[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 7d846cd178d s3: modules: vfs_glusterfs: Fix leak of char **lines
onto mem_ctx on return.
via 6a9d22f4a91 dsdb/mod/operational: correct comment arithmetic
from 2a49ccbcf5e s3-vfs_glusterfs: refuse connection when write-behind
xlator is present
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 7d846cd178d653600c71ee4bd6a491a9e48a56da
Author: Jeremy Allison
Date: Mon Nov 2 15:46:51 2020 -0800
s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Jeremy Allison
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184
commit 6a9d22f4a91e07b8af0f1fb3a7d0cbab2ca0c76f
Author: Douglas Bagnall
Date: Fri Oct 23 16:30:25 2020 +1300
dsdb/mod/operational: correct comment arithmetic
E + F is not 1F! E + F is 1D!
Signed-off-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
---
Summary of changes:
source3/modules/vfs_glusterfs.c | 2 ++
source4/dsdb/samdb/ldb_modules/operational.c | 5 -
2 files changed, 6 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index eea5b30e327..dacedd8e04a 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -338,11 +338,13 @@ static int check_for_write_behind_translator(TALLOC_CTX
*mem_ctx,
"Please check the vfs_glusterfs(8) manpage for "
"further details.\n",
volume);
+ TALLOC_FREE(lines);
TALLOC_FREE(option);
TALLOC_FREE(buf);
return -1;
}
+ TALLOC_FREE(lines);
TALLOC_FREE(option);
TALLOC_FREE(buf);
return 0;
diff --git a/source4/dsdb/samdb/ldb_modules/operational.c
b/source4/dsdb/samdb/ldb_modules/operational.c
index 50e913cdd5c..3c0bd039d56 100644
--- a/source4/dsdb/samdb/ldb_modules/operational.c
+++ b/source4/dsdb/samdb/ldb_modules/operational.c
@@ -797,7 +797,10 @@ static NTTIME
get_msds_user_password_expiry_time_computed(struct ldb_module *mod
*
* 0x7FFEULL + 0x7FFFULL
* =
-* 0xULL
+* 0xFFFDULL
+*
+* or to put it another way, adding two numbers less than 1<<63 can't
+* ever be more than 1<<64, therefore this result can't wrap.
*/
ret = (NTTIME)pwdLastSet - (NTTIME)maxPwdAge;
if (ret >= 0x7FFFULL) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 2a49ccbcf5e s3-vfs_glusterfs: refuse connection when write-behind
xlator is present
via 08f8f665d40 docs-xml/manpages: Add warning about write-behind
translator for vfs_glusterfs
from 4bf010309cd selftest: Drop dummy environment variables for CTDB
daemons
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 2a49ccbcf5e3ff0f6833bcb7f04b800125f1783f
Author: Günther Deschner
Date: Mon Nov 2 12:30:36 2020 +0100
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
s3-vfs_glusterfs: refuse connection when write-behind xlator is present
Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Guenther
Signed-off-by: Guenther Deschner
Pair-Programmed-With: Sachin Prabhu
Pair-Programmed-With: Anoop C S
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184
commit 08f8f665d409ee7b93840c25a8142f2ce8bacfa1
Author: Sachin Prabhu
Date: Thu Oct 15 12:14:33 2020 +0100
docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs
Add warning about data corruption with the write-behind translator.
The data corruption is highlighted by the smbtorture test smb2.rw.rw1.
More information about this data corruption issue is available in the
bz.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486
Signed-off-by: Sachin Prabhu
Reviewed-by: Jeremy Allison
Reviewed-by: Guenther Deschner
---
Summary of changes:
docs-xml/manpages/vfs_glusterfs.8.xml | 22 +
source3/modules/vfs_glusterfs.c | 89 +++
2 files changed, 111 insertions(+)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml
b/docs-xml/manpages/vfs_glusterfs.8.xml
index cf3b8e5e384..7a4da1af919 100644
--- a/docs-xml/manpages/vfs_glusterfs.8.xml
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -161,6 +161,28 @@
+
+ CAVEATS
+
+
+The GlusterFS write-behind performance translator, when used
+with Samba, could be a source of data corruption. The
+translator, while processing a write call, immediately returns
+success but continues writing the data to the server in the
+background. This can cause data corruption when two clients
+relying on Samba to provide data consistency are operating on
+the same file.
+
+
+The write-behind translator is enabled by default on GlusterFS.
+The vfs_glusterfs plugin will check for the presence of the
+translator and refuse to connect if detected.
+Please disable the write-behind translator for the GlusterFS
+volume to allow the plugin to connect to the volume.
