Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 17 14:04:01 CEST 2015 on sn-devel-104
Uri Simchoni [Sun, 12 Jul 2015 06:38:01 +0000 (09:38 +0300)]
torture: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
Also remove inclusion of some system files, relying on
replace/system/*.h instead.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jul 17 04:41:14 CEST 2015 on sn-devel-104
Uri Simchoni [Sun, 12 Jul 2015 06:36:46 +0000 (09:36 +0300)]
fssd: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:31:52 +0000 (09:31 +0300)]
source3/lib: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:30:36 +0000 (09:30 +0300)]
lib/util: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Sun, 12 Jul 2015 06:29:13 +0000 (09:29 +0300)]
tdbrestore: include config.h before any glibc headers
config.h may have some flags which affect glibc behavior, e.g.
_FILE_OFFSET_BITS=64. To make sure these flags have the desired
effect, config.h must be included before any glibc header files.
This commit does not fix a specific known bug. It changes the code to
comply with coding conventions.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: "Stefan Metzmacher" <metze@samba.org>
Uri Simchoni [Thu, 2 Jul 2015 17:15:43 +0000 (20:15 +0300)]
libads: disable dns_lookup_realm in auto-generated krb5.conf files
This patch sets dns_lookup_realm=false in samba-generated krb5.conf.
Disabling dns_lookup_realm in krb5.conf is the recommended practice for
Kerberos usage in Active Directory environment. dns_lookup_realm is enabled
by default, at least in Heimdal.
When used by samba, Kerberos libraries operate based on either the system
krb5.conf, or a private krb5.conf generated specifically for the domain by
samba code. In the former case, it's the responsibility of the administrator
to set dns_lookup_realm=false. In the latter case, it's the responsibility
of samba - which is what this patch does.
In many usage scenarios the value of this variable is of no consequence
since samba knows the realm in which it is operating, and knows how to
generate service principal names. However, there are some scenarios
in which samba calls kerberos_get_principal_from_service_hostname(),
and here samba consults the Kerberos libraries and this parameter comes
into play. One primary example is cli_full_connection() function.
Not setting dns_lookup_realm leads to a series of DNS TXT record lookups.
This can be observed by running "net ads join -k -U <user>".
In AD environments, the TXT queries typically fail quickly, but test setups
or misconfigured DNS may lead to large timeouts (for example, if the domain
is dept.example.com but there's no parent example.com domain and no DNS
zones for example.com). At the very least we want to avoid those lookups
because they are hardly documented and lead to confusion.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Uri Simchoni [Mon, 13 Jul 2015 18:42:57 +0000 (21:42 +0300)]
winbindd: shorten client list scan
Counting on the client list being sorted by last access time,
the list scan for removing timed-out clients is shortened - once
the list is scanned oldest to newest, and once a non-timed-out
client is found, the scan can stop.
Also, finding the oldest idle client for removing an idle client
is simplified - oldest idle client is last idle client.
Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 16 01:45:20 CEST 2015 on sn-devel-104
Uri Simchoni [Tue, 2 Jun 2015 21:36:27 +0000 (00:36 +0300)]
winbind client: avoid vicious cycle created by client retry
This patch cancels the retry policy of the winbind client.
When winbindd fails to respond to a request within 30 seconds,
the winbind client closes the connection and retries up to 10
times.
In some cases, delayed response is a result of multiple
requests from multiple clients piling up on the winbind domain
child process. Retrying just piles more and more requests,
creating a vicious cycle.
Even in the case of a single request taking long to complete,
there's no point in retrying because the retry request would just
wait for the current request to complete. Better to wait patiently.
There's one possible benefit in the retry, namely that winbindd typically
caches the results, and therefore a retry might take a cached result, so
the net effect of the retry may be to increase the timeout to 300 seconds.
But a more straightforward way to have a 300 second timeout is to modify the
timeout. Therefore the timeout is modified from 30 seconds to 300 seconds
(IMHO 300 seconds is too much, but we have "winbind rquest timeout"
with a default of 60 to make sure the request completes or fails
within 60 seconds)
Uri Simchoni [Thu, 25 Jun 2015 07:12:37 +0000 (10:12 +0300)]
winbindd: verify that client has closed the connection
A recent change was to remove a client if the client socket
has become readable. In this change, a check is added to
determine the source of the readbility (actual readability,
closed connection, or some other error), and a suitable
debug message is printed.
Uri Simchoni [Thu, 25 Jun 2015 06:46:24 +0000 (09:46 +0300)]
async_req: check for errors when monitoring socket for readability
Add an option to wait_for_read_send(), so that the request, upon
calling back, report whether the socket actually contains data
or is in EOF/error state. EOF is signalled via the EPIPE error.
This is useful for clients which do not expect data to arrive but
wait for readability to detect a closed socket (i.e. they do not
intend to actually read the socket when it's readable). Actual data
arrival would indicate a bug in this case, so the check can
be used to print an error message.
Uri Simchoni [Thu, 25 Jun 2015 05:59:20 +0000 (08:59 +0300)]
winbindd: cleanup client connection if the client closes the connection
This patch allows for early cleanup of client connections if the client
has given up.
Before this patch, any received request would be processed, and then only
upon transmitting the result to the client would winbindd find out the
client is no longer with us, possibly leading to a situation where the
same client tries over and over and increases the number of client
connections.
