The branch, v4-9-test has been updated via 47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via ba75d5f4839 vfs_ceph: fix strict_allocate_ftruncate() via 15ef70cb53a vfs_ceph: add missing fallocate hook via 13bf811858f s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via ffb706ddbce s3: torture: Add additional POSIX mkdir tests. via 4b58042f3fa smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via fe4254ef4e1 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f59064f8a96 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via 53dfd92b82e winbindd: set idmap cache entries as the last step in async wb_xids2sids via 9c36a6dd16a winbindd: track whether a result from xid2sid was coming from the cache via b6587172d0c winbindd: switch send-next/done order via 06862c77d5c winbindd: update xid in wb_xids2sids_state->xids with what we got via 4cf7bddc645 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 577ac999fbd winbindd: make xids a const argument to wb_xids2sids_send() via 915aff6fe7c winbindd: make a copy of xid's in wb_xids2sids_send() via eb16d3b7bc1 ctdb-cluster-mutex: Separate out command and file handling via 65c3c5801ff ctdb-recoverd: Time out attempt to take recovery lock after 120s via 4c059e03ef7 ctdb-recoverd: Ban node on unknown error when taking recovery lock via fd9a02c0bb2 ctdb-recoverd: Make recoverd context available in recovery lock handle via f63f2a0ee39 ctdb-recoverd: Clean up logging on failure to take recovery lock via fb8c3bd8995 ctdb-recoverd: Free cluster mutex handler on failure to take lock via 592f02112bb ctdb-config: Change example recovery lock setting to one that fails via ad3751b5a51 messages_dgm: Properly handle receiver re-initialization via 9dd1b416654 torture3: Extend read3 for the "messaging target re-inits" failure via 6bea9304998 messages_dgm: Use saved errno value via 6a38b9917b2 man pages: document prefork process model via ab66f70056c notifyd: Fix SIGBUS on sparc from 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log ----------------------------------------------------------------- commit 47fb4ba84f307f1a89a0821276be26caab1826d9 Author: David Disseldorp <dd...@samba.org> Date: Wed Feb 27 11:52:42 2019 +0100 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Both libcephfs functions are supported and capable of extending files, so fallback can be dropped. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> (cherry picked from commit 155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9) Autobuild-User(v4-9-test): Karolin Seeger <ksee...@samba.org> Autobuild-Date(v4-9-test): Mon Mar 4 15:02:26 UTC 2019 on sn-devel-144 commit ba75d5f483911b0f44828a0e9cfc35cfd7dfe4c6 Author: David Disseldorp <dd...@samba.org> Date: Tue Feb 26 16:07:27 2019 +0100 vfs_ceph: fix strict_allocate_ftruncate() The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt *local* filesystem ftruncate(). Fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> (cherry picked from commit 70329c36ed91dd0e50ff66f9b0a85c62ac8a621e) commit 15ef70cb53a038847f424a7881bcbc09f8e0a80f Author: David Disseldorp <dd...@samba.org> Date: Tue Feb 26 21:26:27 2019 +0100 vfs_ceph: add missing fallocate hook SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through to vfs_default, which results in a local filesystem I/O attempt using a libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp <dd...@samba.org> Reviewed-by: Guenther Deschner <g...@samba.org> (cherry picked from commit 5a7e7280813559fb70a9fc8e4238cb6015ee3b53) commit 13bf811858fe41f30960871b0618b3c53cacf1dc Author: Jeremy Allison <j...@samba.org> Date: Sun Feb 24 08:15:23 2019 -0800 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. Previous regression test ensures we still return the correct error code for POSIX pathname operations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144 (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205) commit ffb706ddbce86175b69bc5425cf9a4b86737f5ec Author: Jeremy Allison <j...