[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 7d846cd178d s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return. via 6a9d22f4a91 dsdb/mod/operational: correct comment arithmetic from 2a49ccbcf5e s3-vfs_glusterfs: refuse connection when write-behind xlator is present https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 7d846cd178d653600c71ee4bd6a491a9e48a56da Author: Jeremy Allison Date: Mon Nov 2 15:46:51 2020 -0800 s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486 Signed-off-by: Jeremy Allison Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Nov 3 01:56:59 UTC 2020 on sn-devel-184 commit 6a9d22f4a91e07b8af0f1fb3a7d0cbab2ca0c76f Author: Douglas Bagnall Date: Fri Oct 23 16:30:25 2020 +1300 dsdb/mod/operational: correct comment arithmetic E + F is not 1F! E + F is 1D! Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett --- Summary of changes: source3/modules/vfs_glusterfs.c | 2 ++ source4/dsdb/samdb/ldb_modules/operational.c | 5 - 2 files changed, 6 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index eea5b30e327..dacedd8e04a 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -338,11 +338,13 @@ static int check_for_write_behind_translator(TALLOC_CTX *mem_ctx, "Please check the vfs_glusterfs(8) manpage for " "further details.\n", volume); + TALLOC_FREE(lines); TALLOC_FREE(option); TALLOC_FREE(buf); return -1; } + TALLOC_FREE(lines); TALLOC_FREE(option); TALLOC_FREE(buf); return 0; diff --git a/source4/dsdb/samdb/ldb_modules/operational.c b/source4/dsdb/samdb/ldb_modules/operational.c index 50e913cdd5c..3c0bd039d56 100644 --- a/source4/dsdb/samdb/ldb_modules/operational.c +++ b/source4/dsdb/samdb/ldb_modules/operational.c @@ -797,7 +797,10 @@ static NTTIME get_msds_user_password_expiry_time_computed(struct ldb_module *mod * * 0x7FFEULL + 0x7FFFULL * = -* 0xULL +* 0xFFFDULL +* +* or to put it another way, adding two numbers less than 1<<63 can't +* ever be more than 1<<64, therefore this result can't wrap. */ ret = (NTTIME)pwdLastSet - (NTTIME)maxPwdAge; if (ret >= 0x7FFFULL) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 2a49ccbcf5e s3-vfs_glusterfs: refuse connection when write-behind xlator is present via 08f8f665d40 docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs from 4bf010309cd selftest: Drop dummy environment variables for CTDB daemons https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 2a49ccbcf5e3ff0f6833bcb7f04b800125f1783f Author: Günther Deschner Date: Mon Nov 2 12:30:36 2020 +0100 s3-vfs_glusterfs: refuse connection when write-behind xlator is present s3-vfs_glusterfs: refuse connection when write-behind xlator is present Once the new glusterfs api is available we will programmtically disable the translator, for now we just refuse the connection as there is a potential for serious data damage. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486 Guenther Signed-off-by: Guenther Deschner Pair-Programmed-With: Sachin Prabhu Pair-Programmed-With: Anoop C S Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Mon Nov 2 21:40:33 UTC 2020 on sn-devel-184 commit 08f8f665d409ee7b93840c25a8142f2ce8bacfa1 Author: Sachin Prabhu Date: Thu Oct 15 12:14:33 2020 +0100 docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs Add warning about data corruption with the write-behind translator. The data corruption is highlighted by the smbtorture test smb2.rw.rw1. More information about this data corruption issue is available in the bz. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486 Signed-off-by: Sachin Prabhu Reviewed-by: Jeremy Allison Reviewed-by: Guenther Deschner --- Summary of changes: docs-xml/manpages/vfs_glusterfs.8.xml | 22 + source3/modules/vfs_glusterfs.c | 89 +++ 2 files changed, 111 insertions(+) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml b/docs-xml/manpages/vfs_glusterfs.8.xml index cf3b8e5e384..7a4da1af919 100644 --- a/docs-xml/manpages/vfs_glusterfs.8.xml +++ b/docs-xml/manpages/vfs_glusterfs.8.xml @@ -161,6 +161,28 @@ + + CAVEATS + + +The GlusterFS write-behind performance translator, when used +with Samba, could be a source of data corruption. The +translator, while processing a write call, immediately returns +success but continues writing the data to the server in the +background. This can cause data corruption when two clients +relying on Samba to provide data consistency are operating on +the same file. + + +The write-behind translator is enabled by default on GlusterFS. +The vfs_glusterfs plugin will check for the presence of the +translator and refuse to connect if detected. +Please disable the write-behind translator for the GlusterFS +volume to allow the plugin to connect to the volume. + + + + VERSION diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c index ca8b54829cd..eea5b30e327 100644 --- a/source3/modules/vfs_glusterfs.c +++ b/source3/modules/vfs_glusterfs.c @@ -264,6 +264,90 @@ out: /* Disk Operations */ +static int check_for_write_behind_translator(TALLOC_CTX *mem_ctx, +glfs_t *fs, +const char *volume) +{ + char *buf = NULL; + char **lines = NULL; + int numlines = 0; + int i; + char *option; + bool write_behind_present = false; + size_t newlen; + int ret; + + ret = glfs_get_volfile(fs, NULL, 0); + if (ret == 0) { + DBG_ERR("%s: Failed to get volfile for " + "volume (%s): No volfile\n", + volume, + strerror(errno)); + return -1; + } + if (ret > 0) { + DBG_ERR("%s: Invalid return %d for glfs_get_volfile for " + "volume (%s): No volfile\n", + volume, + ret, + strerror(errno)); + return -1; + } + + newlen = 0 - ret; + + buf = talloc_zero_array(mem_ctx, char, newlen); + if (buf == NULL) { + return -1; + } + + ret = glfs_get_volfile(fs, buf, newlen); + if (ret != newlen) { + TALLOC_FREE(buf); + DBG_ERR("%s: Failed to get volfile for volume (%s)\n", + volume, strerror(errno)); + return
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 4bf010309cd selftest: Drop dummy environment variables for CTDB daemons via 65ab8cb014c ctdb-daemon: Do not attempt to chown Unix domain socket in test mode via 78c3b5b6a83 ctdb-daemon: Clean up call to bind socket via 9404f8631ec ctdb-daemon: Clean up socket bind/secure/listen from ee79d39aa0c idmap_nss.8.xml: update manpage as discussed on the samba mailing list https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 4bf010309cd747a42069cb5469ccb7711364ef18 Author: Martin Schwenke Date: Thu Oct 29 09:05:37 2020 +1100 selftest: Drop dummy environment variables for CTDB daemons This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to chown the socket. The chown is no longer done in test mode so remove this confusing hack. Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Reviewed-by: Volker Lendecke Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184 commit 65ab8cb014ca7ac97433ec53d6d163e6da5a3fe7 Author: Martin Schwenke Date: Sat Oct 24 20:35:53 2020 +1100 ctdb-daemon: Do not attempt to chown Unix domain socket in test mode If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the socket will fail. Test mode means that local daemons are in use, so securing the socket is not important. Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Reviewed-by: Volker Lendecke commit 78c3b5b6a83d934c99ac25480fbc01f9aeb198e3 Author: Martin Schwenke Date: Sat Oct 24 21:54:21 2020 +1100 ctdb-daemon: Clean up call to bind socket Variable res is only used once and ret is re-used many times. Drop res, use ret, which doesn't need to be initialised. Modernise debug macro. Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Reviewed-by: Volker Lendecke commit 9404f8631ecc028c4e98879fbc67ccd2be09249f Author: Martin Schwenke Date: Sat Oct 24 20:29:58 2020 +1100 ctdb-daemon: Clean up socket bind/secure/listen Obey the coding style, modernise debug macros, clean up whitespace. Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Reviewed-by: Volker Lendecke --- Summary of changes: ctdb/server/ctdb_daemon.c | 54 --- selftest/target/Samba3.pm | 9 +--- 2 files changed, 33 insertions(+), 30 deletions(-) Changeset truncated at 500 lines: diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c index 7ebb419bc1f..9035f5b4748 100644 --- a/ctdb/server/ctdb_daemon.c +++ b/ctdb/server/ctdb_daemon.c @@ -1168,10 +1168,10 @@ static void ctdb_accept_client(struct tevent_context *ev, /* - create a unix domain socket and bind it - return a file descriptor open on the socket -*/ -static int ux_socket_bind(struct ctdb_context *ctdb) + * Create a unix domain socket, bind it, secure it and listen. Return + * the file descriptor for the socket. + */ +static int ux_socket_bind(struct ctdb_context *ctdb, bool test_mode_enabled) { struct sockaddr_un addr = { .sun_family = AF_UNIX }; int ret; @@ -1191,38 +1191,48 @@ static int ux_socket_bind(struct ctdb_context *ctdb) ret = set_blocking(ctdb->daemon.sd, false); if (ret != 0) { - DEBUG(DEBUG_ERR, - (__location__ - " failed to set socket non-blocking (%s)\n", - strerror(errno))); + DBG_ERR("Failed to set socket non-blocking (%s)\n", + strerror(errno)); goto failed; } - if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == -1) { - DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name)); + ret = bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)); + if (ret == -1) { + D_ERR("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name); goto failed; } - if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 || - chmod(ctdb->daemon.name, 0700) != 0) { - DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n", ctdb->daemon.name)); + if (!test_mode_enabled) { + ret = chown(ctdb->daemon.name, geteuid(), getegid()); + if (ret != 0 && !test_mode_enabled) { + D_ERR("Unable to secure (chown) ctdb socket '%s'\n", + ctdb->daemon.name); + goto failed; + } + } + + ret = chmod(ctdb->daemon.name, 0700); + if (ret != 0) { + D_ERR("Unable to secur