+
+
+
+
VERSION
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index ca8b54829cd..eea5b30e327 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -264,6 +264,90 @@ out:
/* Disk Operations */
+static int check_for_write_behind_translator(TALLOC_CTX *mem_ctx,
+glfs_t *fs,
+const char *volume)
+{
+ char *buf = NULL;
+ char **lines = NULL;
+ int numlines = 0;
+ int i;
+ char *option;
+ bool write_behind_present = false;
+ size_t newlen;
+ int ret;
+
+ ret = glfs_get_volfile(fs, NULL, 0);
+ if (ret == 0) {
+ DBG_ERR("%s: Failed to get volfile for "
+ "volume (%s): No volfile\n",
+ volume,
+ strerror(errno));
+ return -1;
+ }
+ if (ret > 0) {
+ DBG_ERR("%s: Invalid return %d for glfs_get_volfile for "
+ "volume (%s): No volfile\n",
+ volume,
+ ret,
+ strerror(errno));
+ return -1;
+ }
+
+ newlen = 0 - ret;
+
+ buf = talloc_zero_array(mem_ctx, char, newlen);
+ if (buf == NULL) {
+ return -1;
+ }
+
+ ret = glfs_get_volfile(fs, buf, newlen);
+ if (ret != newlen) {
+ TALLOC_FREE(buf);
+ DBG_ERR("%s: Failed to get volfile for volume (%s)\n",
+ volume, strerror(errno));
+ return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via 4bf010309cd selftest: Drop dummy environment variables for CTDB
daemons
via 65ab8cb014c ctdb-daemon: Do not attempt to chown Unix domain socket
in test mode
via 78c3b5b6a83 ctdb-daemon: Clean up call to bind socket
via 9404f8631ec ctdb-daemon: Clean up socket bind/secure/listen
from ee79d39aa0c idmap_nss.8.xml: update manpage as discussed on the
samba mailing list
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit 4bf010309cd747a42069cb5469ccb7711364ef18
Author: Martin Schwenke
Date: Thu Oct 29 09:05:37 2020 +1100
selftest: Drop dummy environment variables for CTDB daemons
This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
chown the socket. The chown is no longer done in test mode so remove
this confusing hack.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
Reviewed-by: Volker Lendecke
Autobuild-User(master): Amitay Isaacs
Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
commit 65ab8cb014ca7ac97433ec53d6d163e6da5a3fe7
Author: Martin Schwenke
Date: Sat Oct 24 20:35:53 2020 +1100
ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the
socket will fail.
Test mode means that local daemons are in use, so securing the socket
is not important.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
Reviewed-by: Volker Lendecke
commit 78c3b5b6a83d934c99ac25480fbc01f9aeb198e3
Author: Martin Schwenke
Date: Sat Oct 24 21:54:21 2020 +1100
ctdb-daemon: Clean up call to bind socket
Variable res is only used once and ret is re-used many times. Drop
res, use ret, which doesn't need to be initialised. Modernise debug
macro.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
Reviewed-by: Volker Lendecke
commit 9404f8631ecc028c4e98879fbc67ccd2be09249f
Author: Martin Schwenke
Date: Sat Oct 24 20:29:58 2020 +1100
ctdb-daemon: Clean up socket bind/secure/listen
Obey the coding style, modernise debug macros, clean up whitespace.
Signed-off-by: Martin Schwenke
Reviewed-by: Amitay Isaacs
Reviewed-by: Volker Lendecke
---
Summary of changes:
ctdb/server/ctdb_daemon.c | 54 ---
selftest/target/Samba3.pm | 9 +---
2 files changed, 33 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 7ebb419bc1f..9035f5b4748 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -1168,10 +1168,10 @@ static void ctdb_accept_client(struct tevent_context
*ev,
/*
- create a unix domain socket and bind it
- return a file descriptor open on the socket
-*/
-static int ux_socket_bind(struct ctdb_context *ctdb)
+ * Create a unix domain socket, bind it, secure it and listen. Return
+ * the file descriptor for the socket.
+ */
+static int ux_socket_bind(struct ctdb_context *ctdb, bool test_mode_enabled)
{
struct sockaddr_un addr = { .sun_family = AF_UNIX };
int ret;
@@ -1191,38 +1191,48 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
ret = set_blocking(ctdb->daemon.sd, false);
if (ret != 0) {
- DEBUG(DEBUG_ERR,
- (__location__
- " failed to set socket non-blocking (%s)\n",
- strerror(errno)));
+ DBG_ERR("Failed to set socket non-blocking (%s)\n",
+ strerror(errno));
goto failed;
}
- if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) ==
-1) {
- DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n",
ctdb->daemon.name));
+ ret = bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr));
+ if (ret == -1) {
+ D_ERR("Unable to bind on ctdb socket '%s'\n",
ctdb->daemon.name);
goto failed;
}
- if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 ||
- chmod(ctdb->daemon.name, 0700) != 0) {
- DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s',
ctdb->daemon.name\n", ctdb->daemon.name));
+ if (!test_mode_enabled) {
+ ret = chown(ctdb->daemon.name, geteuid(), getegid());
+ if (ret != 0 && !test_mode_enabled) {
+ D_ERR("Unable to secure (chown) ctdb socket '%s'\n",
+ ctdb->daemon.name);
+ goto failed;
+ }
+ }
+
+ ret = chmod(ctdb->daemon.name, 0700);
+ if (ret != 0) {
+ D_ERR("Unable to secur
