Age | Commit message (Collapse) | Author | Files | Lines |
|
It avoid bugs when one of the buffer is supposed to contain a string
that is not null terminated (ie. label->label) and that we don't force
the last byte to 0.
|
|
Reported-by: Matthieu Patou <mat@samba.org>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Mon Oct 8 04:43:37 CEST 2012 on sn-devel-104
|
|
When winbind is restarted, there is a potential crash in tdb. Following
situation: We are in a cluster with ctdb. A winbind child hangs
in a request to the DC. Cluster monitoring decides the node has a
problem. Cluster monitoring decides to kill ctdbd. winbind child
still hangs in a RPC request. winbind parent figures that ctdb is
dead and immediately commits suicide. winbind parent is restarted by
cluster management, overwriting gencache.tdb with CLEAR_IF_FIRST. The
CLEAR_IF_FIRST logic as implemented now will not see that a child still
has the tdb open, only the parent holds the ACTIVE_LOCK due to performance
reasons. During the CLEAR_IF_FIRST logic is done, there is a very small
window where we ftruncate(tfd, 0) the file and re-write a proper header
without a lock. When during this small window the winbind child comes
back, wanting to store something into gencache.tdb, that winbind child
will crash with a SIGBUS.
Sounds unlikely? See:
[2012/09/29 07:02:31.871607, 0] lib/util.c:1183(smb_panic)
PANIC (pid 1814517): internal error
[2012/09/29 07:02:31.877596, 0] lib/util.c:1287(log_stack_trace)
BACKTRACE: 35 stack frames:
#0 winbindd(log_stack_trace+0x1a) [0x7feb7d4ca18a]
#1 winbindd(smb_panic+0x2b) [0x7feb7d4ca25b]
#2 winbindd(+0x1a3cc4) [0x7feb7d4bacc4]
#3 /lib64/libc.so.6(+0x32900) [0x7feb7a929900]
#4 /lib64/libc.so.6(memcpy+0x35) [0x7feb7a97f355]
#5 /usr/lib64/libtdb.so.1(+0x6e76) [0x7feb7b0b0e76]
#6 /usr/lib64/libtdb.so.1(+0x3d37) [0x7feb7b0add37]
#7 /usr/lib64/libtdb.so.1(+0x863d) [0x7feb7b0b263d]
#8 /usr/lib64/libtdb.so.1(+0x8700) [0x7feb7b0b2700]
#9 /usr/lib64/libtdb.so.1(+0x2505) [0x7feb7b0ac505]
#10 /usr/lib64/libtdb.so.1(+0x25b7) [0x7feb7b0ac5b7]
#11 /usr/lib64/libtdb.so.1(tdb_fetch+0x13) [0x7feb7b0ac633]
#12 winbindd(gencache_set_data_blob+0x259) [0x7feb7d4d8449]
#13 winbindd(gencache_set+0x53) [0x7feb7d4d85b3]
#14 winbindd(gencache_del+0x5e) [0x7feb7d4d879e]
#15 winbindd(saf_delete+0x93) [0x7feb7d54b693]
#16 winbindd(+0xe507e) [0x7feb7d3fc07e]
#17 winbindd(+0xe85e5) [0x7feb7d3ff5e5]
#18 winbindd(+0xe65be) [0x7feb7d3fd5be]
#19 winbindd(+0xe7562) [0x7feb7d3fe562]
#20 winbindd(init_dc_connection+0x2e) [0x7feb7d3fe5be]
#21 winbindd(+0xe75d9) [0x7feb7d3fe5d9]
#22 winbindd(cm_connect_netlogon+0x58) [0x7feb7d3fe658]
#23 winbindd(_wbint_PingDc+0x61) [0x7feb7d410991]
#24 winbindd(+0x103175) [0x7feb7d41a175]
#25 winbindd(winbindd_dual_ndrcmd+0xb7) [0x7feb7d4107d7]
#26 winbindd(+0xf8609) [0x7feb7d40f609]
#27 winbindd(+0xf9075) [0x7feb7d410075]
#28 winbindd(tevent_common_loop_immediate+0xe8) [0x7feb7d4db198]
#29 winbindd(run_events_poll+0x3c) [0x7feb7d4d93fc]
#30 winbindd(+0x1c2b52) [0x7feb7d4d9b52]
#31 winbindd(_tevent_loop_once+0x90) [0x7feb7d4d9f60]
#32 winbindd(main+0x7b3) [0x7feb7d3e7aa3]
#33 /lib64/libc.so.6(__libc_start_main+0xfd) [0x7feb7a915cdd]
#34 winbindd(+0xce2a9) [0x7feb7d3e52a9]
This is in a winbind child, logfiles surrounding indicate the parent
was restarted.