@samba.org> Date: Sun Feb 24 08:03:32 2019 -0800 s3: torture: Add additional POSIX mkdir tests. Ensure that if POSIX_foo exists as a file we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND if we try and traverse it as a directory. Also ensure creation/deletion of POSIX_foo/foo fails for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND if the directory POSIX_foo/ doesn't exist. knownfail is back :-). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 632d0db8c42d50f5eecd002d9573f739cd945960) commit 4b58042f3fa2dbb4ac65efb565431b9ace862b4a Author: Jeremy Allison <j...@samba.org> Date: Sat Feb 23 12:24:31 2019 -0800 smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. For posix_pathnames don't blunder into the name_has_wildcard OR get_real_filename() codepaths as they may be doing case insensitive lookups. So when creating a new POSIX directory 'Foo' they might match on name 'foo'. Remove POSIX-MKDIR from knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144 (cherry picked from commit 12da33e2bbce657f25abe9bc4cb936ca4615b30f) commit fe4254ef4e130fb74917713a4eda14619630807f Author: Jeremy Allison <j...@samba.org> Date: Sat Feb 23 12:26:01 2019 -0800 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 980db8debde68f9edce13fc01bc45a904379cffd) commit f59064f8a9611739a232bd30610e53bf5f86feb9 Author: Jeremy Allison <j...@samba.org> Date: Sat Feb 23 17:52:34 2019 -0800 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. Test does: mkdir POSIX_foo mkdir POSIX_Foo mkdir POSIX_foo/Foo mkdir POSIX_foo/foo mkdir POSIX_Foo/Foo mkdir POSIX_Foo/foo Which should pass a SMB1 POSIX extensions server as posix mkdir should always be case sensitive no matter what the share is set to. Mark as knownfail for now. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit f0decb31fff24ceb57d23bebbfb87aa0e5103947) commit 53dfd92b82e7d950a4fb8b2fc034bc28a5b107d9 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 16:55:09 2019 +0100 winbindd: set idmap cache entries as the last step in async wb_xids2sids Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> Autobuild-User(master): Volker Lendecke <v...@samba.org> Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144 (cherry picked from commit 9b9565c3e69b92c298c7168e516387bb249c9e36) commit 9c36a6dd16a7e72ca3bfde4fa231549209c7d040 Author: Ralph Boehme <s...@samba.org> Date: Fri Feb 22 11:00:00 2019 +0100 winbindd: track whether a result from xid2sid was coming from the cache This is needed in preparation of moving the step to update the idmap cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the top-level callback wb_xids2sids_done(). Currently the sequence of action is: * check cache, if not found: * ask backends * cache result from backend * return results Iow, if we got something from the cache, we don't write the cache. The next commit defers updating the cache to the top-level callback, so the sequence becomes * check cache, if not found: * ask backends * cache results * return results This has two problems: * it needlessly writes to the cache what we just got from it * it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in the following case: - existing ID_TYPE_BOTH mapping in the cache, eg: IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID - cache lookup with idmap_cache_find_gid2sid() succeeds - when caching results we'd call idmap_cache_set_sid2unixid() with the callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will overwrite the SID-to-xid mapping with ID_TYPE_GID Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 62f54229fced20102e11ad1da02faef45c2a7c2e) commit b6587172d0c5b5f9c7c0693a31382cf83a09bbcd Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 16:52:21 2019 +0100 winbindd: switch send-next/done order In preparation of adding more logic to the done step. No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 8e9c2a1f6ceb06d695a6572701b96a3e3821ac42) commit 