Martin Schwenke [Tue, 18 Jun 2024 05:38:18 +0000 (15:38 +1000)]
ctdb-daemon: Improve error handling when releasing all IPs
Currently, event failures are completely ignored in favour of checking
if the IP is on an interface. This misses the case where event
scripts up to and including 10.interface succeed, but something later
fails. When that occurs, count is incremented, so the failure is
counted as a success in the summary that is logged.
Fail when releaseip fails even though 10.interface succeeded in
releasing the IP. This may result in the IP address coming back, but
that's a different problem.
Underlying this is a design question about when releaseip is
successful. Should releaseip be a distinct operation, with subsequent
reconfigurations considered separately?
Update logging to clearly identify each of the 3 possible errors.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Thu, 3 Oct 2024 05:13:30 +0000 (15:13 +1000)]
ctdb-tcp: Modernise a DEBUG
This is last old-style one in this file.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Mon Oct 7 17:12:18 UTC 2024 on atb-devel-224
Martin Schwenke [Thu, 3 Oct 2024 05:07:40 +0000 (15:07 +1000)]
ctdb-tcp: Only attempt to automatically bind to local IPs
Automatic node address selection in the TCP transport does not work if
net.ipv4.ip_nonlocal_bind=1 because all nodes will be able to bind()
to the first address in the nodes list.
Before getting to the bind() step, add a check to see if an address is
local (i.e. on an interface). If not, it is not considered.
This is defensively coded so that this step is skipped if local
addresses can not be retrieved.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Sun, 29 Sep 2024 04:10:22 +0000 (14:10 +1000)]
ctdb-server: Optimise local IP verification
It is more efficient calling ctdb_sys_local_ip_check() inside a loop
compared to calling ctdb_sys_have_ip(). There is a chance that this
is premature optimisation... but it sure is easy. Fall back to
checking with bind().
Martin Schwenke [Sun, 29 Sep 2024 04:06:51 +0000 (14:06 +1000)]
ctdb-server: Add some local variables
Improve readability by not repeating the complex expression now
assigned to addr. ctdb_sys_have_ip() is called in both arms of the
if/else, so call it once when declaring the new variable.
Modernise debug macros while touching lines.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Martin Schwenke [Sun, 29 Sep 2024 01:57:58 +0000 (11:57 +1000)]
ctdb-common: Add functions for local IP address checking
This is a wrapper around getifaddrs(2), which is in libreplace, so
should always be available.
Some users want to set net.ipv4.ip_nonlocal_bind = 1. So, CTDB needs
a way of testing if public IPs are present, without using bind(2).
Doing all of this unconditionally in ctdb_sys_have_ip() will be
inefficient in the recovery daemon's local IP verification if there
are a lot of IP addresses. Split it this way so the interface
information can be retrieved once and used multiple times.
This doesn't appear to need IP canonicalisation for IPv4-mapped IPv6
addresses.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Anoop C S [Tue, 17 Sep 2024 18:28:50 +0000 (23:58 +0530)]
vfs_glusterfs: Retrieve fs capabilities using vfs_get_fs_capabilities
vfs_glusterfs is supposed to be the last entry when listed with
other vfs modules. This is due to the fact that the connection path
is not local to the server but relative to the virtual remote file
system beneath it. Especially SMB_VFS_FS_CAPABILITIES implementation
from vfs_default is likely to return incorrect results based on the
connection path assumed to be local to the server which might not be
the case with glusterfs module stacked. Therefore it doesn't make sense
to pass through any vfs interface implementations further down the line
to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Oct 7 13:36:11 UTC 2024 on atb-devel-224
Anoop C S [Thu, 3 Oct 2024 06:59:58 +0000 (12:29 +0530)]
vfs_ceph_new: Populate fs capabilities within vfs_ceph_statvfs
SMB_VFS_STATVFS implementation for vfs_ceph_new failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
Anoop C S [Tue, 17 Sep 2024 18:20:25 +0000 (23:50 +0530)]
vfs_ceph: Retrieve fs capabilties using vfs_get_fs_capabilities
vfs_ceph is supposed to be the last entry when listed with other vfs
modules. This is due to the fact that the connection path is not local
to the server but relative to the virtual remote file system beneath
it. Especially SMB_VFS_FS_CAPABILITIES implementation from vfs_default
is likely to return incorrect results based on the connection path
assumed to be local to the server which might not be the case with
ceph module stacked. Therefore it doesn't make sense to pass through
any vfs interface implementations further down the line to vfs_default.
Instead make use of get_fs_capabilties to start with already known fs
capabilties from connect phase.
Anoop C S [Mon, 23 Sep 2024 09:25:59 +0000 (14:55 +0530)]
vfs_ceph: Populate fs capabilities within cephwrap_statvfs
SMB_VFS_STATVFS implementation for vfs_ceph failed to fill in the
FsCapabilities field for vfs_statvfs_struct. Insert the minimum
required values for defining the capabilties of a ceph file system.
