Bug 1551663

Summary: Pcs should check for non-valid characters in corosync.conf keynames
Product: Red Hat Enterprise Linux 7 Reporter: Radek Steiger <rsteiger>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: 7.5CC: cfeist, cluster-maint, cluster-qe, idevat, jpokorny, mmazoure, nhostako, omular, tojeline
Target Milestone: rcKeywords: EasyFix
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.9.168-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: User puts special characters into heuristics name when configuring quorum device. Consequence: The heuristics are ignored by corosync / qdevice. Fix: Make pcs report an error when special characters are used. Result: Pcs does not allow to set up heuristics in a way they are ignored by corosync / qdevice.
 Story Points: ---
Clone Of: 1515193
: 1679197 (view as bug list) Environment:
Last Closed: 2020-03-31 19:09:37 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
proposed fix none

Description Radek Steiger 2018-03-05 16:23:52 UTC 
> Corosync parser only allows a limited subset of characters to be used as option keys  in corosync.conf. In situations where the key is generated from user-specified input such values are never parsed into CMAP:

[root@virt-144 ~]# pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Setting up qdevice certificates on nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-145: Succeeded
virt-146: Succeeded
Enabling corosync-qdevice...
virt-143: not enabling corosync-qdevice: corosync is not enabled
virt-145: not enabling corosync-qdevice: corosync is not enabled
virt-146: not enabling corosync-qdevice: corosync is not enabled
virt-144: not enabling corosync-qdevice: corosync is not enabled
Sending updated corosync.conf to nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-146: Succeeded
virt-145: Succeeded
Corosync configuration reloaded
Starting corosync-qdevice...
virt-143: corosync-qdevice started
virt-145: corosync-qdevice started
virt-146: corosync-qdevice started
virt-144: corosync-qdevice started
[root@virt-144 ~]# echo $?
0

[root@virt-144 ~]# grep čivava /etc/corosync/corosync.conf
            exec_čivava: /usr/bin/ping -c 1 127.0.0.1

[root@virt-144 ~]# corosync-cmapctl |grep exec
[root@virt-144 ~]#



> Pcs should be able to validate the input in such cases. The valid characters are specified in icmap.c as (where ':' and '.' are reserved):

static int icmap_is_valid_name_char(char c)
{
  return ((c >= 'a' && c <= 'z') ||
    (c >= 'A' && c <= 'Z') ||
    (c >= '0' && c <= '9') ||
    c == '.' || c == '_' || c == '-' || c == '/' || c == ':');
}
Comment 1 Tomas Jelinek 2019-05-17 11:40:31 UTC 
Created attachment 1570051 [details]
proposed fix

Test according to comment 0.
Comment 3 Ivan Devat 2019-08-05 11:16:45 UTC 
After Fix:

[kid76 ~] $ rpm -q pcs
pcs-0.9.168-1.el7.x86_64

[kid76 ~] $ pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Error: invalid heuristics option 'exec_čivava', exec_NAME may contain a-z A-Z 0-9 /_- characters only
Comment 7 errata-xmlrpc 2020-03-31 19:09:37 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:0996