Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link
Singed-off-by: Alex Sharov (kororland@gmail.com) Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224
Signed-off-by: Guenther Deschner <gd@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul 7 10:44:37 UTC 2025 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 18 12:10:03 UTC 2025 on atb-devel-224
Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Feb 17 18:33:15 UTC 2025 on atb-devel-224
s3:rpc_client: remember the local/remote ipv4 or ipv6 addresses
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b6123197d13b5350b8fc88e9c8d59f0f05c3aed6)
s3:rpc_client: split out cli_rpc_pipe_client_auth_schannel()
This will allow us to use it without creating a new
association group and transport connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 14fe854ec5379c422e805cde6ed6290f86ad66db)
This will allow to do an alter context if security context multiplexing
is negotiated or opening a new connection in the same association group.
The old connection will be kept open, but not used anymore...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit dd7980841593d18081216e6eb3e1b0fb9bd9c757)
s3:rpc_client: make real use of rpc_client_{association,connection}
This will allow NCACN_NP and NCACN_IP_TCP to support
alter_context with security context multiplexing
or otherwise more than one connection per association group.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 899c9f2d6836c3b63acb6f261690c087e287afde)
s3:rpc_client: let cli_rpc_pipe_open() use rpc_client_connection_np()
This way cli_rpc_pipe_open() uses the same flow for
rpc_client_connection_np() and rpc_pipe_open_tcp_port().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fab0d27c5cf4885c31d7ed04ea69eda7992ea209)
s3:rpc_client: convert rpc_pipe_open_np() to rpc_client_{association,connection}
This split out rpc_client_connection_np_send/recv, which will
be used as shortcut in a later commit.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7b9cef2a29333c6338520754927ee37027738010)
s3:rpc_client: convert rpc_pipe_open_tcp_port() to rpc_client_{association,connection}
Note that cli_rpc_pipe_open() calls rpc_client_association_create()
without a need for NCACN_NP, but that will change in the next commits...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 637a8e5270fefaea5c61921d4b6ecfc4455a91aa)
s3:rpc_client: convert rpc_pipe_open_local_np() to rpc_client_{association,connection}
For rpc_pipe_open_local_np() it's not really important to abstract
these out, but we want to have these for all...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 338dd71cc39195fcf25977b40b9772775972bc9f)
s3:rpc_client: convert rpc_pipe_open_ncalrpc() to rpc_client_{association,connection}
For rpc_pipe_open_ncalrpc() it's not really important to abstract these
out, but we want to have these for all...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5e9c2ebb37b276d7c90b4cc8397c4853f62aa189)
s3:rpc_client: add struct rpc_client_{association,connection} and helpers
They will be every useful for NCACN_NP and NCACN_IP_TCP,
so that we can support alter_context or more than one connection
per association group.
We mark the helpers as _UNUSED_ for now in order to compile...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 327fe920d07e5bcbcaa0f09f276aad2b99d68235)
s3:rpc_client: only pass the pipe_name to rpc_transport_np_init_send()
There's no need to have the ndr_interface_table at that stage...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5b3573135b222755cd897d4539c0e5a89f7cdf5b)
s3:rpc_client: make most of rpc_pipe_client internal struct members
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ae88941c8a2e4e9c7d0deb9c39dcbb2f9fab0ebb)
s3:librpc/rpc: split out dcerpc_internal.h for struct pipe_auth_data
This should be anonymous for callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b874619b5ed5d29a939f13d8064a47c8aca45b8c)
s3:libsmb: make use of dcerpc_binding_get_abstract_syntax()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8d666e18f8d254124967e7ac56fc5b171963c02f)
s3:lib/netapi: make use of dcerpc_binding_get_abstract_syntax()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fe94230f7ebedfdcc5f087b442ee91d9c44b734f)
