| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
In the child, we fully re-open serverid.tdb, which leads to one fcntl lock for
CLEAR_IF_FIRST detection per smbd. This opens the tdb in the parent and holds
it, so that tdb_reopen_all correctly catches the CLEAR_IF_FIRST bit.
|
|
The notify tdb files are opened at tconX time, which leads to one fcntl lock
for CLEAR_IF_FIRST detection per smbd. This opens the tdbs in the parent and
holds it, so that tdb_reopen_all correctly catches the CLEAR_IF_FIRST bit.
|
|
In the child, we fully re-open messaging.tdb, which leads to one fcntl lock for
CLEAR_IF_FIRST detection per smbd. This opens the tdb in the parent and holds
it, so that tdb_reopen_all correctly catches the CLEAR_IF_FIRST bit.
|
|
This boolean option controls whether at exit time the server dumps a list of
files with debug level 0 that were still open for write. This is an
administrative aid to find the files that were potentially corrupt if the
network connection died.
|
|
|
|
metze
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
to respond to a read or write."
This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20.
This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728).
(cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
|
|
|
|
|
|
Jeremy.
|
|
On unclean shutdown we can end up with stale entries in the brlock,
connections and locking db. Previously we would do the cleanup on
every unclean exit, but that can cause smbd to be completely
unavailable for several minutes when a large number of child smbd
processes exit.
This adds a rate limited cleanup of the databases, with the default
that cleanup happens at most every 20s
|
|
These have been replaced with the min timeout in blocking.c
|
|
respond to a read or write.
Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability
to allow Linux threads under different euids to send signals to each other.
Jeremy.
|
|
This is a small performance optimization. Instead of opening the tdb
on every smb connection in the forked child process, we now open it in
the parent and share the fd.
This also reduces the total fd usage in the system.
|
|
metze
|
|
Missing become_root()/unbecome_root() around reload_services.
Jeremy.
|
|
This provides a compromise between stability and performance: gencache is a
persistent database these days that for performance reasons can not use tdb
transactions for all writes. This patch splits up gencache into gencache.tdb
and gencache_notrans.tdb. gencache_notrans is used with CLEAR_IF_FIRST, writes
to it don't use transactions. By default every 5 minutes and when a program
exits, all entries from _notrans.tdb are transferred to gencache.tdb in one
transaction.
|
|
Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in smbd.pid, while the "all" target
would send a message to all processes.
The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful. This was implemented
in winbindd in 065760ed. This patch does the same thing for smbd.
Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.
The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.
|
|
|
|
We weren't reaping children in the [x]inetd case.
Jeremy.
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
When we run out of file descriptors for some reason, every new
connection forks a child that immediately panics causing smbd to
coredump. This seems unnecessarily harsh; with this code change we
now catch that error and merely log a message about it and exit
without the core dump.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
|
|
metze
|
|
This code path can't really happen anymore, because
launchd support was removed with commit e5a951325a6cac8567af3a66de6d2df577508ae4.
But it's confusing to have that code there...
metze
|
|
Guenther
|
|
Jeremy.
|
|
|
|
* move to reinit_after_fork() to protect all Samba daemons
* only protect parent processes
|
|
This was uncovered when the MAX FD limit was hit, causing an instant core
and invoking error reporting. This fix causes SMBD to exit, but without
building a core.
|
|
This commit adds a configure argument which allows for setting MADV_PROTECT
in the madvise() API. With this enabled the kernel won't kill SMBD when
it's running low on memory.
|
|
|
|
Michael
|
|
This restores the pre e0232934fbf69a9e72de1d9844b14d70b34a2d6a
behavior.
metze
|
|
metze
|
|
metze
|
|
metze
|
|
This the process_kernel_oplock() function never response to messages,
it only generates messages to ourself.
metze
|
|
metze
|
|
metze
|
|
We should behave the same in inetd, interactive and deamon modes.
metze
|
|
metze
|
|
triggered now
metze
|
|
And always setup the fd events.
metze
|
|
|