Anoop C S [Tue, 24 Sep 2024 05:36:58 +0000 (11:06 +0530)]
s3/smbd: Add a helper to fetch fs capabilities
We create a new helper function to retrieve the fs capabilties via
STATVFS call. Additionally set other capabilities based on specific
parametric options. This is 99.9% taken from SMB_VFS_FS_CAPABILITIES
implementation of vfs_default in preparation to be called from any
required vfs module.
Martin Schwenke [Wed, 4 Sep 2024 10:20:20 +0000 (20:20 +1000)]
ctdb-tests: Fix test failure when tests are installed
This currently works when tests are run in-tree.
However, when installed, use of an incorrect variable means it fails
to find statd_callout in the tests/ subdirectory. Switch to using the
correct variable.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 11:07:05 UTC 2024 on atb-devel-224
Martin Schwenke [Wed, 4 Sep 2024 10:10:43 +0000 (20:10 +1000)]
ctdb-tests: Add missing quotes in test output
These should have caused test failure since commit ef921bdbdbacecf39ee2a1851f16dbba62175fcc. However, the test failure
occurred in a sub-shell, which covered the failure. So, add an error
exit if the sub-shell fails.
While here, add an error exit for another potential uncaught
sub-shell-related failure in a related test.
Signed-off-by: Martin Schwenke <mschwenke@ddn.com> Reviewed-by: Anoop C S <anoopcs@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Oct 6 02:25:09 UTC 2024 on atb-devel-224
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sat Oct 5 14:44:46 UTC 2024 on atb-devel-224
netcmd:domain:policy: Fix missing conversion from tgt_lifetime minutes to 10^(-7) seconds
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15692 Signed-off-by: Andréas Leroux <aleroux@tranquil.it> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Oct 4 04:01:22 UTC 2024 on atb-devel-224
This should fix a few Coverity Resource Leak findings. Coverity does
not understand that SMB_ASSERT aborts the program, so it believes if
realloc fails we leak the previous allocation. Those are false
positives, but doing it this way does not cost much.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
ADD_TO_ARRAY with an explicit NULL mem_ctx is only used in 3
places. I've checked the other places, and I think I made sure that the
mem_ctx being passed in is non-NULL everywhere else.
This makes the "legacy" use with SMB_REALLOC more obvious.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
d1846452e96 vfs: Add VFS_OPEN_HOW_WITH_BACKUP_INTENT introduced
VFS_OPEN_HOW_WITH_BACKUP_INTENT for files opened with
FILE_OPEN_FOR_BACKUP_INTENT. shadow_copy2 refuses the open on a file if
any flage in how.resolve is set. Change the check in shadow_copy2 to
allow opening of files with VFS_OPEN_HOW_WITH_BACKUP_INTENT.
This fixes a O(n²) performance regression in notifyd. The problem was
that we had a watcher per notify instance. This changes the code to have
a watcher per notify db entry.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 1 14:22:43 UTC 2024 on atb-devel-224
s3:winbindd: let store_current_dc_in_gencache() take the dcaddr directly
We could avoid relying on smbXcli_conn_remote_sockaddr() as much as
possible, because we aim to remove domain->conn.cli same day...
Also note that find_dc() always filled domain->dcaddr already
when cm_open_connection() calls store_current_dc_in_gencache().
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Oct 1 11:01:35 UTC 2024 on atb-devel-224
s3:passdb: ENCTYPE_DES_CBC_MD5 is not longer used in secrets_domain_info_kerberos_keys()
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Sep 30 17:03:55 UTC 2024 on atb-devel-224
system_mitkrb5: require 1.16 as we use ENCTYPE_AES256_CTS_HMAC_SHA384_192
commit 8e931fce126e8c1128da893c806702731c08758a introduced that
implicit dependency, we better make it more clear, which might
allow relying on more modern stuff in future...
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sun Sep 29 11:49:13 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Sep 28 01:20:01 UTC 2024 on atb-devel-224
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 27 09:06:43 UTC 2024 on atb-devel-224
Remove enum perm_type: Only the _NEW_ defines were actually used, and
this made the logic harder for me to understand than necessary.
On the other hand, it forced you to think about what this is. Now you
could theoretically miss applying masks. Still, I like it better with
this patch.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s3:rpc_client: let rpccli_connect_netlogon() reuse the existing connection
We either use security context multiplexing if negotiated and
just do an alter_context on the existing connection or
we create a new connection within the same association group.
This is basically what windows clients are doing...
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
s3:rpc_client: make real use of rpc_client_{association,connection}
This will allow NCACN_NP and NCACN_IP_TCP to support
alter_context with security context multiplexing
or otherwise more than one connection per association group.
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
projects / thirdparty / samba.git / log