s3:rpcclient: make use of dcerpc_binding_handle_get_transport()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e5c09e041d1517649616d0d4b072422802a69f08)
s3:winbindd: make use of dcerpc_binding_handle_get_transport()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 504906e60f9a09518202397f0aa0782242dbe3bb)
s3:rpc_client: remove references to rpc_pipe_client from wsp_cli.c
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit dc6d3c96c33797163ac578675b255872deca9b98)
This is ugly, but it's less ugly than doing it deep
inside of cli_spoolss.c and other code.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 344e45507e122137c357fc177bb024f09fff8b01)
s4:librpc: make all but dcerpc_pipe->binding_handle internal struct members
We could use a dcerpc_internal.h for struct dcecli_security and
struct dcecli_connection, but in struct dcerpc_pipe we still
expose binding_handle and changing that would require way too
much work for now...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 353af4b70559be1665df345655af43a61177c710)
s4:torture/rpc: make use of dcerpc_binding_handle_get_transport()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 382ece66063bd8ef465e989857394e6f412df6d3)
s4:tortore/rpc: make use of dcerpc_binding_get_abstract_syntax() and dcerpc_binding_get_flags()
We should not use p->syntax nor p->transfer_syntax...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1713ad96a42e9245697a29d4899924cfbf636fc5)
s4:torture/rpc: make use of dcerpc_binding_handle_get_binding() and dcerpc_binding_get_flags()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7ed9867fa82ae61a4522a724580900adce7e2bb5)
s4:libnet: make use of dcerpc_binding_handle_get_transport()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a4b1845f4c5202afedd65b9d0db2866de75420a5)
s4:libnet: make use of dcerpc_binding_handle_get_binding()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad20c6656aa6798541b71b172534054c172d3aa5)
It returns an alloced string so it should not be marked as
const...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9fe85a93539adb73ae59247d044746073915684a)
librpc/rpc: add dcerpc_binding_handle_get_transport() helper function
This will allow callers to avoid the dcerpc_binding_handle_get_binding()
dcerpc_binding_get_transport() dance...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0e751215b349e10cc796065d6d01de35f52b41fd)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a038e7d8cf7a93ecf9a3e0c906f0d0db81ecee54)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit fffc6e0f37a2d6a6612e17ad6fa777ae6a8eb3b6)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ef5d79eb6feefa2b7c5821ced98773d6d8fdd3a)
s4:librpc/rpc: call dcerpc_binding_set_abstract_syntax after bind or alter context
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e8d59ca3361bcdaf4db729eeb4a71f714bd9feda)
s3:winbindd: implement wbint_bh_get_binding() in winbindd_dual_ndr.c
We use NCACN_INTERNAL here too...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8c2aa56c7003e690252dfb05f78fd083c0c13dab)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a6034592faf0676532c97a79b9c542bcd2de9537)
We just create an dummy binding handle here
as it's not really dcerpc...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 66411b96b88fbb7b405efa87015e4af1f2988fad)
librpc/rpc: add get_binding() to dcerpc_binding_handle_ops
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1adf226e74375b2fb0932380f13bf19d8d856ea4)
s3:rpc_client: header signing is negotiated per transport connection
All gensec backends support GENSEC_FEATURE_SIGN_PKT_HEADER, so there's
no point in negotiating header signing based on the
auth context used during the DCERPC Bind.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 72b79a771fdbf54aa73b4c1b0372b9dffd81bfa6)
s3:rpc_client: make use of struct samba_sockaddr in rpc_pipe_open_ncalrpc()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d406f9fffede27220f4d589c8ab3c7210ca01b74)
s3:rpcclient: make use of dcerpc_binding_handle_auth_info()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8dcbbebe56d3dad3650eca79322150e9d397e227)
s3:rpc_client: the transport_session_key is per connection!
