Volker Lendecke [Tue, 2 Oct 2012 13:26:14 +0000 (15:26 +0200)]
tdb: Make tdb robust against improper CLEAR_IF_FIRST restart
When winbind is restarted, there is a potential crash in tdb. Following
situation: We are in a cluster with ctdb. A winbind child hangs
in a request to the DC. Cluster monitoring decides the node has a
problem. Cluster monitoring decides to kill ctdbd. winbind child
still hangs in a RPC request. winbind parent figures that ctdb is
dead and immediately commits suicide. winbind parent is restarted by
cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The
CLEAR_IF_FIRST logic as implemented now will not see that a child still
has the tdb open, only the parent holds the ACTIVE_LOCK due to performance
reasons. During the CLEAR_IF_FIRST logic is done, there is a very small
window where we ftruncate(tfd, 0) the file and re-write a proper header
without a lock. When during this small window the winbind child comes
back, wanting to store something into gencache.tdb, that winbind child
will crash with a SIGBUS.
Rusty Russell [Sat, 6 Oct 2012 11:23:05 +0000 (13:23 +0200)]
tdb: Make robust against shrinking tdbs
When probing for a size change (eg. just before tdb_expand, tdb_check,
tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately
this does nothing if the tdb has actually shrunk, which as Volker
demonstrated, can actually happen if a "longlived" parent crashes.
So move the map/update size/remap before the limit check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Jeremy Allison [Fri, 5 Oct 2012 22:51:19 +0000 (15:51 -0700)]
We should never just assign an st_mode to an ace->perms field, theoretically
they are different so should go through a mapping function. Ensure this is so.
Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
Simo Sorce [Fri, 5 Oct 2012 14:32:32 +0000 (10:32 -0400)]
talloc: Convert error cecking macros into fns
This will avoid 'surprise returns' and makes the code cleare to readers.
These macros were complex enough to warrant a full function anyway not
just for readability but also for debuggability.
Thanks David for pointing out this issue.
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104
Simo Sorce [Sat, 22 Sep 2012 20:15:47 +0000 (16:15 -0400)]
Add memory limiting capability to talloc
By calling talloc_set_memlimit() we can now set a max memory limit
for a whole talloc hierarchy.
ANy attempt to allocate memory beyond the max allowed for the whole
hierarchy wil cause an allocation failure.
Stealing memory correctly accounts for used memory in the old and the new
hierarchy but exceeding the memory limit in the new parent will not cause
a failure.
Jeremy Allison [Wed, 3 Oct 2012 21:49:01 +0000 (14:49 -0700)]
Remove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
and replace with the normal masks. Now these parameters can be removed.
Rusty Russell [Wed, 3 Oct 2012 23:34:23 +0000 (09:04 +0930)]
tdb: add -e option to tdbdump (and docment it).
This allows for an emergency best-effort dump. It's a little better than
strings(1).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Thu Oct 4 03:16:06 CEST 2012 on sn-devel-104
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.
I'll submit a documentation bug to fix #9222 that way.
Björn Baumbach [Tue, 2 Oct 2012 09:37:11 +0000 (11:37 +0200)]
s3-docs: add delete_lost option to vfs_streams_depot.8
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 3 18:10:14 CEST 2012 on sn-devel-104
Jeremy Allison [Tue, 2 Oct 2012 17:25:14 +0000 (10:25 -0700)]
When creating a new file/directory, we need to obey the create mask/directory mask parameters.
Currently we call FSET_NT_ACL to inherit any ACLs on create. However
FSET_NT_ACL uses the security mask/directory security mask parameters
instead of the create mask/directory mask parameters.
Swap them temporarily when creating to ensure the correct masks
are applied.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 2 22:27:17 CEST 2012 on sn-devel-104
Fix release script to build full set of documentation
build-docs script was not setting XML catalog properly.
In addition, some time ago pdf versions of images were introduced as
generated dependencies in our books but svg -> pdf rule was not added,
so building books never finished properly.
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Oct 2 16:21:23 CEST 2012 on sn-devel-104
Matthieu Patou [Tue, 2 Oct 2012 04:43:11 +0000 (21:43 -0700)]
s4-dns: fix a non handled memory out of memory
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Tue Oct 2 09:43:52 CEST 2012 on sn-devel-104
s3fs-smbd: Move housekeeping to the background process.
If you add 200 printers using lpadmin. Then you wait for the printcap
cache to expire. As soon as this expires we notify all deamons that they
should reload the printers. This mean we need to create the default
registry keys for each printer. If you do e.g. a 'smbclient -L' during
that time you will get a lot of timeouts.
This lets the housekeeping function of the printcap cache do the task of
creating the default registry keys in background queue process. When it is done
with the task it will tell all smbd childs to reload the printers and the 200
printers appear.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 1 20:28:23 CEST 2012 on sn-devel-104
Kai Blin [Sun, 30 Sep 2012 09:26:24 +0000 (11:26 +0200)]
s4 dns: Fix return code for deleted records
This fixes bug #9225. We already had a test for this scenario, but the test wasn't
correct. This patch fixes the test, and also fixes the bug.
Signed-off-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Sun Sep 30 13:09:14 CEST 2012 on sn-devel-104
With the prior code we assumed that we do not have kernel oplocks around
when we open a file because we handled samba-internal oplock breaks
before the open attempt.
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 29 19:29:36 CEST 2012 on sn-devel-104
s3: Remove share mode handling before we open the file
This is a significant behaviour change: We do not open the file under
the share mode lock anymore. This might lead to more open calls in case
of oplock breaks or sharing violations, but those are slow error paths
and as such might be not too performance sensitive. The benefit of this
patch is a significant reduction of complexity of open_file_ntcreate()
With the new behaviour, we call fcb_or_dos_open after open_file(). It
is open_file() that sets up the fsp so that fcb_or_dos_open can find it
in the list of fsps. Avoid finding the fsp we are just setting up.
s3: Copy share mode handling from before to after open_file
This is a 1:1 copy&paste of the oplock/sharemode code that we do before
an existing file is opened. It is a prerequiste for a patch that removes
all of that handling before we open the file.
David Disseldorp [Thu, 27 Sep 2012 10:34:53 +0000 (12:34 +0200)]
vfs: check full_audit enum->str mapping on startup
Signed-off-by: Jim McDonough <jmcd@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Sep 28 19:28:49 CEST 2012 on sn-devel-104
Christian Ambach [Tue, 25 Sep 2012 01:25:36 +0000 (03:25 +0200)]
s3:nfs4acls filter away inheritance flags on files
While it is possible to define inheritance flags on files on Windows, this will
be denied by GPFS and UFS (and potentially others).
So it will be better to strip of these bits when being set for files instead of
failing to set the ACL completely (this is current behavior).
Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as
other pieces of the SD are also lost when translating to NFSv4. So this should
not be a too intrusive change, but allow users to migrate data with such flags
instead of failing to migrate the ACL completely.
projects / thirdparty / samba.git / log
