Bug 1679197

Summary: Pcs should check for non-valid characters in corosync.conf keynames
Product: Red Hat Enterprise Linux 8 Reporter: Tomas Jelinek <tojeline>
Component: pcsAssignee: Tomas Jelinek <tojeline>
Status: CLOSED ERRATA QA Contact: cluster-qe <cluster-qe>
Severity: unspecified Docs Contact:
Priority: high    
Version: 8.0CC: cfeist, cluster-maint, cluster-qe, idevat, jpokorny, mlisik, nhostako, omular, rsteiger, tojeline
Target Milestone: rcKeywords: EasyFix
Target Release: ---Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pcs-0.10.1-8.el8 Doc Type: Bug Fix
Doc Text:
Cause: User puts special characters into heuristics name when configuring quorum device. Consequence: The heuristics are ignored by corosync / qdevice. Fix: Make pcs report an error when special characters are used. Result: Pcs does not allow to set up heuristics in a way they are ignored by corosync / qdevice.
 Story Points: ---
Clone Of: 1551663 Environment:
Last Closed: 2019-11-05 20:40:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1682129    
Bug Blocks:    
Attachments:
Description Flags
proposed fix none

Description Tomas Jelinek 2019-02-20 15:11:44 UTC 
+++ This bug was initially created as a clone of Bug #1551663 +++

> Corosync parser only allows a limited subset of characters to be used as option keys  in corosync.conf. In situations where the key is generated from user-specified input such values are never parsed into CMAP:

[root@virt-144 ~]# pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Setting up qdevice certificates on nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-145: Succeeded
virt-146: Succeeded
Enabling corosync-qdevice...
virt-143: not enabling corosync-qdevice: corosync is not enabled
virt-145: not enabling corosync-qdevice: corosync is not enabled
virt-146: not enabling corosync-qdevice: corosync is not enabled
virt-144: not enabling corosync-qdevice: corosync is not enabled
Sending updated corosync.conf to nodes...
virt-143: Succeeded
virt-144: Succeeded
virt-146: Succeeded
virt-145: Succeeded
Corosync configuration reloaded
Starting corosync-qdevice...
virt-143: corosync-qdevice started
virt-145: corosync-qdevice started
virt-146: corosync-qdevice started
virt-144: corosync-qdevice started
[root@virt-144 ~]# echo $?
0

[root@virt-144 ~]# grep čivava /etc/corosync/corosync.conf
            exec_čivava: /usr/bin/ping -c 1 127.0.0.1

[root@virt-144 ~]# corosync-cmapctl |grep exec
[root@virt-144 ~]#



> Pcs should be able to validate the input in such cases. The valid characters are specified in icmap.c as (where ':' and '.' are reserved):

static int icmap_is_valid_name_char(char c)
{
  return ((c >= 'a' && c <= 'z') ||
    (c >= 'A' && c <= 'Z') ||
    (c >= '0' && c <= '9') ||
    c == '.' || c == '_' || c == '-' || c == '/' || c == ':');
}
Comment 2 Tomas Jelinek 2019-05-17 11:45:16 UTC 
Created attachment 1570052 [details]
proposed fix

Test according to comment 0.
Comment 3 Ivan Devat 2019-05-20 15:36:55 UTC 
[ant8 ~] $ rpm -q pcs
pcs-0.10.1-8.el8.x86_64

[ant8 ~] $ pcs quorum device add model net host="virt-139.cluster-qe.lab.eng.brq.redhat.com" algorithm="lms" heuristics mode="on" exec_čivava="/usr/bin/ping -c 1 127.0.0.1"
Error: invalid heuristics option 'exec_čivava', exec_NAME may contain a-z A-Z 0-9 /_- characters only
Error: Errors have occurred, therefore pcs is unable to continue
Comment 7 errata-xmlrpc 2019-11-05 20:40:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2019:3311