It's not per auth_context_id, currently there's no difference
but that will change in future...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 1a311df3d61d3f3dbb986cc35470df6445802ff6)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3a3338bd184e3c51eab48fb1a03b1b3e749f2dc6)
s3:rpcclient/cli_drsuapi: make use of dcerpc_binding_handle_auth_session_key()
Note we only need to call this once per connection, not after
each request...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f75189dee9db486d393cd17c25f5a84ce2d0b889)
s3:libnet_dssync: make use of dcerpc_binding_handle_auth_session_key()
Note we only need to call this once per connection, not after
each request...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 099c8d904ece0edbefecbaa51fa50256fd2ea7c0)
s3:rpc_client: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 77da0914d5cccd7116ca3b6f75cb4d0cd0107239)
s3:utils/net_rpc: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a14ac349deca11cda4159266cb3119fb3024999c)
s3:libnet_join: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 56175a0947fbb56d151fca057cf9696d55ea5d82)
s3:lib/netapi: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2cb726e92c819d60509419a33cd8da265e1c99e7)
s4:torture/drs: make use of dcerpc_binding_handle_auth_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bbe529a2f6090d2b9df0f361aee9b0a28523cefe)
s4:pyrpc: make use of dcerpc_binding_handle_auth_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 38874d28404f49a075bab71fb7357d266173791a)
s4:py_net: make use of dcerpc_binding_handle_auth_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5d3faa86fd47d6bc887e182f3eb5a51144339549)
s4:libnet: make use of dcerpc_binding_handle_auth_session_key() in libnet_become_dc.c
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bf888b59e34169e1f6b9fd1d211cb8ff973cf333)
s4:drepl: make use of dcerpc_binding_handle_auth_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 51f5eefcd119b5981281924a45380d99f9158a88)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit af16ecece870846323956c37d3e15abe24e336fd)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 64467157479c04cb4bafa6c4ec19213009f0643f)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5e34173041eb04e30f3f6f81a3269d621220b09c)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d9bf23f971dd8f426424f05076e76be587d42087)
s4:torture/rpc: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4ccd2dd8a2f78bcd53c047889b8043e8d95a6d55)
xss4:pyrpc: make use of dcerpc_binding_handle_transport_session_key()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 57905603e066e2d1ca60268b1b1e8166868d60e5)
s4:libnet: make use of dcerpc_binding_handle_transport_session_key() in libnet_passwd.c
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 93e8d58736e53d8d360ef2ee40f1619bd917c054)
s4:libnet: add struct dcerpc_binding_handle helper variables in libnet_passwd.c
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2d1c182bf512666606b8192b2021d571a47d2f58)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3cc6ddeb589f0357c436d1caa70130f053ddcba0)
s4:pyrpc: let py_iface_transport_encrypted() use dcerpc_binding_handle_transport_encrypted()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9567d753ac0fcffb50f3710f3329334afb7595cd)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 5bb35cc7cca101390e58256e9b38e31113211e4f)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9b50ab08c16c197291835c8e66cd064ca0bb6579)
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3dc3f9cf1b6fc47baea329863e31ff140cf89550)
s4:torture/rpc: avoid using DCERPC_NDR_REF_ALLOC in fsrvp.c
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 061267e0e4de5c6379205a09376ec21374a87a3d)
s4:torture/rpc: remove useless usage of DCERPC_SIGN, DCERPC_SEAL
We already used DCERPC_AUTH_LEVEL_PRIVACY for the connection.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 136ee756fe3a41f863c2d1d538ad029bfe54e1d1)
s4:torture/rpc: avoid checking p->last_fault_code in iremotewinspool*
Now that we check for NT_STATUS_RPC_UNSUPPORTED_TYPE, there's no
need to check for DCERPC_NCA_S_UNSUPPORTED_TYPE.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit b0be3c8af8240cfb7bc0b63fb7bf73f0f1655e4e)
librpc/rpc: map DCERPC_NCA_S_UNSUPPORTED_TYPE to NT_STATUS_RPC_UNSUPPORTED_TYPE
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 492f6a0eef7e7c64806ac9137c18a76fd116766d)
librpc/rpc: map DCERPC_NCA_S_SERVER_TOO_BUSY to NT_STATUS_RPC_SERVER_TOO_BUSY
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 722e93e4d9ace010e44cc041e6614ce5b71265d8)
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 6f0ae60428a024b4aba92a8103a698c1eca2357c)
Autobuild-User(v4-21-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-21-test): Mon Jun 2 17:07:31 UTC 2025 on atb-devel-224
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu May 29 10:57:35 UTC 2025 on atb-devel-224
Martin Schwenke [Thu, 15 May 2025 04:01:16 +0000 (14:01 +1000)]
ctdb-daemon: Run "startipreallocate" event in SHUTDOWN runstate
Even though all nodes may be shutting down there is still a very small
window for a race when multiple nodes are shut down. For simplicity,
assume 2 nodes. Assume the shutdowns of nodes are staggered, which is
usual because they're usually initiated by a loop (e.g. onnode -p all
ctdb shutdown). Although commands can continue in parallel, some
commands are started later than others.
