Description of problem:
acl definitions are not enforced and could be bypassed by a user without write access to the cib
Version-Release number of selected component (if applicable):
RedHat Enterprise Linux 6.6
pcs --version = 0.9.123
pacemakerd --version = Pacemaker 1.1.11
a user with a read-only role can assign any other existing roles to himself and then gain any kind of access from any role (rw access to the cib if this kind of role exist).
Steps to Reproduce:
1. create a role read-only
pcs acl role create read-only description="Read only access" read xpath /cib
2. create a role admin
pcs acl role create admin description="Admin access" write xpath /cib
3. create an account (local + pcs)
4. open a session with this roaccount account
5. add admin role to your account
pcs acl role assign admin to rocluster
6. check new acl pushed as a read-only user
Roles: read-only admin
Description: Read only access
Permission: read xpath /cib (read-only-read)
Description: Admin access
Permission: write xpath /cib (admin-write)
7. add/delete/modify anything
obtain rw access to the cib
must not be possible with read-only access to the cib to assign a role
Introduced in: https://github.com/ClusterLabs/pacemaker/commit/f242c1ef
Fixed in: https://github.com/ClusterLabs/pacemaker/commit/84ac07c
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.