06862c77d5c76f01af90d184a1a93cc499eece9c Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:40:20 2019 +0100 winbindd: update xid in wb_xids2sids_state->xids with what we got In preparation of priming the idmap cache in the top-level wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 7f23ef7b2cf7bd6e8dc087aa15137292b421a689) commit 4cf7bddc64540d59bcaf7ce8b574a8e6d03f96b0 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:39:46 2019 +0100 winbindd: convert id to a pointer in wb_xids2sids_dom_done() No change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit f8bf4fc608639695651f75c52b31f95e796a5a26) commit 577ac999fbd2740f4ee2173517a2df19e15f27c1 Author: Ralph Boehme <s...@samba.org> Date: Fri Feb 22 16:29:07 2019 +0100 winbindd: make xids a const argument to wb_xids2sids_send() The previous commit made an internal copy of xids, this commit makes it more obvious that we must not mess with the xids argument but treat it as an in-parameter and don't write to it. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit 5d277ea7ea258676b9ea5081a451a5874af115f6) commit 915aff6fe7cf00f58b8a5a192a30c50ed9429167 Author: Ralph Boehme <s...@samba.org> Date: Thu Feb 21 18:34:51 2019 +0100 winbindd: make a copy of xid's in wb_xids2sids_send() This is in preparation of setting the result of the mapping in the top- level callback wb_xids2sids_done(), not in the per-idmap-domain callback wb_xids2sids_dom_done(). When caching the mapping we need the id-type from the backend, so we need a way to pass up that information from wb_xids2sids_dom_done() up to wb_xids2sids_done() The xids array copy gets passed from wb_xids2sids_send() to wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly update the top-level copy. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802 Signed-off-by: Ralph Boehme <s...@samba.org> Reviewed-by: Volker Lendecke <v...@samba.org> (cherry picked from commit f5a8bc2f945be45cdade5f70d4f975bae8337f67) commit eb16d3b7bc112b0faece3a304d339b3effd0713a Author: Martin Schwenke <mar...@meltin.net> Date: Mon Jan 21 12:16:43 2019 +1100 ctdb-cluster-mutex: Separate out command and file handling This code is difficult to read and there really is no common code between the 2 cases. For example, there is no need to split a filename into words. Separating each of the 2 cases into its own function makes the logic much easier to understand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> Autobuild-User(master): Amitay Isaacs <ami...@samba.org> Autobuild-Date(master): Mon Feb 25 03:40:16 CET 2019 on sn-devel-144 (cherry picked from commit c93430fe8fe530a55b9a04cf6cc660c3d420e333) (cherry picked from commit d5131afc533102ed5adfb147bf1a316e51810729) commit 65c3c5801ff47ce48a7061f47c00bcd61c7c3c1e Author: Martin Schwenke <mar...@meltin.net> Date: Fri Feb 22 15:09:33 2019 +1100 ctdb-recoverd: Time out attempt to take recovery lock after 120s Currently this will wait forever. It really needs a timeout in case the cluster filesystem (or other lock mechanism) is completely wedged. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 13a1a4808935290dceb219daccd7aac3fda4e184) commit 4c059e03ef75085c47c8ec15025655b0efdf8460 Author: Martin Schwenke <mar...@meltin.net> Date: Thu Jan 10 14:01:57 2019 +1100 ctdb-recoverd: Ban node on unknown error when taking recovery lock We really shouldn't see unknown errors. They probably represent a misconfigured recovery lock or similar. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 45a77d65b2e39b4af94da4ab99575f4ee08a7ebd) commit fd9a02c0bb29778c3b049de4437bec2ce50542ea Author: Martin Schwenke <mar...@meltin.net> Date: Thu Jan 10 13:24:34 2019 +1100 ctdb-recoverd: Make recoverd context available in recovery lock handle BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit c0fb62ed3954fc6e8667480aba92003fc270f257) commit f63f2a0ee39ae7ea849580a7ad455cbcd70a43db Author: Martin Schwenke <mar...