return (0);
}
+static int handle_crypto_model(const char *val, const char **error_string)
+{
+
+ if (util_is_valid_knet_crypto_model(val, NULL, 0,
+ "Invalid crypto model. Should be ", error_string) == 1) {
+ return (0);
+ } else {
+ return (-1);
+ }
+}
+
+static int handle_compress_model(const char *val, const char **error_string)
+{
+
+ if (util_is_valid_knet_compress_model(val, NULL, 0,
+ "Invalid compression model. Should be ", error_string) == 1) {
+ return (0);
+ } else {
+ return (-1);
+ }
+}
+
static int main_config_parser_cb(const char *path,
char *key,
char *value,
}
}
if (strcmp(path, "totem.crypto_model") == 0) {
- if ((strcmp(value, "nss") != 0) &&
- (strcmp(value, "openssl") != 0)) {
- *error_string = "Invalid crypto model. "
- "Should be nss or openssl";
-
+ if (handle_crypto_model(value, error_string) != 0) {
return (0);
}
}
+
if (strcmp(path, "totem.crypto_cipher") == 0) {
if ((strcmp(value, "none") != 0) &&
(strcmp(value, "aes256") != 0) &&
return (0);
}
}
+
+ if (strcmp(path, "totem.knet_compression_model") == 0) {
+ if (handle_compress_model(value, error_string) != 0) {
+ return (0);
+ }
+ }
+
break;
case MAIN_CP_CB_DATA_STATE_SYSTEM:
/*
* Copyright (c) 2002-2006 MontaVista Software, Inc.
- * Copyright (c) 2006-2018 Red Hat, Inc.
+ * Copyright (c) 2006-2021 Red Hat, Inc.
*
* All rights reserved.
*
return (res);
}
+static void show_version_info_crypto(void)
+{
+ const char *error_string;
+ const char *list_str;
+
+ if (util_is_valid_knet_crypto_model(NULL, &list_str, 1, "", &error_string) != -1) {
+ printf("Available crypto models: %s\n", list_str);
+ } else {
+ perror(error_string);
+ }
+}
+
+static void show_version_info_compress(void)
+{
+ const char *error_string;
+ const char *list_str;
+
+ if (util_is_valid_knet_compress_model(NULL, &list_str, 1, "", &error_string) != -1) {
+ printf("Available compression models: %s\n", list_str);
+ } else {
+ perror(error_string);
+ }
+}
+
+static void show_version_info(void)
+{
+
+ printf ("Corosync Cluster Engine, version '%s'\n", VERSION);
+ printf ("Copyright (c) 2006-2021 Red Hat, Inc.\n");
+
+ printf ("\nBuilt-in features:" PACKAGE_FEATURES "\n");
+
+ show_version_info_crypto();
+ show_version_info_compress();
+}
int main (int argc, char **argv, char **envp)
{
testonly = 1;
break;
case 'v':
- printf ("Corosync Cluster Engine, version '%s'\n", VERSION);
- printf ("Copyright (c) 2006-2018 Red Hat, Inc.\n");
+ show_version_info();
logsys_system_fini();
return EXIT_SUCCESS;
" -c : Corosync config file path.\n"\
" -f : Start application in foreground.\n"\
" -t : Test configuration and exit.\n"\
- " -v : Display version and SVN revision of Corosync and exit.\n");
+ " -v : Display version, git revision and some useful information about Corosync and exit.\n");
logsys_system_fini();
return EXIT_FAILURE;
}
const char *tmp_cipher;
const char *tmp_hash;
const char *tmp_model;
+ char *crypto_model_str;
+ int res = 0;
tmp_hash = "none";
tmp_cipher = "none";
tmp_model = "none";
- if (icmap_get_string_r(map, "totem.crypto_model", &str) == CS_OK) {
- if (strcmp(str, "nss") == 0) {
- tmp_model = "nss";
- }
- if (strcmp(str, "openssl") == 0) {
- tmp_model = "openssl";
- }
- free(str);
+ crypto_model_str = NULL;
+ if (icmap_get_string_r(map, "totem.crypto_model", &crypto_model_str) == CS_OK) {
+ tmp_model = crypto_model_str;
} else {
tmp_model = "nss";
}
if ((strcmp(tmp_cipher, "none") != 0) &&
(strcmp(tmp_hash, "none") == 0)) {
*error_string = "crypto_cipher requires crypto_hash with value other than none";
- return -1;
+ res = -1;
+
+ goto out_free_crypto_model_str;
}
