From 912a040b47adaee3e4d8d304ef66a69fff663934 Mon Sep 17 00:00:00 2001
From: haad <haad@NetBSD.org>
Date: Wed, 5 Jan 2011 14:57:27 +0000
Subject: [PATCH] Allow operator to use lvm in read-only mode. Switch LVM lock
 dir to /var/run/lvm and create it in rc.d/mountcritlocal. Fix dm control
 device permissions to allow rw for operator.

Test if we are running lvm commands as operator and if that it's true do not
create vg backups and do not print confusing warning.
---
 distrib/sets/lists/base/mi                    |  6 ++---
 etc/mtree/NetBSD.dist.base                    |  4 +--
 etc/rc.d/mountcritlocal                       |  8 +++++-
 external/gpl2/lvm2/dist/include/defaults.h    |  4 +--
 .../gpl2/lvm2/dist/lib/format_text/archiver.c | 14 +++++++++-
 .../gpl2/lvm2/dist/lib/locking/file_locking.c | 21 ++++++++++++---
 .../gpl2/lvm2/dist/lib/misc/lvm-globals.c     | 17 +++++++++++-
 .../gpl2/lvm2/dist/lib/misc/lvm-globals.h     |  7 ++++-
 external/gpl2/lvm2/dist/libdm/libdm-file.c    |  7 ++++-
 external/gpl2/lvm2/dist/tools/lvmcmdline.c    | 26 ++++++++++++++++++-
 external/gpl2/lvm2/lvm2tools.mk               |  5 ++--
 11 files changed, 100 insertions(+), 19 deletions(-)

diff --git a/distrib/sets/lists/base/mi b/distrib/sets/lists/base/mi
index 841624c7d162..3096e4173f81 100644
--- a/distrib/sets/lists/base/mi
+++ b/distrib/sets/lists/base/mi
@@ -1,4 +1,4 @@
-# $NetBSD: mi,v 1.912 2011/01/01 13:09:13 haad Exp $
+# $NetBSD: mi,v 1.913 2011/01/05 14:57:29 haad Exp $
 #
 # Note:	Don't delete entries from here - mark them as "obsolete" instead,
 #	unless otherwise stated below.
@@ -4836,8 +4836,8 @@
 ./var/games/sail				base-games-root
 ./var/games/save				base-obsolete		obsolete
 ./var/heimdal					base-krb5-root
-./var/lock					base-sys-root
-./var/lock/lvm					base-sys-root		lvm
+./var/lock					base-sys-root		obsolete
+./var/lock/lvm					base-sys-root		obsolete
 ./var/log					base-sys-root
 ./var/log/rdist					base-netutil-root
 ./var/mail					base-mail-root
diff --git a/etc/mtree/NetBSD.dist.base b/etc/mtree/NetBSD.dist.base
index c7bf9e301c67..e7702bf7ccb1 100644
--- a/etc/mtree/NetBSD.dist.base
+++ b/etc/mtree/NetBSD.dist.base
@@ -1,4 +1,4 @@
-#	$NetBSD: NetBSD.dist.base,v 1.71 2011/01/01 22:11:45 haad Exp $
+#	$NetBSD: NetBSD.dist.base,v 1.72 2011/01/05 14:57:29 haad Exp $
 #	@(#)4.4BSD.dist	8.1 (Berkeley) 6/13/93
 
 # Do not customize this file as it may be overwritten on upgrades.
@@ -1098,8 +1098,6 @@
 ./var/games/phantasia		uname=games gname=games mode=0775
 ./var/games/sail		uname=games gname=games mode=0775
 ./var/heimdal
-./var/lock			gname=operator mode=0710
-./var/lock/lvm			gname=operator mode=0770
 ./var/log
 ./var/log/rdist
 ./var/mail			mode=1777
diff --git a/etc/rc.d/mountcritlocal b/etc/rc.d/mountcritlocal
index bed941d0de9e..dbe92bffb98c 100755
--- a/etc/rc.d/mountcritlocal
+++ b/etc/rc.d/mountcritlocal
@@ -1,6 +1,6 @@
 #!/bin/sh
 #
-# $NetBSD: mountcritlocal,v 1.10 2009/04/21 16:08:57 joerg Exp $
+# $NetBSD: mountcritlocal,v 1.11 2011/01/05 14:57:29 haad Exp $
 #
 
 # PROVIDE: mountcritlocal
@@ -25,6 +25,12 @@ mountcritlocal_start()
 	#
 	rm -f /etc/nologin /var/spool/lock/LCK.*
 	(cd /var/run && rm -rf -- *)
+	#       create LVM locking directory, it needs to be owned by operator
+	#	group and has parmissions to allow lock file creation.
+	#
+	mkdir /var/run/lvm
+	chown root:operator /var/run/lvm
+	chmod 770 /var/run/lvm
 }
 
 load_rc_config $name
diff --git a/external/gpl2/lvm2/dist/include/defaults.h b/external/gpl2/lvm2/dist/include/defaults.h
index b85941227499..712b20d9632b 100644
--- a/external/gpl2/lvm2/dist/include/defaults.h
+++ b/external/gpl2/lvm2/dist/include/defaults.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: defaults.h,v 1.1.1.2 2009/12/02 00:25:44 haad Exp $	*/
+/*	$NetBSD: defaults.h,v 1.2 2011/01/05 14:57:27 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -39,7 +39,7 @@
 #define DEFAULT_DATA_ALIGNMENT_OFFSET_DETECTION 1
 #define DEFAULT_DATA_ALIGNMENT_DETECTION 1
 
