Bug 843083 - fence_xvm reports success while the operation has failed
Summary: fence_xvm reports success while the operation has failed
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: cman
Version: 5.8
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: rc
: ---
Assignee: Ryan McCabe
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-07-25 14:28 UTC by Jaroslav Kortus
Modified: 2013-01-08 03:37 UTC (History)
3 users (show)

Fixed In Version: cman-2.0.115-104.el5
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-01-08 03:37:39 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Backported fix from RHEL6 (1.24 KB, patch)
2012-07-25 14:48 UTC, Ryan McCabe 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:0076 0 normal SHIPPED_LIVE cman bug fix and enhancement update 2013-01-08 08:27:31 UTC

Description Jaroslav Kortus 2012-07-25 14:28:33 UTC 
Description of problem:
While using incorrect hashes, the fence_xvm detects the failure correctly but returns bad status, effectively faking successful fencing operation.
Correct hashes in the example below are sha256/sha256.

What's interesting is that sha256/sha512 combination results in successful fence. Is this expected behaviour?

[root@c1-node01:~]$ fence_xvm -C sha512 -c sha256 -k /etc/cluster/fence_xvm.key  -H c1-node02
Hash mismatch:
C = a6aec2b23580c27f9060a4f8149c42864db748478efdecec38f5a6002f5d5b26e1157c0fbb63d2a30304aa7de191e044152b02c04dcc34ee681fca2f977ad1e5
H = 599067580117c396b5846d0fe5e38fe9e871ce8566e283a87ce332794d2be5197e8caaf24285f7dd8578a5dc29735b410383f65540478cd5cd4f999ddbfe30d2
R = 0cf2eae9677c206cf0d74404d13949fd6c4ab1773fe68a8ef870976c51f5d0880000000000000000000000000000000000000000000000000000000000000000
Invalid response to challenge
(09:19:59) [root@c1-node01:~]$ echo $?
0

RHEL6 host fence_virtd.conf:
$ cat /etc/fence_virt.conf
		fence_virtd {
			listener = "multicast";
			backend = "libvirt";
		}

		listeners {
			multicast {
				key_file = "/etc/cluster/fence_xvm.key";
				address = "225.0.0.12";
				hash="sha256";
				auth="sha256";
				interface="virbr0";
			}
		}

		backends {
			libvirt { 
				uri = "qemu:///system";
			}
		}



Version-Release number of selected component (if applicable):
cman-2.0.115-101.el5

How reproducible:
always

Steps to Reproduce:
1. use fence_xvm with different parameters from what's in fence_virtd.conf
2.
3.
  
Actual results:
fencing operation reported as successful while it has actually failed


Expected results:
return code should be > 0 if response-challenge authentication fails.

Additional info:
Comment 1 RHEL Program Management 2012-07-25 14:38:43 UTC 
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 2 Ryan McCabe 2012-07-25 14:48:51 UTC 
Created attachment 600315 [details]
Backported fix from RHEL6
Comment 6 errata-xmlrpc 2013-01-08 03:37:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0076.html
Note You need to log in before you can comment on or make changes to this bug.