if (strcmp(tmp_model, "none") == 0) {
- *error_string = "crypto_model should be 'nss' or 'openssl'";
- return -1;
+ /*
+ * Shouldn't happen because it is handled by coroparse
+ */
+ *error_string = "invalid crypto_model";
+ res = -1;
+
+ goto out_free_crypto_model_str;
}
if (strcmp(tmp_cipher, totem_config->crypto_cipher_type) ||
strncpy(totem_config->crypto_hash_type, tmp_hash, CONFIG_STRING_LEN_MAX);
strncpy(totem_config->crypto_model, tmp_model, CONFIG_STRING_LEN_MAX);
- return 0;
+out_free_crypto_model_str:
+ free(crypto_model_str);
+
+ return (res);
}
static int nodelist_byname(icmap_map_t map, const char *find_name, int strip_domain)
#include <sys/time.h>
#include <assert.h>
+#include <libknet.h>
+
#include <corosync/corotypes.h>
#include <corosync/corodefs.h>
#include <corosync/icmap.h>
return (path);
}
+
+static int safe_strcat(char *dst, size_t dst_len, const char *src)
+{
+
+ if (strlen(dst) + strlen(src) >= dst_len - 1) {
+ return (-1);
+ }
+
+ strcat(dst, src);
+
+ return (0);
+}
+
+/*
+ * val - knet crypto model to find
+ * crypto_list_str - string with concatenated list of available crypto models - can be NULL
+ * machine_parseable_str - 0 - split strings by space, 1 - use human form (split by "," and last item with "or")
+ * error_string_prefix - Prefix to add into error string
+ * error_string - Complete error string
+ */
+int util_is_valid_knet_crypto_model(const char *val,
+ const char **list_str, int machine_parseable_str,
+ const char *error_string_prefix, const char **error_string)
+{
+ size_t entries;
+ struct knet_crypto_info crypto_list[16];
+ size_t zi;
+ static char local_error_str[512];
+ static char local_list_str[256];
+ int model_found = 0;
+
+ if (list_str != NULL) {
+ *list_str = local_list_str;
+ }
+
+ memset(local_error_str, 0, sizeof(local_error_str));
+ memset(local_list_str, 0, sizeof(local_list_str));
+
+ safe_strcat(local_error_str, sizeof(local_error_str), error_string_prefix);
+
+ if (knet_get_crypto_list(NULL, &entries) != 0) {
+ *error_string = "internal error - cannot get knet crypto list";
+ return (-1);
+ }
+
+ if (entries > sizeof(crypto_list) / sizeof(crypto_list[0])) {
+ *error_string = "internal error - too many knet crypto list entries";
+ return (-1);
+ }
+
+ if (knet_get_crypto_list(crypto_list, &entries) != 0) {
+ *error_string = "internal error - cannot get knet crypto list";
+ return (-1);
+ }
+
+ for (zi = 0; zi < entries; zi++) {
+ if (zi == 0) {
+ } else if (zi == entries - 1) {
+ if (machine_parseable_str) {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " ");
+ } else {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " or ");
+ }
+ } else {
+ if (machine_parseable_str) {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " ");
+ } else {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), ", ");
+ }
+ }
+
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), crypto_list[zi].name);
+
+ if (val != NULL && strcmp(val, crypto_list[zi].name) == 0) {
+ model_found = 1;
+ }
+ }
+
+ if (!model_found) {
+ (void)safe_strcat(local_error_str, sizeof(local_error_str), local_list_str);
+ *error_string = local_error_str;
+ }
+
+ return (model_found);
+}
+
+int util_is_valid_knet_compress_model(const char *val,
+ const char **list_str, int machine_parseable_str,
+ const char *error_string_prefix, const char **error_string)
+{
+ size_t entries;
+ struct knet_compress_info compress_list[16];
+ size_t zi;
+ static char local_error_str[512];
+ static char local_list_str[256];
+ int model_found = 0;
+
+ if (list_str != NULL) {
+ *list_str = local_list_str;
+ }
+
+ memset(local_error_str, 0, sizeof(local_error_str));