This patch takes all chain locks around the CLEAR_IF_FIRST introduced
tdb_new_database.
|
|
When probing for a size change (eg. just before tdb_expand, tdb_check,
tdb_rescue) we call tdb_oob(tdb, tdb->map_size, 1, 1). Unfortunately
this does nothing if the tdb has actually shrunk, which as Volker
demonstrated, can actually happen if a "longlived" parent crashes.
So move the map/update size/remap before the limit check.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This will avoid 'surprise returns' and makes the code cleare to readers.
These macros were complex enough to warrant a full function anyway not
just for readability but also for debuggability.
Thanks David for pointing out this issue.
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct 5 23:24:17 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Simo Sorce <idra@samba.org>
Autobuild-Date(master): Fri Oct 5 07:36:38 CEST 2012 on sn-devel-104
|
|
By calling talloc_set_memlimit() we can now set a max memory limit
for a whole talloc hierarchy.
ANy attempt to allocate memory beyond the max allowed for the whole
hierarchy wil cause an allocation failure.
Stealing memory correctly accounts for used memory in the old and the new
hierarchy but exceeding the memory limit in the new parent will not cause
a failure.
|
|
security mask
force security mode
directory security mask
force directory security mode
and update the docs.
|
|
This allows for an emergency best-effort dump. It's a little better than
strings(1).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Autobuild-User(master): Rusty Russell <rusty@rustcorp.com.au>
Autobuild-Date(master): Thu Oct 4 03:16:06 CEST 2012 on sn-devel-104
|
|
Dumping a corrupt database should not exit silently with 0 status!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
This allows for an emergency best-effort dump. It's a little better than
strings(1).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 2 19:52:16 CEST 2012 on sn-devel-104
|
|
Guenther
|
|
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 26 02:13:10 CEST 2012 on sn-devel-104
|
|
|
|
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Sep 25 22:40:39 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 25 18:03:46 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Tue Sep 25 06:38:40 CEST 2012 on sn-devel-104
|
|
This uses the setproctitle() from libc, libsetproctitle or libbsd.
If none is available it provides a dummy implementation.
|
|
This is normally handled by the waf core, but for HP-UX we currently fail.
The autoconf code hard-codes a case for HP-UX, but I want to try testing
it using a generic system first.
Andrew Bartlett
|
|
On the Sernet-solaris8 host, this test passed in the autoconf build,
then failed in the recursive waf build. This newer test should probe
the behaviour more closely, by checking we get two distinct, secure
files.
Andrew Bartlett
|
|
In any case, the Samba Team stopped supporting SCO systems a long time ago.
Andrew Bartlett
|
|
Removing this unbuilt file allows removing BROKEN_GETGRNAM which was only
ever defined per-OS, not based on an actual test.
Andrew Bartlett
|
|
The issue is that this file is both used in an autoconf test, and
later in a smbtorture test. Because os2_delete.c does not include
replace.h, bool may not be defined.
So, instead we shift the need for bool to a different header.
(The readdir tests in repdir.m4 are not yet in the waf configure).
Andrew Bartlett
|
|
|
|
It's possible for a client to send 0 bytes in a UDP packet,
we need still need to call recvfrom() and skip the invalid
packet at a higher level. Otherwise the kernel receive queue
is blocked.
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
"wrong format"
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
fix typo in ifdef. Thanks to Joachim Schmitz for spotting this!
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Tue Sep 18 16:06:18 CEST 2012 on sn-devel-104
|
|
GLOBAL_VAR(panic_action)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep 18 06:12:00 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 17 23:47:57 CEST 2012 on sn-devel-104
|
|
See bug #8107
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Sep 16 04:05:08 CEST 2012 on sn-devel-104
|
|
forwarder'
This simplifies a very common configuration.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
|
|
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Sep 12 10:33:37 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 11 20:08:37 CEST 2012 on sn-devel-104
|
|
|
|
Don't use "isprint" in ldb_binary_encode(). This is locale specific.
Restrict to ASCII only, hex encode everything else.
|
|
|
|
This is in order to be able to turn durable handles off and on on a per share
basis.
Note: This is only used in combination with:
kernel share modes = no
kernel oplocks = no
posix locking = no
Which means CIFS/SMB2 only access.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
flocks
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
(This completes commit d0878b3b8179b1cf061e1058bacbe670363b51c6)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
why the hell do IRIX systems headers like quota.h use types that are available
only with such a define...?
|
|
a leftover from bug #8777
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|