@meltin.net> Date: Mon Jan 21 16:36:13 2019 +1100 ctdb-recoverd: Clean up logging on failure to take recovery lock Add an explicit case for a timeout and clean up the other messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 7e4aae6943291c3144c8a3ff97537e8d4c7dc7c9) commit fb8c3bd89959d677f481dc2684f32ec33d66d9d5 Author: Martin Schwenke <mar...@meltin.net> Date: Mon Jan 21 16:28:28 2019 +1100 ctdb-recoverd: Free cluster mutex handler on failure to take lock If nested events occur while the file descriptor handler is still active then chaos can ensue. For example, if a node is banned and the lock is explicitly cancelled (e.g. due to election loss) then double-talloc-free()s abound. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 621658cbed5d91d7096fc208bac2ff93a1880e7d) commit 592f02112bbb7f2a9f5fa197db85482fe9367e36 Author: Martin Schwenke <mar...@meltin.net> Date: Thu Jan 10 14:15:18 2019 +1100 ctdb-config: Change example recovery lock setting to one that fails ctdbd will start without a recovery lock configured. It will log a message saying that this is not optimal. However, a careless user may overlook both this message and the importance of setting a recovery lock. If the existing example configuration is uncommented then the directory containing it will be created (by 01.reclock.script) and the failure (i.e. multiple nodes able to take the lock) will be confusing. Instead, change the example setting to one that will result in banned nodes, encouraging users to consciously configure (or deconfigure) the recovery lock. Tweak the corresponding comment. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13790 Signed-off-by: Martin Schwenke <mar...@meltin.net> Reviewed-by: Amitay Isaacs <ami...@gmail.com> (cherry picked from commit 82e7f38214896c2c200132bc6dde3348cfac16cc) commit ad3751b5a51097a6f7d695660f9ea11278bbf182 Author: Volker Lendecke <v...@samba.org> Date: Thu Feb 7 16:15:46 2019 +0100 messages_dgm: Properly handle receiver re-initialization This only properly covers the small-message nonblocking case. Covering the large-message and the blocking case is a much larger effort assuming we want to re-send the failed message if parts of the message has gone through properly. Don't do that for now. This was found by sanba_dnsupdate constantly recreating its irpc handle to winbindd in the RODC case. The messaging_dgm code cached connected datagram sockets based on the destination pid for 1 second. Which means the IRPC responses from winbindd are never delivered to samba_dnsupdate, which will then hit a timeout. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 2543bba0364d8054e9ad316f5611621841bc061d) commit 9dd1b416654beb2c3771e6924c08c45518a7b3aa Author: Volker Lendecke <v...@samba.org> Date: Thu Feb 7 17:48:34 2019 +0100 torture3: Extend read3 for the "messaging target re-inits" failure Do ping_pong a hundred times, re-initializing the msg_ctx every time. https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit 8d8f62c4b9dea381ce9f5833bc794553ae358173) commit 6bea930499819988be5a0ba901c05b124091b54f Author: Volker Lendecke <v...@samba.org> Date: Thu Feb 7 15:57:06 2019 +0100 messages_dgm: Use saved errno value In this case this is just a cleanup, the value has just been set by messaging_dgm_sendmsg. But as that already saves errno into a local variable, use that. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786 Signed-off-by: Volker Lendecke <v...@samba.org> Reviewed-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> (cherry picked from commit c27afc098398274abaed6dc9bef2019091c1b635) commit 6a38b9917b2c25bb557687df2c24618273b6f7f5 Author: Gary Lockyer <g...@catalyst.net.nz> Date: Thu Feb 7 13:50:40 2019 +1300 man pages: document prefork process model Document the process model options -M BUG: https://bugzilla.samba.org/show_bug.cgi?id=13765 Signed-off-by: Gary Lockyer <g...@catalyst.net.nz> Signed-off-by: Tim Beale <timbe...@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Autobuild-User(master): Tim Beale <timbe...