+ memset(local_list_str, 0, sizeof(local_list_str));
+
+ safe_strcat(local_error_str, sizeof(local_error_str), error_string_prefix);
+
+ if (knet_get_compress_list(NULL, &entries) != 0) {
+ *error_string = "internal error - cannot get knet compress list";
+ return (-1);
+ }
+
+ if (entries > sizeof(compress_list) / sizeof(compress_list[0])) {
+ *error_string = "internal error - too many knet compress list entries";
+ return (-1);
+ }
+
+ if (knet_get_compress_list(compress_list, &entries) != 0) {
+ *error_string = "internal error - cannot get knet compress list";
+ return (-1);
+ }
+
+ for (zi = 0; zi < entries; zi++) {
+ if (zi == 0) {
+ } else if (zi == entries - 1) {
+ if (machine_parseable_str) {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " ");
+ } else {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " or ");
+ }
+ } else {
+ if (machine_parseable_str) {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), " ");
+ } else {
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), ", ");
+ }
+ }
+
+ (void)safe_strcat(local_list_str, sizeof(local_list_str), compress_list[zi].name);
+
+ if (val != NULL && strcmp(val, compress_list[zi].name) == 0) {
+ model_found = 1;
+ }
+ }
+
+ if (!model_found) {
+ (void)safe_strcat(local_error_str, sizeof(local_error_str), local_list_str);
+ *error_string = local_error_str;
+ }
+
+ return (model_found);
+}
*/
const char *get_state_dir(void);
+extern int util_is_valid_knet_crypto_model(const char *val,
+ const char **list_str, int machine_parseable_str,
+ const char *error_string_prefix, const char **error_string);
+
+extern int util_is_valid_knet_compress_model(const char *val,
+ const char **list_str, int machine_parseable_str,
+ const char *error_string_prefix, const char **error_string);
+
#endif /* UTIL_H_DEFINED */
.\"/*
-.\" * Copyright (C) 2010-2018 Red Hat, Inc.
+.\" * Copyright (C) 2010-2021 Red Hat, Inc.
.\" *
.\" * All rights reserved.
.\" *
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
.\" * THE POSSIBILITY OF SUCH DAMAGE.
.\" */
-.TH COROSYNC 8 2018-11-12
+.TH COROSYNC 8 2021-04-09
.SH NAME
corosync \- The Corosync Cluster Engine.
.SH SYNOPSIS
Test configuration and then exit.
.TP
.B -v
-Display version and SVN revision of Corosync and exit.
+Display version, git revision, compiled features and available crypto and compression
+models and exit.
+
.SH SEE ALSO
.BR corosync_overview (7),
.BR corosync.conf (5),
.\" * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
.\" * THE POSSIBILITY OF SUCH DAMAGE.
.\" */
-.TH COROSYNC_CONF 5 2020-10-12 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
+.TH COROSYNC_CONF 5 2021-04-09 "corosync Man Page" "Corosync Cluster Engine Programmer's Manual"
.SH NAME
corosync.conf - corosync executive configuration file
.TP
crypto_model
-This specifies which cryptographic library should be used by knet. Options
-are nss and openssl.
+This specifies which cryptographic library should be used by knet.
+Supported values depend on the libknet build and on the installed
+cryptography libraries. Typically nss and openssl will be available
+but gcrypt and others could also be allowed.
The default is nss.
bin_PROGRAMS = corosync-vqsim
+corosync_vqsim_CFLAGS = $(knet_CFLAGS)
+
corosync_vqsim_LDADD = $(top_builddir)/common_lib/libcorosync_common.la \
../exec/corosync-votequorum.o ../exec/corosync-icmap.o \
../exec/corosync-coroparse.o ../exec/corosync-logconfig.o \
../exec/corosync-util.o ../exec/corosync-logsys.o \
- $(LIBQB_LIBS)
+ $(LIBQB_LIBS) $(knet_LIBS)
+
if VQSIM_READLINE
corosync_vqsim_LDADD += -lreadline
endif