Consider this sequence:
1. Node 0 reaches ctdb_shutdown_takeover() in
ctdb_shutdown_sequence() and a takeover run starts
2. Node 1 has not yet set its runlevel to SHUTDOWN in
ctdb_shutdown_sequence()
3. The leader node asks node 1 which IPs it can host
4. Node 1 replies "all of them"
5. Node 1 now sets its runlevel to SHUTDOWN in
ctdb_shutdown_sequence()
6. The leader node continues with the takeover run, first asking all
nodes to run "startipreallocate"
7. Node 0 runs "startipreallocate", so its NFS server starts grace
8. Node 1 does not run "startipreallocate" because it is not in
RUNNING runstate, so its NFS server does not start grace
9. The leader node continues with the takeover run, first asking all
nodes to run "releaseip" for IPs they can no longer hold
10. Node 0 releases all IPs, since it is SHUTDOWN runstate (so can't
host IPs)
11. As part of this, the NFS server on node 0 releases locks held
against IPs it is releasing
12. A client connected to node 1, where the NFS server is not in
grace, takes ("steals") one of those locks
This client is then permitted to reclaim the lock when nodes are
restarted.
Martin Schwenke [Mon, 12 May 2025 01:33:19 +0000 (11:33 +1000)]
ctdb-daemon: Add failover on shutdown
Without this, NFS servers on other nodes will not go into grace before
this node releases locks. This should also support improved behaviour
for SMB durable file handles.
The timeout is currently a constant 10s. However, it will
subsequently be switched to an option.
Martin Schwenke [Wed, 14 May 2025 06:55:51 +0000 (16:55 +1000)]
ctdb-protocol: Add CTDB server SRVID range
Normally, communication from other components to ctdbd is done via
controls. However, there are contexts where receiving SRVID messages
in ctdbd makes sense, such as replies to outgoing SRVID messages.
Martin Schwenke [Wed, 21 May 2025 12:17:42 +0000 (22:17 +1000)]
ctdb-daemon: Avoid aborting during early shutdown
An early shutdown can put ctdbd into SHUTDOWN runstate before ctdbd
has completed all early initialisation. Some of the start-time
transitions then attempt to set the runstate to FIRST_RECOVERY or
RUNNING, which would make the runstate go backwards, so ctdbd aborts.
Upcoming changes cause ctdbd shutdown to take longer, so the problem
will become more likely. With those changes, this can be
unreliably (50% of the time?) triggered by:
since it does an early shutdown due to a version mismatch.
Avoid this by noticing when the runstate is SHUTDOWN and refusing to
continue with subsequent early initialisation steps, which aren't
needed when shutting down.
Earlier runstate transitions do not seems likely to cause an abort
during early shutdown. The following:
sees ctdbd already into FIRST_RECOVERY before the shutdown is
processed.
The change to ctdb_run_startup() probably isn't strictly necessary.
There will be no abort in this case. ctdb_shutdown_sequence() will
always run the "shutdown" event and then stop the event daemon, so it
doesn't seem possible that services could be left running. However,
we might as well avoid running the "startup" event when shutting down,
even if only to avoid confusing logs.
Ultimately, it seems like some redesign would be needed to avoid this
in a more predictable manner, rather than responding when an early
initialisation step inconveniently completes during shutdown. For
example, hanging a lot of the start-time event handling off a common
talloc context, could allow it to be cancelled with a single
TALLOC_FREE(). However, a change like that would involve a lot of
analysis to ensure that the talloc hierarchy is correct and there is
no change of free'd pointers being dereferenced. So, we're probably
better off just keeping this issue in mind during a broader redesign.
projects / thirdparty / samba.git / log
