc ++++ b/src/test/strtol.cc +@@ -234,6 +234,21 @@ TEST(StrictSICast, Error) { + (void)strict_si_cast("1T", &err); + ASSERT_NE(err, ""); + } ++ { ++ std::string err; ++ (void)strict_si_cast("2E", &err); ++ ASSERT_EQ(err, ""); ++ } ++ { ++ std::string err; ++ (void)strict_si_cast("-2E", &err); ++ ASSERT_EQ(err, ""); ++ } ++ { ++ std::string err; ++ (void)strict_si_cast("1T", &err); ++ ASSERT_EQ(err, ""); ++ } + } + + /* + +From 117aa35094c059dbf5770b01ac13a583471e54aa Mon Sep 17 00:00:00 2001 +From: Kefu Chai +Date: Sun, 26 Jun 2016 01:02:03 +0800 +Subject: [PATCH 4/4] common: instantiate strict_si_cast not + strict_si_cast + +this fixes the build on armf. + +on 32bit platforms, cstdint is very likely to + + typedef long long int int64_t; + +this results in compilation error like + + `common/strtol.cc:190:75: error: duplicate explicit instantiation of 'T + strict_si_cast(const char, std::string) [with T = long long int; + std::string = std::basic_string]' + + [-fpermissive] + template int64_t strict_si_cast(const char *str, std::string *err); + ^` + +we can address this by instantiate the primitive type of `long long` +instead of `in64_t`. + +Fixes: http://tracker.ceph.com/issues/16398 +Signed-off-by: Kefu Chai +(cherry picked from commit 31db4c5f9f725e13e38f3c90744e299e023d02a4) +--- + src/common/strtol.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/common/strtol.cc b/src/common/strtol.cc +index 0e7ea7d..321521d 100644 +--- a/src/common/strtol.cc ++++ b/src/common/strtol.cc +@@ -186,8 +186,8 @@ T strict_si_cast(const char *str, std::string *err) + } + + template int strict_si_cast(const char *str, std::string *err); ++template long strict_si_cast(const char *str, std::string *err); + template long long strict_si_cast(const char *str, std::string *err); +-template int64_t strict_si_cast(const char *str, std::string *err); + template uint64_t strict_si_cast(const char *str, std::string *err); + template uint32_t strict_si_cast(const char *str, std::string *err); + diff --git a/extra/ceph/PKGBUILD b/extra/ceph/PKGBUILD index f63748df3..ba8652922 100644 --- a/extra/ceph/PKGBUILD +++ b/extra/ceph/PKGBUILD @@ -6,8 +6,8 @@ # - patch to remove incompatible gcc flag pkgname=ceph -pkgver=10.2.2 -pkgrel=2 +pkgver=10.2.3 +pkgrel=1 pkgdesc='Distributed, fault-tolerant storage platform delivering object, block, and file system' arch=('x86_64' 'i686') url='http://ceph.com/' @@ -24,8 +24,9 @@ source=("http://ceph.com/download/$pkgname-$pkgver.tar.gz" 'ceph.sysusers' '01-virtualenv2.patch' '02-setup-python2.patch' - 'no-neon.patch' - 'no-omit-leaf-frame-pointer.diff') + '03-Revert-rgw-ldap-fix-ldap-bindpw-parsing.patch' + '04-fix-686-build.patch' + 'no-neon.patch') md5sums=('5cba47af53b3b17002aad3c854e5405c' 'b3e24e3aa005a657ab475f84bfe3291a' 'a3f72dc8e97f9fd5708d52256bcd9e75' @@ -44,9 +45,6 @@ prepare() { fi done : - if [[ $CARCH != "aarch64" ]]; then - patch -p1 -i ../no-omit-leaf-frame-pointer.diff - fi } build() { @@ -80,8 +78,8 @@ package() { # fix sbin path msg2 'Fix sbin paths' - mv -v sbin/* usr/sbin/* usr/bin - rmdir -v sbin usr/sbin + mv -v usr/sbin/* usr/bin + rmdir -v usr/sbin # fix bash completions path msg2 'Fix bash completion path'