From 466246c2fa8ea1bcc06593fbf7b900d0665606b1 Mon Sep 17 00:00:00 2001

From: Jan Friesse <jfriesse@redhat.com>

Date: Tue, 26 Jul 2022 18:39:38 +0200

Subject: [PATCH] config: Add enable-authfile option

This option enables (or disables) usage of authfile. Can be 'yes' or 'no'.

Default is 'no'.

Booth usage of authfile was broken for long time (since commit

da79b8ba28ad4837a0fee13e5f8fb6f89fe0e24c).

Pcs was adding authfile by default, but it was not used. Once booth bug

was fixed problem appears because mixed clusters (with fixed version and

without fixed one) stops working.

This non-upstream option is added and used to allow use of

authfile without breaking compatibility for clusters

consisting of mixed versions (usually happens before all nodes are

updated) of booth (user have to explicitly

enable usage of authfile).

This patch is transitional and will be removed in future major version of

distribution.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>

---

 docs/boothd.8.txt |  7 +++++++

 src/config.c      | 17 +++++++++++++++++

 src/config.h      |  1 +

 src/main.c        |  2 +-

 4 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/docs/boothd.8.txt b/docs/boothd.8.txt

index f58f27e..12f66f9 100644

--- a/docs/boothd.8.txt

+++ b/docs/boothd.8.txt

@@ -230,6 +230,13 @@ will always bind and listen to both UDP and TCP ports.

 	parameter to a higher value. The time skew test is performed

 	only in concert with authentication.

+*'enable-authfile'*::

+	Enables (or disables) usage of authfile. Can be 'yes' or 'no'.

+	Default is 'no'.

+	This is non-upstream option used to allow use of authfile without

+	breaking compatibility for clusters consisting of mixed

+	versions of booth.

+

 *'site'*::

 	Defines a site Raft member with the given IP. Sites can

 	acquire tickets. The sites' IP should be managed by the cluster.

diff --git a/src/config.c b/src/config.c

index 8e41553..b9df3e3 100644

--- a/src/config.c

+++ b/src/config.c

@@ -729,6 +729,23 @@ no_value:

 			booth_conf->maxtimeskew = atoi(val);

 			continue;

 		}

+

+		if (strcmp(key, "enable-authfile") == 0) {

+			if (strcasecmp(val, "yes") == 0 ||

+			    strcasecmp(val, "on") == 0 ||

+			    strcasecmp(val, "1") == 0) {

+				booth_conf->enable_authfile = 1;

+			} else if (strcasecmp(val, "no") == 0 ||

+			    strcasecmp(val, "off") == 0 ||

+			    strcasecmp(val, "0") == 0) {

+				booth_conf->enable_authfile = 0;

+			} else {

+				error = "Expected yes/no value for enable-authfile";

+				goto err;

+			}

+

+			continue;

+		}

 #endif

 		if (strcmp(key, "site") == 0) {

diff --git a/src/config.h b/src/config.h

index bca73bc..da1e917 100644

--- a/src/config.h

+++ b/src/config.h

@@ -297,6 +297,7 @@ struct booth_config {

 	struct stat authstat;

 	char authkey[BOOTH_MAX_KEY_LEN];

 	int authkey_len;

+	int enable_authfile;

     /** Maximum time skew between peers allowed */

 	int maxtimeskew;

diff --git a/src/main.c b/src/main.c

index b4a174f..0fdb295 100644

--- a/src/main.c

+++ b/src/main.c

@@ -364,7 +364,7 @@ static int setup_config(int type)

 	if (rv < 0)

 		goto out;

-	if (booth_conf->authfile[0] != '\0') {

+	if (booth_conf->authfile[0] != '\0' && booth_conf->enable_authfile) {

 		rv = read_authkey();

 		if (rv < 0)

 			goto out;

-- 

2.37.1