RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 726065 - cman_tool -r version fails to validate cluster.conf file if it contains an ampersand '&'
Summary: cman_tool -r version fails to validate cluster.conf file if it contains an am...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: cluster
Version: 6.1
Hardware: All
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Fabio Massimo Di Nitto
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On:
Blocks: GSS_6_2_PROPOSED
TreeView+ depends on / blocked
 
Reported: 2011-07-27 12:59 UTC by Julio Entrena Perez
Modified: 2018-11-14 11:36 UTC (History)
7 users (show)

Fixed In Version: cluster-3.0.12.1-9.el6
Doc Type: Bug Fix
Doc Text:
Cause: xml format requires special handling of some characters Consequence: the handling of those characters was not implemented correctly, causing cluster.conf not to function as expected Fix: implemented correct handling of characters Result: cluster.conf works as expected
Clone Of:
Environment:
Last Closed: 2011-12-06 14:52:36 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 855121 0 medium CLOSED ricci: harmful handling of XML entities 2021-02-22 00:41:40 UTC
Red Hat Product Errata RHBA-2011:1516 0 normal SHIPPED_LIVE cluster and gfs2-utils bug fix update 2011-12-06 00:51:09 UTC

Internal Links: 855121

Description Julio Entrena Perez 2011-07-27 12:59:48 UTC 
> Description of problem:

Attempts to update the cluster configuration with 'cman_tool -r version' when the file contains an ampersand '&' (i.e. in the password field of the fence device) fail.

The same attempt using Conga succeeds.

> Version-Release number of selected component (if applicable):

cman-3.0.12-41.el6

> How reproducible:

Always.

> Steps to Reproduce:
1. Using Conga, add a fence device that requires password (such as an iLO) and enter a password that contains an ampersand. The configuration is updated successfully.
2. Manually edit the cluster.conf file and increase its version.
3. Try to update the configuration from the command line with 'cman_tool -r version'.
  
> Actual results:

The cluster.conf validation fails since ccs_config_dump output doesn't match /etc/cluster/cluster.conf:

# cman_tool -r version
tempfile:15: parser error : EntityRef: expecting ';'
e_ilo" ipaddr="10.33.11.95" login="jentrena" name="RHEV4" passwd="jander&klander
                                                                               ^
cman_tool: Not reloading, configuration is not valid

> Expected results:

The cluster configuration is updated successfully:

# cman_tool -r version
# 

> Additional info:

Updating a cluster.conf file that contains an ampersand is possible from Conga, but not from the command line.

This is not an XML validation problem, since manually validating the cluster.conf file succeeds:

# xmllint --relaxng /usr/share/cluster/cluster.rng /etc/cluster/cluster.conf
<?xml version="1.0"?>
<cluster config_version="2" name="cl60">
	<clusternodes>
		<clusternode name="cl60n1" nodeid="1"/>
		<clusternode name="cl60n2" nodeid="2"/>
	</clusternodes>
	<cman expected_votes="1" two_node="1"/>
	<fencedevices>
		<fencedevice agent="fence_ilo" ipaddr="10.33.11.95" login="testuser" name="ilotest" passwd="jander&amp;klander"/>
	</fencedevices>
</cluster>
/etc/cluster/cluster.conf validates

The problem seems to be in ccs_config_dump:

# ccs_config_dump > cluster.dump
# diff cluster.dump /etc/cluster/cluster.conf 
9c9
< 		<fencedevice agent="fence_ilo" ipaddr="10.33.11.95" login="testuser" name="ilotest" passwd="jander&klander"/>
---
> 		<fencedevice agent="fence_ilo" ipaddr="10.33.11.95" login="testuser" name="ilotest" passwd="jander&amp;klander"/>
Comment 5 Fabio Massimo Di Nitto 2011-08-04 10:31:35 UTC 
http://git.fedorahosted.org/git/?p=cluster.git;a=commitdiff;h=ccfe7c7037d784cd4b004a4ff808f93517738247

How to test the patch and test results:

add a semi-random &amp; in cluster.conf:

for example:

  <fencedevices>
    <fencedevice name="xvm" agent="fence_xvm&amp;"/>
  </fencedevices>

(cluster is not running/can´t start)
ccs_config_validate will fail

update packages to the new version

ccs_config_validate will succeed

cluster can/will start

Attempt to update config (just bump the version num is sufficient)

config will be loaded correctly (cluster.conf was propagated manually, ricci uses xml to import/export the config and the saveXML functions should do the right thing)

the above tests will verify ccs_config_dump code path.

To test the equivalent changes in libccs, keep the above cluster running and perform ccs_tool query.

By default ccs_tool use libccs fullxpath implementation (the bits that have been modified)

[root@rhel6-node2 cluster]# ccs_tool query /cluster/fencedevices/fencedevice/@agent
fence_xvm&

and double check with direct output from xmlimport in objdb:

[root@fedora14-node2 cluster]# ccs_tool query -n /cluster/fencedevices/fencedevice/@agent
fence_xvm&

[root@fedora14-node2 cluster]# corosync-objctl |grep fencedevice.agent
cluster.fencedevices.fencedevice.agent=fence_xvm&
Comment 11 Fabio Massimo Di Nitto 2011-10-27 08:17:47 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: xml format requires special handling of some characters
Consequence: the handling of those characters was not implemented correctly, causing cluster.conf not to function as expected
Fix: implemented correct handling of characters
Result: cluster.conf works as expected
Comment 12 errata-xmlrpc 2011-12-06 14:52:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1516.html
Note You need to log in before you can comment on or make changes to this bug.