summaryrefslogtreecommitdiff
path: root/src/providers/fail_over.c
AgeCommit message (Collapse)AuthorFilesLines
2012-09-24Bad debug message when no dns_discovery_domain specified.Michal Zidek1-3/+11
https://fedorahosted.org/sssd/ticket/920
2012-09-13FO: Check server validity before setting statusJakub Hrozek1-5/+8
The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
2012-08-15FO: Return EAGAIN if there are more servers to tryJakub Hrozek1-0/+9
The caller should issue a next request, which would just shortcut with ENOENT.
2012-08-15FO: Don't retry the same server if it's not workingJakub Hrozek1-2/+3
2012-08-15Duplicate detection in fail over did not work.Michal Zidek1-3/+27
https://fedorahosted.org/sssd/ticket/1472
2012-08-09Don't use server after SRV data collapsedJakub Hrozek1-5/+8
2012-08-07Always mark SRV servers as primaryJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1459
2012-08-07Failover: Return last tried server if it's still being triedJakub Hrozek1-2/+6
In the failover, we treat both KDC and LDAP on the IPA server as a single "port", numbered 0. This was done in order to make sure that the SSSD always talks to the same server for both LDAP and Kerberos. However, this clever hack breaks when the IPA provider needs to establish an GSSAPI encrypted LDAP connection because we're asking the fail over code to yield a server while no server has yet been marked as tried. This triggers a fail over for the KDC, so in effect, the TGT is received from second server. If the second server is not available for some reason, the whole provider goes offline. The fail over needs to detect that the server asked for is still being resolved and return the same pointer.
2012-08-03Don't call fo_set_{server,port}_status for SRV serversJakub Hrozek1-2/+3
This bug was producing harmless, but annoying error messages.
2012-08-01Primary server support: basic support in failover codeJan Zeleny1-15/+60
Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
2012-06-20Move some debug lines to new debug log levelsStef Walter1-6/+6
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-03-29Return correct resolv_status on resolver timeoutJakub Hrozek1-11/+11
https://fedorahosted.org/sssd/ticket/1274
2012-03-06Only do one cycle when resolving a serverJakub Hrozek1-0/+7
https://fedorahosted.org/sssd/ticket/1214
2011-12-20Failover: Introduce a per-service timeoutJakub Hrozek1-0/+46
https://fedorahosted.org/sssd/ticket/976
2011-12-20Do not touch resolve_service_state in fo_resolve_service_doneJakub Hrozek1-14/+11
2011-09-28Multiline macro cleanupJakub Hrozek1-1/+2
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-07-21fo_get_server_name() getter for a server nameJakub Hrozek1-0/+9
Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-1/+1
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek1-18/+18
2011-05-02Fix minor typo in error messageStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/825
2011-04-15Set same status for duplicate serversJakub Hrozek1-0/+21
2011-04-11Remove detection of duplicates from SRV result processingJakub Hrozek1-9/+0
2011-04-01Do not attempt to resolve nameless serversJakub Hrozek1-1/+1
The failover code is not strictly in charge of resolving. Its main function is to provide a server to connect to for a service. It is legal, although not currently used, to have a server that has no name (server->common == NULL). In this case, no resolving should be done and it is assumed that the failover user, which are the SSSD back ends in our case, would perform any resolving out of band, perhaps using the user_data attribute of fo_server structure.
2011-03-09Run callbacks if server IP changesJakub Hrozek1-0/+9
2011-03-08Always expire host name resolutionJakub Hrozek1-8/+7
The previous version of the patch only expired a resolved host name if the port was being reset. We want to always expire it so we notice IP address changes even if the previous server is still up.
2011-03-07Prevent segfault in failover codeJakub Hrozek1-2/+3
2011-02-28Reset server status after timeoutJakub Hrozek1-1/+11
https://fedorahosted.org/sssd/ticket/809
2011-01-21Rename dns_domain to discovery domain for fo_add_srv_server()Stephen Gallagher1-7/+11
2011-01-21Allow fallback to SSSD domainStephen Gallagher1-4/+44
For backwards-compatibility with older versions of the SSSD (such as 1.2.x), we need to be able to have our DNS SRV record lookup be capable of falling back to using the SSSD domain name as the DNS discovery domain. This patch modifies our DNS lookups so that they behave as follows: If dns_discovery_domain is specified, it is considered authoritative. No other discovery domains will be attempted. If dns_discovery_domain is not specified, we first attempt to look up the SRV records using the domain portion of the machine's hostname. If this returns "NOTFOUND", we will try performing an SRV record query using the SSSD domain name as the DNS discovery domain. https://fedorahosted.org/sssd/ticket/754
2011-01-05Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERRORSumit Bose1-5/+5
2011-01-05Use the right status when resetting service discoverySumit Bose1-1/+1
2010-12-14Fix incorrect return value on failure in resolve_get_domain_send()Sumit Bose1-0/+1
https://fedorahosted.org/sssd/ticket/721
2010-12-14Fix improper NULL check in fo_add_srv_server()Sumit Bose1-1/+2
https://fedorahosted.org/sssd/ticket/717
2010-12-01Run checks before resetting offline stateSumit Bose1-0/+17
Before setting the backend to online during a reset offline request the check_online method if the ID provider is called. If the check_online method returns that the ID provider is still not reachable the backend stays offline. Otherwise the backend is switched to online and the related callbacks are run. Additionally the check online test is called during the res_init request because a change in /etc/resolve.conf might also make a server reachable which was assumed offline before.
2010-12-01Allow protocol fallback for SRV queriesJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/691
2010-11-24fix typo in get_server_status()Sumit Bose1-1/+1
2010-09-07Fixed small issue in memory context hierarchyJan Zeleny1-1/+1
In fail_over.c, there was a small bug causing subrequest to have wrong parent memory context. This patch fixes it.
2010-08-03Return proper error value when SRV lookup failsJakub Hrozek1-1/+1
Fixes: #587
2010-07-09Add an interface to try next fail-over server after connection to the active ↵eindenbom1-0/+21
server was unexpectedly dropped.
2010-07-09Added an interface to query number of configured (and currently resolved ↵eindenbom1-0/+13
through SRV records) failover servers.
2010-06-30Add dns_discovery_domain optionJakub Hrozek1-22/+176
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-09Fix Incorrect NULL check in get_server_common()Jakub Hrozek1-1/+1
Fixes: #518
2010-06-09Fix potential NULL dereference in fail_over.cJakub Hrozek1-2/+5
Fixes: #505
2010-05-03Fix uninitialized variableJakub Hrozek1-0/+1
2010-04-30Support SRV servers in failoverJakub Hrozek1-51/+509
Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6
2010-04-30Remove freed server_common entities from listJakub Hrozek1-1/+24
2010-04-26Treat server names as case-insensitive in failover codeJakub Hrozek1-2/+2
2010-02-22Restrict family lookupsJakub Hrozek1-9/+16
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+651
Also update BUILD.txt