@samba.org> Autobuild-Date(master): Thu Jan 31 04:25:14 CET 2019 on sn-devel-144 (manual merge of commit 4ecdcc4b462d03bec3ec36ba1b90f45d9977be8b, with description updated for v4.9 behaviour) commit ab66f70056c3b038c8e24426a99c6ce27bd42722 Author: Jiří Šašek <jiri.sa...@oracle.com> Date: Thu Dec 6 14:10:53 2018 +0100 notifyd: Fix SIGBUS on sparc Problem is the structure "struct notify_instance" can lay in message buffer on address not dividable by 8 but this structure begins by uint_64 (secs in time-stamp). Structure should be re-packed to standalone buffer before the use. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704 Signed-off-by: jiri.sa...@oracle.com Reviewed-by: Volker Lendecke <v...@samba.org> ----------------------------------------------------------------------- Summary of changes: ctdb/config/ctdb.conf | 13 +- ctdb/server/ctdb_cluster_mutex.c | 113 +++++++++------ ctdb/server/ctdb_recoverd.c | 36 ++++- docs-xml/manpages/samba.8.xml | 35 ++++- docs-xml/smbdotconf/base/preforkchildren.xml | 4 +- selftest/skip | 1 + source3/lib/messages_dgm.c | 18 ++- source3/modules/vfs_ceph.c | 112 ++++----------- source3/selftest/tests.py | 2 +- source3/smbd/filename.c | 43 ++++++ source3/smbd/notifyd/notifyd.c | 11 +- source3/smbd/trans2.c | 1 + source3/torture/test_messaging_read.c | 44 +++--- source3/torture/torture.c | 202 +++++++++++++++++++++++++++ source3/winbindd/wb_xids2sids.c | 74 +++++++--- source3/winbindd/winbindd_proto.h | 2 +- 16 files changed, 519 insertions(+), 192 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/config/ctdb.conf b/ctdb/config/ctdb.conf index a9e6f693405..5440600a435 100644 --- a/ctdb/config/ctdb.conf +++ b/ctdb/config/ctdb.conf @@ -11,7 +11,12 @@ # log level = NOTICE [cluster] - # Shared recovery lock file to avoid split brain. No default. - # Do NOT run CTDB without a recovery lock file unless you know exactly - # what you are doing. - # recovery lock = /shared/recovery.lock + # Shared recovery lock file to avoid split brain. Daemon + # default is no recovery lock. Do NOT run CTDB without a + # recovery lock file unless you know exactly what you are + # doing. + # + # Please see the RECOVERY LOCK section in ctdb(7) for more + # details. + # + # recovery lock = !/bin/false RECOVERY LOCK NOT CONFIGURED diff --git a/ctdb/server/ctdb_cluster_mutex.c b/ctdb/server/ctdb_cluster_mutex.c index 330d5fd1d90..2e3cb8112ad 100644 --- a/ctdb/server/ctdb_cluster_mutex.c +++ b/ctdb/server/ctdb_cluster_mutex.c @@ -118,72 +118,101 @@ static void cluster_mutex_handler(struct tevent_context *ev, static char cluster_mutex_helper[PATH_MAX+1] = ""; -static bool cluster_mutex_helper_args(TALLOC_CTX *mem_ctx, - const char *argstring, char ***argv) +static bool cluster_mutex_helper_args_file(TALLOC_CTX *mem_ctx, + const char *argstring, + char ***argv) { - int nargs, i, ret, n; - bool is_command = false; + bool ok; char **args = NULL; - char *strv = NULL; - char *t = NULL; - if (argstring != NULL && argstring[0] == '!') { - /* This is actually a full command */ - is_command = true; - t = discard_const(&argstring[1]); - } else { - is_command = false; - t = discard_const(argstring); + ok = ctdb_set_helper("cluster mutex helper", + cluster_mutex_helper, + sizeof(cluster_mutex_helper), + "CTDB_CLUSTER_MUTEX_HELPER", + CTDB_HELPER_BINDIR, + "ctdb_mutex_fcntl_helper"); + if (! ok) { + DBG_ERR("ctdb exiting with error: " + "Unable to set cluster mutex helper\n"); + exit(1); } - ret = strv_split(mem_ctx, &strv, t, " \t"); - if (ret != 0) { - DEBUG(DEBUG_ERR, - ("Unable to parse mutex helper string \"%s\" (%s)\n", - argstring, strerror(ret))); + + /* Array includes default helper, file and NULL */ + args = talloc_array(mem_ctx, char *, 3); + if (args == NULL) { + DBG_ERR("Memory allocation error\n"); return false; } - n = strv_count(strv); - args = talloc_array(mem_ctx, char *, n + (is_command ? 