summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-10-06tdb: Make tdb robust against improper CLEAR_IF_FIRST restartVolker Lendecke1-4/+28
When winbind is restarted, there is a potential crash in tdb. Following situation: We are in a cluster with ctdb. A winbind child hangs in a request to the DC. Cluster monitoring decides the node has a problem. Cluster monitoring decides to kill ctdbd. winbind child still hangs in a RPC request. winbind parent figures that ctdb is dead and immediately commits suicide. winbind parent is restarted by cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The CLEAR_IF_FIRST logic as implemented now will not see that a child still has the tdb open, only the parent holds the ACTIVE_LOCK due to performance reasons. During the CLEAR_IF_FIRST logic is done, there is a very small window where we ftruncate(tfd, 0) the file and re-write a proper header without a lock. When during this small window the winbind child comes back, wanting to store something into gencache.tdb, that winbind child will crash with a SIGBUS. Sounds unlikely? See: [2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic) PANIC (pid 1814517): internal error [2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace) BACKTRACE: 35 stack frames: #0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a] #1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b] #2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4] #3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900] #4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355] #5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76] #6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37] #7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d] #8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700] #9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505] #10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7] #11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633] #12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449] #13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3] #14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e] #15 winbindd(saf_delete+0x93) [0x7feb7d54b693] #16 winbindd(+0xe507e) [0x7feb7d3fc07e] #17 winbindd(+0xe85e5) [0x7feb7d3ff5e5] #18 winbindd(+0xe65be) [0x7feb7d3fd5be] #19 winbindd(+0xe7562) [0x7feb7d3fe562] #20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be] #21 winbindd(+0xe75d9) [0x7feb7d3fe5d9] #22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658] #23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991] #24 winbindd(+0x103175) [0x7feb7d41a175] #25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7] #26 winbindd(+0xf8609) [0x7feb7d40f609] #27 winbindd(+0xf9075) [0x7feb7d410075] #28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198] #29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc] #30 winbindd(+0x1c2b52) [0x7feb7d4d9b52] #31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60] #32 winbindd(main+0x7b3) [0x7feb7d3e7aa3] #33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd] #34 winbindd(+0xce2a9) [0x7feb7d3e52a9] This is in a winbind child, logfiles surrounding indicate the parent was restarted. This patch takes all chain locks around the CLEAR_IF_FIRST introduced tdb_new_database.
2012-10-06tdb: Make robust against shrinking tdbsRusty Russell1-12/+20
When probing for a size change (eg. just before tdb_expand, tdb_check, tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately this does nothing if the tdb has actually shrunk, which as Volker demonstrated, can actually happen if a "longlived" parent crashes. So move the map/update size/remap before the limit check. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-06We should never just assign an st_mode to an ace->perms field, theoreticallyJeremy Allison1-2/+2
they are different so should go through a mapping function. Ensure this is so. Practically this does not matter, as for user permissions the mapping function is an identity, and the extra bits we may add are ignored anyway, but this makes the intent clear. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
2012-10-05Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - ↵Jeremy Allison1-154/+141
makes the logic clearer.
2012-10-05Simplify ensure_canon_entry_valid by splitting out the _get codepath.Jeremy Allison1-3/+86
2012-10-05talloc: Convert error cecking macros into fnsSimo Sorce1-37/+74
This will avoid 'surprise returns' and makes the code cleare to readers. These macros were complex enough to warrant a full function anyway not just for readability but also for debuggability. Thanks David for pointing out this issue. Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104
2012-10-05Add tests for talloc_memlimitSimo Sorce1-0/+172
Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri Oct 5 07:36:38 CEST 2012 on sn-devel-104
2012-10-05Add memory limiting capability to tallocSimo Sorce5-40/+327
By calling talloc_set_memlimit() we can now set a max memory limit for a whole talloc hierarchy. ANy attempt to allocate memory beyond the max allowed for the whole hierarchy wil cause an allocation failure. Stealing memory correctly accounts for used memory in the old and the new hierarchy but exceeding the memory limit in the new parent will not cause a failure.
2012-10-05Ensure the masks don't conflict with the ACL checks.Jeremy Allison2-2/+4
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Oct 5 00:36:40 CEST 2012 on sn-devel-104
2012-10-04Update WHATSNEW.txt with removed parameters.Jeremy Allison1-0/+4
2012-10-04Remove the parameters:Jeremy Allison13-185/+33
security mask force security mode directory security mask force directory security mode and update the docs.
2012-10-04Remove all uses of ↵Jeremy Allison2-20/+10
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode and replace with the normal masks. Now these parameters can be removed.
2012-10-04Revert "Add functions to programatically set the security mask and directory ↵Jeremy Allison2-16/+0
security mask parameters." This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7. Not now needed as part of the move to remove security mask parameters.
2012-10-04Revert "When creating a new file/directory, we need to obey the create ↵Jeremy Allison1-15/+0
mask/directory mask parameters." This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78. Remove this as we're planning to remove the security mask, directory security mask parameters and only use create mask/directory mask.