-#define DEFAULT_LOCK_DIR "/var/lock/lvm"
+#define DEFAULT_LOCK_DIR "/var/run/lvm"
 #define DEFAULT_LOCKING_LIB "liblvm2clusterlock.so"
 #define DEFAULT_FALLBACK_TO_LOCAL_LOCKING 1
 #define DEFAULT_FALLBACK_TO_CLUSTERED_LOCKING 1
diff --git a/external/gpl2/lvm2/dist/lib/format_text/archiver.c b/external/gpl2/lvm2/dist/lib/format_text/archiver.c
index 100569ca8cd9..b2f7545692ad 100644
--- a/external/gpl2/lvm2/dist/lib/format_text/archiver.c
+++ b/external/gpl2/lvm2/dist/lib/format_text/archiver.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: archiver.c,v 1.1.1.3 2009/12/02 00:26:29 haad Exp $	*/
+/*	$NetBSD: archiver.c,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -117,6 +117,12 @@ int archive(struct volume_group *vg)
 		return 1;
 	}
 
+#ifdef __NetBSD__
+	if (is_operator()) {
+		log_verbose("Operator usage: Skipping archiving of volume group.");
+		return 1;
+	}
+#endif
 	if (!dm_create_dir(vg->cmd->archive_params->dir))
 		return 0;
 
@@ -221,6 +227,12 @@ int backup_locally(struct volume_group *vg)
 		return 1;
 	}
 
+#ifdef __NetBSD__
+	if (is_operator()) {
+		log_verbose("Operator usage: Skipping archiving of volume group.");
+		return 1;
+	}
+#endif	
 	if (!dm_create_dir(vg->cmd->backup_params->dir))
 		return 0;
 
diff --git a/external/gpl2/lvm2/dist/lib/locking/file_locking.c b/external/gpl2/lvm2/dist/lib/locking/file_locking.c
index d0298c42c075..6937d474c73e 100644
--- a/external/gpl2/lvm2/dist/lib/locking/file_locking.c
+++ b/external/gpl2/lvm2/dist/lib/locking/file_locking.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: file_locking.c,v 1.1.1.3 2009/12/02 00:26:24 haad Exp $	*/
+/*	$NetBSD: file_locking.c,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -322,6 +322,8 @@ static int _file_lock_resource(struct cmd_context *cmd, const char *resource,
 
 int init_file_locking(struct locking_type *locking, struct cmd_context *cmd)
 {
+	mode_t old_umask;
+
 	locking->lock_resource = _file_lock_resource;
 	locking->reset_locking = _reset_file_locking;
 	locking->fin_locking = _fin_file_locking;
@@ -335,10 +337,23 @@ int init_file_locking(struct locking_type *locking, struct cmd_context *cmd)
 	_prioritise_write_locks =
 	    find_config_tree_bool(cmd, "global/prioritise_write_locks",
 				  DEFAULT_PRIORITISE_WRITE_LOCKS);
-
-	if (!dm_create_dir(_lock_dir))
+	old_umask = umask(LVM_LOCKDIR_MODE);
+	if (!dm_create_dir(_lock_dir)){
+		umask(old_umask);
 		return 0;
+	} else {
+		/* Change lockfile directory owner to match with others */
+		if (chown(_lock_dir, DM_DEVICE_UID, DM_DEVICE_GID) == -1) {
+			if (errno == EPERM)
+				goto next;
+			log_sys_error("chown", _lock_dir);
+			return 0;
+		}
+	}
 
+next:		
+	umask(old_umask);
+ 
 	/* Trap a read-only file system */
 	if ((access(_lock_dir, R_OK | W_OK | X_OK) == -1) && (errno == EROFS))
 		return 0;
diff --git a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c
index 752bbb24ebe0..6f38ca25fed4 100644
--- a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c
+++ b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: lvm-globals.c,v 1.1.1.3 2009/12/02 00:26:44 haad Exp $	*/
+/*	$NetBSD: lvm-globals.c,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -41,6 +41,21 @@ static int _ignore_suspended_devices = 0;
 static int _error_message_produced = 0;
 static unsigned _is_static = 0;
 
