[SCM] Samba Shared Repository - branch master updated

Mon, 02 Nov 2020 02:21:43 -0800 

The branch, master has been updated
       via  4bf010309cd selftest: Drop dummy environment variables for CTDB 
daemons
       via  65ab8cb014c ctdb-daemon: Do not attempt to chown Unix domain socket 
in test mode
       via  78c3b5b6a83 ctdb-daemon: Clean up call to bind socket
       via  9404f8631ec ctdb-daemon: Clean up socket bind/secure/listen
      from  ee79d39aa0c idmap_nss.8.xml: update manpage as discussed on the 
samba mailing list

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4bf010309cd747a42069cb5469ccb7711364ef18
Author: Martin Schwenke <[email protected]>
Date:   Thu Oct 29 09:05:37 2020 +1100

    selftest: Drop dummy environment variables for CTDB daemons
    
    This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
    chown the socket.  The chown is no longer done in test mode so remove
    this confusing hack.
    
    Signed-off-by: Martin Schwenke <[email protected]>
    Reviewed-by: Amitay Isaacs <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>
    
    Autobuild-User(master): Amitay Isaacs <[email protected]>
    Autobuild-Date(master): Mon Nov  2 10:20:45 UTC 2020 on sn-devel-184

commit 65ab8cb014ca7ac97433ec53d6d163e6da5a3fe7
Author: Martin Schwenke <[email protected]>
Date:   Sat Oct 24 20:35:53 2020 +1100

    ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
    
    If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the
    socket will fail.
    
    Test mode means that local daemons are in use, so securing the socket
    is not important.
    
    Signed-off-by: Martin Schwenke <[email protected]>
    Reviewed-by: Amitay Isaacs <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 78c3b5b6a83d934c99ac25480fbc01f9aeb198e3
Author: Martin Schwenke <[email protected]>
Date:   Sat Oct 24 21:54:21 2020 +1100

    ctdb-daemon: Clean up call to bind socket
    
    Variable res is only used once and ret is re-used many times.  Drop
    res, use ret, which doesn't need to be initialised.  Modernise debug
    macro.
    
    Signed-off-by: Martin Schwenke <[email protected]>
    Reviewed-by: Amitay Isaacs <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

commit 9404f8631ecc028c4e98879fbc67ccd2be09249f
Author: Martin Schwenke <[email protected]>
Date:   Sat Oct 24 20:29:58 2020 +1100

    ctdb-daemon: Clean up socket bind/secure/listen
    
    Obey the coding style, modernise debug macros, clean up whitespace.
    
    Signed-off-by: Martin Schwenke <[email protected]>
    Reviewed-by: Amitay Isaacs <[email protected]>
    Reviewed-by: Volker Lendecke <[email protected]>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/server/ctdb_daemon.c | 54 ++++++++++++++++++++++++++++-------------------
 selftest/target/Samba3.pm |  9 +-------
 2 files changed, 33 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 7ebb419bc1f..9035f5b4748 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -1168,10 +1168,10 @@ static void ctdb_accept_client(struct tevent_context 
*ev,
 
 
 /*
-  create a unix domain socket and bind it
-  return a file descriptor open on the socket 
-*/
-static int ux_socket_bind(struct ctdb_context *ctdb)
+ * Create a unix domain socket, bind it, secure it and listen.  Return
+ * the file descriptor for the socket.
+ */
+static int ux_socket_bind(struct ctdb_context *ctdb, bool test_mode_enabled)
 {
        struct sockaddr_un addr = { .sun_family = AF_UNIX };
        int ret;
@@ -1191,38 +1191,48 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
 
        ret = set_blocking(ctdb->daemon.sd, false);
        if (ret != 0) {
-               DEBUG(DEBUG_ERR,
-                     (__location__
-                      " failed to set socket non-blocking (%s)\n",
-                      strerror(errno)));
+               DBG_ERR("Failed to set socket non-blocking (%s)\n",
+                       strerror(errno));
                goto failed;
        }
 
-       if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == 
-1) {
-               DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n", 
ctdb->daemon.name));
+       ret = bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr));
+       if (ret == -1) {
+               D_ERR("Unable to bind on ctdb socket '%s'\n", 
ctdb->daemon.name);
                goto failed;
        }
 
-       if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 ||
-           chmod(ctdb->daemon.name, 0700) != 0) {
-               DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', 
ctdb->daemon.name\n", ctdb->daemon.name));
+       if (!test_mode_enabled) {
+               ret = chown(ctdb->daemon.name, geteuid(), getegid());
+               if (ret != 0 && !test_mode_enabled) {
+                       D_ERR("Unable to secure (chown) ctdb socket '%s'\n",
+                             ctdb->daemon.name);
+                       goto failed;
+               }
+       }
+
+       ret = chmod(ctdb->daemon.name, 0700);
+       if (ret != 0) {
+               D_ERR("Unable to secure (chmod) ctdb socket '%s'\n",
+                     ctdb->daemon.name);
                goto failed;
        }
 
 
-       if (listen(ctdb->daemon.sd, 100) != 0) {
-               DEBUG(DEBUG_CRIT,("Unable to listen on ctdb socket '%s'\n", 
ctdb->daemon.name));
+       ret = listen(ctdb->daemon.sd, 100);
+       if (ret != 0) {
+               D_ERR("Unable to listen on ctdb socket '%s'\n",
+                     ctdb->daemon.name);
                goto failed;
        }
 
-       DEBUG(DEBUG_NOTICE, ("Listening to ctdb socket %s\n",
-                            ctdb->daemon.name));
+       D_NOTICE("Listening to ctdb socket %s\n", ctdb->daemon.name);
        return 0;
 
 failed:
        close(ctdb->daemon.sd);
        ctdb->daemon.sd = -1;
-       return -1;      
+       return -1;
 }
 
 static void initialise_node_flags (struct ctdb_context *ctdb)
@@ -1462,7 +1472,7 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
                      bool interactive,
                      bool test_mode_enabled)
 {
-       int res, ret = -1;
+       int ret;
        struct tevent_fd *fde;
 
        /* Fork if not interactive */
@@ -1485,9 +1495,9 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
        ctdb_create_pidfile(ctdb);
 
        /* create a unix domain stream socket to listen to */
-       res = ux_socket_bind(ctdb);
-       if (res!=0) {
-               DEBUG(DEBUG_ALERT,("Cannot continue.  Exiting!\n"));
+       ret = ux_socket_bind(ctdb, test_mode_enabled);
+       if (ret != 0) {
+               D_ERR("Cannot continue.  Exiting!\n");
                exit(10);
        }
 
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index cfa2677a673..5623e2a149f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3414,20 +3414,13 @@ sub check_or_start_ctdb($$) {
 
                my $cmd = "ctdb/tests/local_daemons.sh";
                my @full_cmd = ("$cmd", "$prefix", "start", "$i");
-               # Dummy environment variables to avoid
-               # Samba3::get_env_for_process() from generating them
-               # and including UID_WRAPPER_ROOT=1, which causes
-               # "Unable to secure ctdb socket" error.
-               my $env_vars = {
-                       CTDB_DUMMY => "1",
-               };
                my $daemon_ctx = {
                        NAME => "ctdbd",
                        BINARY_PATH => $cmd,
                        FULL_CMD => [ @full_cmd ],
                        TEE_STDOUT => 1,
                        LOG_FILE => "/dev/null",
-                       ENV_VARS => $env_vars,
+                       ENV_VARS => {},
                };
 
                print "STARTING CTDBD (node ${i})\n";


-- 
Samba Shared Repository

Reply via email to