This patch monitors the client socket for readability while the request
is being processed, and closes the client connection if the socket
becomes readable. The client is not supposed to be writing anything to
the socket while it is waiting, so readability means either that the client
has closed the connection, or that it has broken the protocol.
Uri Simchoni [Mon, 22 Jun 2015 03:38:04 +0000 (06:38 +0300)]
winbindd: set file descriptor limit according to configuration
Set the winbindd process file descriptor limit according to
the values that affect it in the configuration:
- Maximum number of clients
- Number of outgoing connections per domain
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul 15 19:35:48 CEST 2015 on sn-devel-104
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 15 04:50:36 CEST 2015 on sn-devel-104
s4-torture: add test for ClusterControl to clusapi testsuite.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org> Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): José A. Rivera <jarrpa@samba.org>
Autobuild-Date(master): Wed Jul 15 00:25:38 CEST 2015 on sn-devel-104
Jeremy Allison [Mon, 13 Jul 2015 21:15:45 +0000 (14:15 -0700)]
s3: tests: Add blackbox test for scopy.
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 14 16:10:44 CEST 2015 on sn-devel-104
Martin Schwenke [Wed, 1 Jul 2015 08:32:35 +0000 (18:32 +1000)]
ctdb-scripts: Remove 60.ganesha, replace with callout for 60.nfs
This isn't a straightforward move of code from 60.ganesha to the
callout. Simplifications have been made to allow better
interoperation with the new NFS checking logic.
The following configuration variables have been removed:
This is now always enabled. If nfsd thread monitoring is not required
then make CTDB_NFS_CALLOUT point to a wrapper around
nfs-linux-kernel-callout that does not implement "monitor-post".
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Fri, 19 Jun 2015 06:35:12 +0000 (16:35 +1000)]
ctdb-scripts: Switch NFS checks to new style
Note that the 60.ganesha RPC checks need to be identical to those in
the nfs-checks.d/ directory. This is because the NFS unit test
infrastructure checks output against what should be produced by the
checks in nfs-checks.d/. This is a minor issue, since one of the aims
of this work is to remove the need for a separate 60.ganesha.
In most cases configuration variable CTDB_NFS_DUMP_STUCK_THREADS is
now ignored. This is now handled by passing the desired number of
threads to the command specified in the service_debug_cmd variable in
a .check file.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Wed, 17 Jun 2015 09:35:21 +0000 (19:35 +1000)]
ctdb-scripts: NFS RPC checks should be simple and consistent
Change status, nlockmgr, mountd, rquotad to be unhealthy after 6
rpcinfo check failures and do a verbose restart after every 2
failures. Change 60.ganesha for consistency, since 60.ganesha tests
are broken and depend on the consistency.
Apart from the consistency aspect, the check infrastructure will soon
be simplified so that it only allows the equivalent of "unhealthy" and
"verbose restart:b" actions.
Update tests to have a corresponding numbers of iterations. Run 1
extra iteration in most tests to check there are no unexpected
behaviour changes after the designated number of iterations completes.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Thu, 18 Jun 2015 04:08:02 +0000 (14:08 +1000)]
ctdb-tests: Allow 2nd argument of nfs_iterate_test() to be null
This means that required result will not be calculated on each
iteration. This is useful in baseline tests where, say, all
iterations should succeed and produce no output. This is useful for
confirming that the eventscript and test infrastructure is working
correctly.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Mon, 6 Jul 2015 02:02:00 +0000 (12:02 +1000)]
ctdb-daemon: Improve error messages when eventscript control is cancelled
Warn specifically about cancellation instead of printing a generic
error message. Also pass back an error message for the tool - it
could just rely on the status but it already looks at the error
message.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
ctdb-daemon: Avoid double-free during monitor cancellation
The eventscript state should never be freed externally, so it should
never be allocated off a temporary context. It will either be freed
by the handler or in the cancellation code.
Signed-off-by: Amitay Isaacs <amitay@gmail.com> Pair-programmed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Martin Schwenke <martin@meltin.net>
Martin Schwenke [Wed, 8 Jul 2015 11:23:48 +0000 (21:23 +1000)]
ctdb-scripts: Support monitoring of interestingly named VLANs on bonds
VLAN interfaces on bonds with a name other than <iface>.<id>@<iface>
are not currently supported. That is, where the VLAN name isn't based
on the underlying bond name. Such VLAN interfaces can be created with
the "ip link" command, as opposed to the "vconfig" command, or by
renaming a VLAN interface.
This is improved by determining the underlying interface name for a
VLAN from the output of "ip link".
No serious attempt is made to support VLANs with '@' in their name,
although this seems to be legal. Why would you do that?
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Martin Schwenke [Tue, 7 Jul 2015 10:49:38 +0000 (20:49 +1000)]
ctdb-scripts: Fix regression in VLAN interface support
Commit 6471541d6d2bc9f2af0ff92b280abbd1d933cf88 broke support for VLAN
interfaces. Releasing a public IP address depends on
ip_maskbits_iface() and for a VLAN interface this will return an
interface of the form <vlan>@<iface>, which can't be fed back into
"ip" commands.
Update ip_maskbits_iface() to drop the '@' and everything after it.
Signed-off-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Amitay Isaacs <amitay@gmail.com> Reported-by: Jan Schwaratzki <jschwaratzki@ddn.com>
projects / thirdparty / samba.git / log