+#ifdef __NetBSD__
+
+static int _is_operator = 0;
+
+void init_operator(int operator)
+{
+	_is_operator = operator;
+}
+
+int is_operator()
+{
+	return _is_operator;
+}
+#endif
+
 void init_verbose(int level)
 {
 	_verbose_level = level;
diff --git a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h
index 435f35bdd634..bf6c38af7bd2 100644
--- a/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h
+++ b/external/gpl2/lvm2/dist/lib/misc/lvm-globals.h
@@ -1,4 +1,4 @@
-/*	$NetBSD: lvm-globals.h,v 1.1.1.2 2009/02/18 11:17:17 haad Exp $	*/
+/*	$NetBSD: lvm-globals.h,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.  
@@ -21,6 +21,11 @@
 #define VERBOSE_BASE_LEVEL _LOG_WARN
 #define SECURITY_LEVEL 0
 
+#ifdef __NetBSD__
+void init_operator(int operator);
+int  is_operator(void);
+#endif
+
 void init_verbose(int level);
 void init_test(int level);
 void init_md_filtering(int level);
diff --git a/external/gpl2/lvm2/dist/libdm/libdm-file.c b/external/gpl2/lvm2/dist/libdm/libdm-file.c
index 3ae9f8e7ea0e..b51bec4aec29 100644
--- a/external/gpl2/lvm2/dist/libdm/libdm-file.c
+++ b/external/gpl2/lvm2/dist/libdm/libdm-file.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: libdm-file.c,v 1.1.1.1 2008/12/22 00:18:33 haad Exp $	*/
+/*	$NetBSD: libdm-file.c,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.  
@@ -21,6 +21,11 @@
 #include <fcntl.h>
 #include <dirent.h>
 
+/*
+ * Created directories permissions are controled by umask values and
+ * they should be set by api user before calling this function.
+ * Changing directory owners is also left on caller.
+ */
 static int _create_dir_recursive(const char *dir)
 {
 	char *orig, *s;
diff --git a/external/gpl2/lvm2/dist/tools/lvmcmdline.c b/external/gpl2/lvm2/dist/tools/lvmcmdline.c
index 7d7dfbb186b9..ae58457993f1 100644
--- a/external/gpl2/lvm2/dist/tools/lvmcmdline.c
+++ b/external/gpl2/lvm2/dist/tools/lvmcmdline.c
@@ -1,4 +1,4 @@
-/*	$NetBSD: lvmcmdline.c,v 1.1.1.3 2009/12/02 00:25:52 haad Exp $	*/
+/*	$NetBSD: lvmcmdline.c,v 1.2 2011/01/05 14:57:28 haad Exp $	*/
 
 /*
  * Copyright (C) 2001-2004 Sistina Software, Inc. All rights reserved.
@@ -1296,8 +1296,32 @@ static void _exec_lvm1_command(char **argv)
 
 static void _nonroot_warning(void)
 {
+#ifdef __NetBSD__
+	gid_t groups_list[NGROUPS_MAX];
+	int i, group_num, is_operator = 0;
+	
+	/* Operator group in NetBSD should be able to see lvm status. */
+	if (getuid() || geteuid()) {
+		group_num = getgroups(NGROUPS_MAX, groups_list);
+		
+		for (i = 0; i < group_num; i++) {
+			if (groups_list[i] == DM_DEVICE_GID) {
+				is_operator = 1;
+				init_operator(is_operator);
+				break;
+			}
+		}
+
+		if (is_operator)
+			log_warn("WARNING: Using LVM as operator you have only read access.");
+		else
+			log_warn("WARNING: Running as a non-root user and without "
+				"operator group. Functionality may be unavailable.");
+	}
+#else
 	if (getuid() || geteuid())
 		log_warn("WARNING: Running as a non-root user. Functionality may be unavailable.");
+#endif
 }
 
 int lvm2_main(int argc, char **argv)
diff --git a/external/gpl2/lvm2/lvm2tools.mk b/external/gpl2/lvm2/lvm2tools.mk
index 78f041dc9a3e..3507078449db 100644
--- a/external/gpl2/lvm2/lvm2tools.mk
+++ b/external/gpl2/lvm2/lvm2tools.mk
@@ -1,4 +1,4 @@
-#	$NetBSD: lvm2tools.mk,v 1.2 2010/12/23 17:46:54 christos Exp $
+#	$NetBSD: lvm2tools.mk,v 1.3 2011/01/05 14:57:27 haad Exp $
 
 .include <bsd.own.mk>
 
@@ -10,7 +10,8 @@ LIBDM_DISTDIR=		${NETBSDSRCDIR}/external/gpl2/lvm2/dist/libdm
 LIBDM_INCLUDE=		${NETBSDSRCDIR}/external/gpl2/lvm2/dist/include
 
 # root:operator [cb]rw-r-----
-CPPFLAGS+=-DDM_DEVICE_UID=0 -DDM_DEVICE_GID=5 -DDM_DEVICE_MODE=0640
+CPPFLAGS+=-DDM_DEVICE_UID=0 -DDM_DEVICE_GID=5 -DDM_DEVICE_MODE=0640 \
+	  -DDM_CONTROL_DEVICE_MODE=0660 -DLVM_LOCKDIR_MODE=0770
 
 #
 #LIBDM_OBJDIR.libdevmapper=${LIBDM_SRCDIR}/lib/libdevmapper/