1 : 2)); + args[0] = cluster_mutex_helper; - if (args == NULL) { - DEBUG(DEBUG_ERR,(__location__ " out of memory\n")); + args[1] = talloc_strdup(args, argstring); + if (args[1] == NULL) { + DBG_ERR("Memory allocation error\n"); return false; } - nargs = 0; - - if (! is_command) { - if (!ctdb_set_helper("cluster mutex helper", - cluster_mutex_helper, - sizeof(cluster_mutex_helper), - "CTDB_CLUSTER_MUTEX_HELPER", - CTDB_HELPER_BINDIR, - "ctdb_mutex_fcntl_helper")) { - DEBUG(DEBUG_ERR,("ctdb exiting with error: %s\n", - __location__ - " Unable to set cluster mutex helper\n")); - exit(1); - } + args[2] = NULL; + + *argv = args; + return true; +} - args[nargs++] = cluster_mutex_helper; +static bool cluster_mutex_helper_args_cmd(TALLOC_CTX *mem_ctx, + const char *argstring, + char ***argv) +{ + int i, ret, n; + char **args = NULL; + char *strv = NULL; + char *t = NULL; + + ret = strv_split(mem_ctx, &strv, argstring, " \t"); + if (ret != 0) { + D_ERR("Unable to parse mutex helper command \"%s\" (%s)\n", + argstring, + strerror(ret)); + return false; } + n = strv_count(strv); + + /* Extra slot for NULL */ + args = talloc_array(mem_ctx, char *, n + 1); + if (args == NULL) { + DBG_ERR("Memory allocation error\n"); + return false; + } + + talloc_steal(args, strv); t = NULL; - for (i = 0; i < n; i++) { - /* Don't copy, just keep cmd_args around */ + for (i = 0 ; i < n; i++) { t = strv_next(strv, t); - args[nargs++] = t; + args[i] = t; } - /* Make sure last argument is NULL */ - args[nargs] = NULL; + args[n] = NULL; *argv = args; return true; } +static bool cluster_mutex_helper_args(TALLOC_CTX *mem_ctx, + const char *argstring, + char ***argv) +{ + bool ok; + + if (argstring != NULL && argstring[0] == '!') { + ok = cluster_mutex_helper_args_cmd(mem_ctx, &argstring[1], argv); + } else { + ok = cluster_mutex_helper_args_file(mem_ctx, argstring, argv); + } + + return ok; +} + struct ctdb_cluster_mutex_handle * ctdb_cluster_mutex(TALLOC_CTX *mem_ctx, struct ctdb_context *ctdb, diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c index 673c99c3d34..469fd21b463 100644 --- a/ctdb/server/ctdb_recoverd.c +++ b/ctdb/server/ctdb_recoverd.c @@ -888,6 +888,7 @@ struct ctdb_recovery_lock_handle { bool locked; double latency; struct ctdb_cluster_mutex_handle *h; + struct ctdb_recoverd *rec; }; static void take_reclock_handler(char status, @@ -897,22 +898,45 @@ static void take_reclock_handler(char status, struct ctdb_recovery_lock_handle *s = (struct ctdb_recovery_lock_handle *) private_data; + s->locked = (status == '0') ; + + /* + * If unsuccessful then ensure the process has exited and that + * the file descriptor event handler has been cancelled + */ + if (! s->locked) { + TALLOC_FREE(s->h); + } + switch (status) { case '0': s->latency = latency; break; case '1': - DEBUG(DEBUG_ERR, - ("Unable to take recovery lock - contention\n")); + D_ERR("Unable to take recovery lock - contention\n"); + break; + + case '2': + D_ERR("Unable to take recovery lock - timeout\n"); break; default: - DEBUG(DEBUG_ERR, ("ERROR: when taking recovery lock\n")); + D_ERR("Unable to take recover lock - unknown error\n"); + + { + struct ctdb_recoverd *rec = s->rec; + struct ctdb_context *ctdb = rec->ctdb; + uint32_t pnn = ctdb_get_pnn(ctdb); + + D_ERR("Banning this node\n"); + ctdb_ban_node(rec, + pnn, + ctdb->tunable.recovery_ban_period); + } } s->done = true; - s->locked = (status == '0') ; } static bool ctdb_recovery_lock(struct ctdb_recoverd *rec); @@ -943,10 +967,12 @@ static bool ctdb_recovery_lock(struct ctdb_recoverd *rec) return false; }; + s->rec = rec; + h = ctdb_cluster_mutex(s, ctdb, ctdb->recovery_lock, - 0, + 120, take_reclock_handler, s, lost_reclock_handler, diff --git a/docs-xml/manpages/samba.8.xml b/docs-xml/manpages/samba.8.xml index 529b687be49..0d5affddd24 100644 --- a/docs-xml/manpages/samba.8.xml +++ b/docs-xml/manpages/samba.8.xml @@ -101,14 +101,39 @@ </varlistentry> <varlistentry> - <term>-M model</term> + <term>-M|--model</term> <listitem><para>This parameter can be used to specify the "process model" samba