2012-10-04html docs: Remove link to Using Samba.Karolin Seeger1-4/+0
Thanks to Christian Perrier <bubulle@debian.org> for reporting! Fix bug #7826 - HTML docs index file still points to Using Samba. Karolin Autobuild-User(master): Karolin Seeger <kseeger@samba.org> Autobuild-Date(master): Thu Oct 4 13:48:00 CEST 2012 on sn-devel-104
2012-10-04docs: Remove duplicate synonym min protocol.Karolin Seeger1-1/+0
Karolin
2012-10-04s3fs-smbd: Make sure the registry is set up before we init printing.Andreas Schneider1-4/+4
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Thu Oct 4 12:06:29 CEST 2012 on sn-devel-104
2012-10-04waf: Build pam_smbpass module only if enabled.Andreas Schneider2-1/+5
2012-10-04tdb: add -e option to tdbdump (and docment it).Rusty Russell2-3/+53
This allows for an emergency best-effort dump. It's a little better than strings(1). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au> Autobuild-Date(master): Thu Oct 4 03:16:06 CEST 2012 on sn-devel-104
2012-10-04tdb: tdbdump should log errors, and fail in that case.Rusty Russell1-2/+38
Dumping a corrupt database should not exit silently with 0 status! Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-04tdb: add tdb_rescue()Rusty Russell7-4/+622
This allows for an emergency best-effort dump. It's a little better than strings(1). Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-10-03Correct fix for bug #9222 - smbd ignores the "server signing = no" setting ↵Jeremy Allison1-6/+11
for SMB2. Signing cannot be disabled for SMB2 by design, so fix the documentation instead. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 3 23:47:23 CEST 2012 on sn-devel-104
2012-10-03Revert "Fix bug #9222 - smbd ignores the "server signing = no" setting for ↵Jeremy Allison2-12/+4
SMB2." This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245. As Metze pointed out: From MS-SMB2 section 2.2.4: SMB2_NEGOTIATE_SIGNING_ENABLED When set, indicates that security signatures are enabled on the server. The server MUST set this bit, and the client MUST return STATUS_INVALID_NETWORK_RESPONSE if the flag is missing. I'll submit a documentation bug to fix #9222 that way.
2012-10-03Fix bug #9214 - Bad user supplied SMB2 credit value can cause smbd to call ↵Jeremy Allison1-1/+6
smb_panic. Terminate the connection cleanly instead.
2012-10-03s3-docs: add delete_lost option to vfs_streams_depot.8Björn Baumbach1-0/+19
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Oct 3 18:10:14 CEST 2012 on sn-devel-104
2012-10-03s3-docs: Fix opening and ending tag mismatch in Samba3-HOWTO (Bug #9235)Björn Baumbach1-2/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-10-03s4: samba_backup: Fix typos.Björn Baumbach1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-10-03s4:tortore/rpc/lsa: make more use of torture_assert*Stefan Metzmacher1-47/+40
Currently samba3.rpc.lsa.privileges.lsa.Privileges(s3dc) seems to be flakey. We may be able to find the bug with this, or at least mark it as flapping. metze
2012-10-03wintest: Give dcpromo more timeAndrew Bartlett1-1/+1
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Oct 3 16:04:44 CEST 2012 on sn-devel-104
2012-10-03wintest: Give netdom join more time to completeAndrew Bartlett2-2/+2
2012-10-03wintest: Add config file for a second hostAndrew Bartlett1-0/+104
2012-10-03wintest: bump version to 4.1Andrew Bartlett1-1/+1
2012-10-03nsswitch: Build nss_winbind on all supported platformsAndrew Bartlett1-10/+49
This matches what the autoconf build can do. Andrew Bartlett
2012-10-03selftest: Always build a linux-style nss_winbind for nss_wrapperAndrew Bartlett4-5/+20
2012-10-03provision: Use logger rather than print.Jelmer Vernooij1-1/+1
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org> Autobuild-Date(master): Wed Oct 3 14:24:09 CEST 2012 on sn-devel-104
2012-10-03s4-provision: do not skip setting the acls on sysvolMatthieu Patou2-2/+4
Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Wed Oct 3 10:26:06 CEST 2012 on sn-devel-104
2012-10-03Fix bug #9222 - smbd ignores the "server signing = no" setting for SMB2.Jeremy Allison2-4/+12
Still sign if client request is signed, just don't negotiate it in negprot or sessionsetup. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
2012-10-02When creating a new file/directory, we need to obey the create ↵Jeremy Allison1-0/+15
mask/directory mask parameters. Currently we call FSET_NT_ACL to inherit any ACLs on create. However FSET_NT_ACL uses the security mask/directory security mask parameters instead of the create mask/directory mask parameters. Swap them temporarily when creating to ensure the correct masks are applied. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 2 22:27:17 CEST 2012 on sn-devel-104
2012-10-02Add functions to programatically set the security mask and directory ↵Jeremy Allison2-0/+16
security mask parameters.
2012-10-02When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER ↵Jeremy Allison1-0/+10
and SMB_ACL_GROUP entries.
2012-10-02Only apply masks on non-default ACL entries when setting the ACL.Jeremy Allison1-9/+19
2012-10-02Use is_default_acl variable in canonicalise_acl().Jeremy Allison1-2/+3
2012-10-02Reformat spacing to be even.Jeremy Allison1-7/+8
2012-10-02tdb: Fix a typoVolker Lendecke1-1/+1
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Oct 2 19:52:16 CEST 2012 on sn-devel-104
2012-10-02s3-net: Fix DEBUG() location.Günther Deschner1-1/+1
Guenther Autobuild-User(master): Günther Deschner <gd@samba.org> Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104
2012-10-02s3-net: give more control how to update/register DNS entries.Günther Deschner3-24/+76
Guenther
2012-10-02s3-net: pass down a flags field to DoDNSUpdate().Günther Deschner2-2/+5
Guenther
2012-10-02s3-net: move out some prototypes to net_dns.h.Günther Deschner3-22/+34
Guenther
2012-10-02s3-net: pass down struct net_context to the dns update calls.Günther Deschner1-9/+11
Guenther
2012-10-02s3-kerberos: add aes enctypes to generated krb5.conf.Günther Deschner1-5/+24
Guenther
generated by cgit (git 2.34.1) at 2024-11-07 09:50:46 +0000