Rev 656: lower the stress on secrets.tdb by making the mutexes for
both the krb5 replay cache and the multi-logon keys local per
node in http://samba.org/~tridge/3_0-ctdb
tridge at samba.org
tridge at samba.org
Mon Oct 22 07:14:18 GMT 2007
------------------------------------------------------------
revno: 656
revision-id: tridge at samba.org-20071022071416-qv9s1sy0nh42v7hv
parent: tridge at samba.org-20071022002338-50ecmla3rqbwa6kh
committer: Andrew Tridgell <tridge at samba.org>
branch nick: s3-ctdb-tridge
timestamp: Mon 2007-10-22 17:14:16 +1000
message:
lower the stress on secrets.tdb by making the mutexes for both the krb5 replay cache and the multi-logon keys local per node
modified:
source/auth/auth_domain.c auth_domain.c-20070210173807-1wjifrbwaz6xnmgl-326
source/auth/auth_server.c auth_server.c-20070210173807-1wjifrbwaz6xnmgl-330
source/libads/kerberos_verify.c kerberos_verify.c-20070210173807-1wjifrbwaz6xnmgl-560
source/nsswitch/winbindd_cm.c winbindd_cm.c-20070210173807-1wjifrbwaz6xnmgl-741
source/passdb/secrets.c secrets.c-20070210173807-1wjifrbwaz6xnmgl-782
=== modified file 'source/auth/auth_domain.c'
--- a/source/auth/auth_domain.c 2007-09-21 06:04:56 +0000
+++ b/source/auth/auth_domain.c 2007-10-22 07:14:16 +0000
@@ -69,7 +69,7 @@
* ACCESS_DENIED errors if 2 auths are done from the same machine. JRA.
*/
- if (!(mutex = secrets_named_mutex(NULL, dc_name))) {
+ if (!(mutex = secrets_named_local_mutex(NULL, dc_name))) {
return NT_STATUS_NO_LOGON_SERVERS;
}
=== modified file 'source/auth/auth_server.c'
--- a/source/auth/auth_server.c 2007-09-21 06:04:56 +0000
+++ b/source/auth/auth_server.c 2007-10-22 07:14:16 +0000
@@ -69,7 +69,7 @@
session setup yet it will send a TCP reset to the first
connection (tridge) */
- if (!(mutex = secrets_named_mutex(NULL, desthost))) {
+ if (!(mutex = secrets_named_local_mutex(NULL, desthost))) {
return NULL;
}
=== modified file 'source/libads/kerberos_verify.c'
--- a/source/libads/kerberos_verify.c 2007-09-21 06:04:56 +0000
+++ b/source/libads/kerberos_verify.c 2007-10-22 07:14:16 +0000
@@ -381,7 +381,7 @@
/* Lock a mutex surrounding the replay as there is no locking in the MIT krb5
* code surrounding the replay cache... */
- if (!(mutex = secrets_named_mutex(NULL, "replay cache mutex"))) {
+ if (!(mutex = secrets_named_local_mutex(NULL, "replay cache mutex"))) {
DEBUG(1,("ads_verify_ticket: unable to protect replay cache with mutex.\n"));
ret = KRB5_CC_IO;
goto out;
=== modified file 'source/nsswitch/winbindd_cm.c'
--- a/source/nsswitch/winbindd_cm.c 2007-09-21 06:04:56 +0000
+++ b/source/nsswitch/winbindd_cm.c 2007-10-22 07:14:16 +0000
@@ -636,7 +636,7 @@
*retry = True;
- if (!(mutex = secrets_named_mutex(NULL, controller))){
+ if (!(mutex = secrets_named_local_mutex(NULL, controller))){
DEBUG(0,("cm_prepare_connection: mutex grab failed for %s\n",
controller));
result = NT_STATUS_POSSIBLE_DEADLOCK;
=== modified file 'source/passdb/secrets.c'
--- a/source/passdb/secrets.c 2007-09-24 00:02:07 +0000
+++ b/source/passdb/secrets.c 2007-10-22 07:14:16 +0000
@@ -983,6 +983,27 @@
}
/*******************************************************************************
+ Lock the secrets tdb based on a string - this is used as a primitive form of mutex
+ between smbd instances. This varient makes the lock local to this node if we
+ are clustered
+*******************************************************************************/
+
+void *secrets_named_local_mutex(TALLOC_CTX *mem_ctx, const char *name)
+{
+ char *name2;
+ void *mutex;
+
+ name2 = talloc_asprintf(mem_ctx, "LOCAL[%u]: %s", get_my_vnn(), name);
+ if (name2 == NULL) {
+ return NULL;
+ }
+
+ mutex = secrets_named_mutex(mem_ctx, name2);
+ talloc_free(name2);
+ return mutex;
+}
+
+/*******************************************************************************
Store a complete AFS keyfile into secrets.tdb.
*******************************************************************************/
More information about the samba-cvs
mailing list