should use. This determines how concurrent clients are handled. Available process - models include <emphasis>single</emphasis> (everything in - a single process), <emphasis>standard</emphasis> (similar - behaviour to that of Samba 3), <emphasis>thread</emphasis> - (single process, different threads. + models include: + <itemizedlist> + <listitem><para><emphasis>single</emphasis></para> + <para>All Samba services run in a single process. This is + not recommended for production configurations. + </para></listitem> + + <listitem><para><emphasis>standard</emphasis></para> + <para>A process is created for each Samba service, + and for those services that support it (currently only + LDAP and NETLOGON) a new processes is started + for each new client connection.</para></listitem> + + <listitem><para><emphasis>prefork</emphasis></para> + <para>A process is started for each Samba service, and a + fixed number of worker processes are started for those + services that support it (currently only LDAP). + The client connections are then shared amongst the worker + processes. + Requests for services not supporting prefork are handled + by a single process for that service.</para> + <para>The number of prefork worker processes started is + controlled by the + <citerefentry><refentrytitle>smb.conf</refentrytitle> + <manvolnum>5</manvolnum></citerefentry> parameter + <smbconfoption name="prefork children"/>, + which defaults to 1. + </para></listitem> + </itemizedlist> </para></listitem> </varlistentry> diff --git a/docs-xml/smbdotconf/base/preforkchildren.xml b/docs-xml/smbdotconf/base/preforkchildren.xml index 720e43909cb..f2f55a597a4 100644 --- a/docs-xml/smbdotconf/base/preforkchildren.xml +++ b/docs-xml/smbdotconf/base/preforkchildren.xml @@ -4,7 +4,9 @@ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> <description> <para>This option controls the number of worker processes that are - started for each service when prefork process model is enabled. + started for each service when prefork process model is enabled + (see <citerefentry><refentrytitle>samba</refentrytitle> + <manvolnum>8</manvolnum></citerefentry> -M). The prefork children are only started for those services that support prefork (currently only ldap). For processes that don't support preforking all requests are handled by a single process diff --git a/selftest/skip b/selftest/skip index dd60ab5a1fb..4d6648f3369 100644 --- a/selftest/skip +++ b/selftest/skip @@ -48,6 +48,7 @@ ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-OFD-LOCK # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-STREAM-DELETE # Fails against the s4 ntvfs server +^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-MKDIR # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).WINDOWS-BAD-SYMLINK # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).RENAME-ACCESS # Fails against the s4 ntvfs server ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).OWNER-RIGHTS # Don't test against the s4 ntvfs server anymore diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c index 0ad8f46e09f..90d253d8e26 100644 --- a/source3/lib/messages_dgm.c +++ b/source3/lib/messages_dgm.c @@ -553,7 +553,7 @@ static void messaging_dgm_out_threaded_job(void *private_data) if (state->sent != -1) { return; } - if (errno != ENOBUFS) { + if (state->err != ENOBUFS) { return; } @@ -1421,6 +1421,7 @@ int messaging_dgm_send(pid_t pid, struct messaging_dgm_context *ctx = global_dgm_context; struct messaging_dgm_out *out; int ret; + unsigned retries = 0; if (ctx == NULL) { return ENOTCONN; @@ -1428,6 +1429,7 @@ int messaging_dgm_send(pid_t pid, messaging_dgm_validate(ctx); +again: ret = messaging_dgm_out_get(ctx, pid, &out); if (ret != 0) { return ret; @@ -1437,6 +1439,20 @@ int messaging_dgm_send(pid_t pid, ret = messaging_dgm_out_send_fragmented(ctx->ev, out, iov, iovlen, fds, num_fds); + if (ret == ECONNREFUSED) { + /* + * We cache outgoing sockets. If the receiver has + * closed and re-opened the socket since our last + * message, we get connection refused. Retry. + */ + + TALLOC_FREE(out); + + if (retries < 5) { + retries += 1; + goto again; + } + } return ret; } diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c index 47371bc9e08..a3fd6095ef5 100644 --- a/source3/modules/vfs_ceph.c +++ b/source3/modules/vfs_ceph.c @@ -1032,9 +1032,7 @@ static struct smb_filename *cephwrap_getwd(struct vfs_handle_struct *handle, static int strict_allocate_ftruncate(struct vfs_handle_struct *handle, files_struct *fsp, off_t len) { off_t space_to_write; - uint64_t space_avail; - uint64_t bsize,dfree,dsize; - int ret; + int result; NTSTATUS status; SMB_STRUCT_STAT *pst; @@ -1053,106 +1051,45 @@ static int strict_allocate_ftruncate(struct vfs_handle_struct *handle, files_str return 0; /* Shrink - just ftruncate. */ - if (pst->st_ex_size > len) - return ftruncate(fsp->fh->fd, len); - - space_to_write = len - pst->st_ex_size; - - /* for allocation try fallocate first. This can fail on some - platforms e.g. when the filesystem doesn't support it and no - emulation is being done by the libc (like on AIX with JFS1). In that - case we do our own emulation. fallocate implementations can - return ENOTSUP or EINVAL in cases like that. */ - ret = SMB_VFS_FALLOCATE(fsp, 0, pst->st_ex_size, space_to_write); - if (ret == -1 && errno == ENOSPC) { - return -1; - } - if (ret == 0) { - return 0; - } - DEBUG(10,("[CEPH] strict_allocate_ftruncate: SMB_VFS_FALLOCATE failed with " - "error %d. Falling back to slow manual allocation\n", errno)); - - /* available disk space is enough or not? */ - space_avail = - get_dfree_info(fsp->conn, fsp->fsp_name, &bsize, &dfree, &dsize); - /* space_avail is 1k blocks */ - if (space_avail == (uint64_t)-1 || - ((uint64_t)space_to_write/1024 > space_avail) ) { - errno = ENOSPC; - return -1; + if (pst->st_ex_size > len) { + result = ceph_ftruncate(handle->data, fsp->fh->fd, len); + WRAP_RETURN(result); } - /* Write out the real space on disk. */ - return vfs_slow_fallocate(fsp, pst->st_ex_size, space_to_write); + space_to_write = len - pst->st_ex_size; + result = ceph_fallocate(handle->data, fsp->fh->fd, 0, pst->st_ex_size, + space_to_write); + WRAP_RETURN(result); } static int cephwrap_ftruncate(struct vfs_handle_struct *handle, files_struct *fsp, off_t len) { int result = -1; - SMB_STRUCT_STAT st; - char c = 0; - off_t currpos; DBG_DEBUG("[CEPH] ftruncate(%p, %p, %llu\n", handle, fsp, llu(len)); if (lp_strict_allocate(SNUM(fsp->conn))) { - result = strict_allocate_ftruncate(handle, fsp, len); - return result; + return strict_allocate_ftruncate(handle, fsp, len); } - /* we used to just check HAVE_FTRUNCATE_EXTEND and only use - sys_ftruncate if the system supports it. Then I discovered that - you can have some filesystems that support ftruncate - expansion and some that don't! On Linux fat can't do - ftruncate extend but ext2 can. */ - result = ceph_ftruncate(handle->data, fsp->fh->fd, len); - if (result == 0) - goto done; - - /* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot - extend a file with ftruncate. Provide alternate implementation - for this */ - currpos = SMB_VFS_LSEEK(fsp, 0, SEEK_CUR); - if (currpos == -1) { - goto done; - } - - /* Do an fstat to see if the file is longer than the requested - size in which case the ftruncate above should have - succeeded or shorter, in which case seek to len - 1 and - write 1 byte of zero */ - if (SMB_VFS_FSTAT(fsp, &st) == -1) { - goto done; - } - -#ifdef S_ISFIFO - if (S_ISFIFO(st.st_ex_mode)) { - result = 0; - goto done; - } -#endif - - if (st.st_ex_size == len) { - result = 0; - goto done; - } - - if (st.st_ex_size > len) { - /* the sys_ftruncate should have worked */ - goto done; - } - - if (SMB_VFS_PWRITE(fsp, &c, 1, len-1)!=1) { - goto done; - } - - result = 0; + WRAP_RETURN(result); +} - done: +static int cephwrap_fallocate(struct vfs_handle_struct *handle, + struct files_struct *fsp, -- Samba Shared Repository