Rev 656: lower the stress on secrets.tdb by making the mutexes for both the krb5 replay cache and the multi-logon keys local per node in http://samba.org/~tridge/3_0-ctdb

[tridge at samba.org]

------------------------------------------------------------
revno: 656
revision-id: tridge at samba.org-20071022071416-qv9s1sy0nh42v7hv
parent: tridge at samba.org-20071022002338-50ecmla3rqbwa6kh
committer: Andrew Tridgell <tridge at samba.org>
branch nick: s3-ctdb-tridge
timestamp: Mon 2007-10-22 17:14:16 +1000
message:
  lower the stress on secrets.tdb by making the mutexes for both the krb5 replay cache and the multi-logon keys local per node
modified:
  source/auth/auth_domain.c      auth_domain.c-20070210173807-1wjifrbwaz6xnmgl-326
  source/auth/auth_server.c      auth_server.c-20070210173807-1wjifrbwaz6xnmgl-330
  source/libads/kerberos_verify.c kerberos_verify.c-20070210173807-1wjifrbwaz6xnmgl-560
  source/nsswitch/winbindd_cm.c  winbindd_cm.c-20070210173807-1wjifrbwaz6xnmgl-741
  source/passdb/secrets.c        secrets.c-20070210173807-1wjifrbwaz6xnmgl-782
=== modified file 'source/auth/auth_domain.c'
--- a/source/auth/auth_domain.c	2007-09-21 06:04:56 +0000
+++ b/source/auth/auth_domain.c	2007-10-22 07:14:16 +0000
@@ -69,7 +69,7 @@
 	 * ACCESS_DENIED errors if 2 auths are done from the same machine. JRA.
 	 */
 
-	if (!(mutex = secrets_named_mutex(NULL, dc_name))) {
+	if (!(mutex = secrets_named_local_mutex(NULL, dc_name))) {
 		return NT_STATUS_NO_LOGON_SERVERS;
 	}
 	

=== modified file 'source/auth/auth_server.c'
--- a/source/auth/auth_server.c	2007-09-21 06:04:56 +0000
+++ b/source/auth/auth_server.c	2007-10-22 07:14:16 +0000
@@ -69,7 +69,7 @@
 		   session setup yet it will send a TCP reset to the first 
 		   connection (tridge) */
 
-		if (!(mutex = secrets_named_mutex(NULL, desthost))) {
+		if (!(mutex = secrets_named_local_mutex(NULL, desthost))) {
 			return NULL;
 		}
 

=== modified file 'source/libads/kerberos_verify.c'
--- a/source/libads/kerberos_verify.c	2007-09-21 06:04:56 +0000
+++ b/source/libads/kerberos_verify.c	2007-10-22 07:14:16 +0000
@@ -381,7 +381,7 @@
 	/* Lock a mutex surrounding the replay as there is no locking in the MIT krb5
 	 * code surrounding the replay cache... */
 
-	if (!(mutex = secrets_named_mutex(NULL, "replay cache mutex"))) {
+	if (!(mutex = secrets_named_local_mutex(NULL, "replay cache mutex"))) {
 		DEBUG(1,("ads_verify_ticket: unable to protect replay cache with mutex.\n"));
 		ret = KRB5_CC_IO;
 		goto out;

=== modified file 'source/nsswitch/winbindd_cm.c'
--- a/source/nsswitch/winbindd_cm.c	2007-09-21 06:04:56 +0000
+++ b/source/nsswitch/winbindd_cm.c	2007-10-22 07:14:16 +0000
@@ -636,7 +636,7 @@
 
 	*retry = True;
 
-	if (!(mutex = secrets_named_mutex(NULL, controller))){
+	if (!(mutex = secrets_named_local_mutex(NULL, controller))){
 		DEBUG(0,("cm_prepare_connection: mutex grab failed for %s\n",
 			 controller));
 		result = NT_STATUS_POSSIBLE_DEADLOCK;

=== modified file 'source/passdb/secrets.c'
--- a/source/passdb/secrets.c	2007-09-24 00:02:07 +0000
+++ b/source/passdb/secrets.c	2007-10-22 07:14:16 +0000
@@ -983,6 +983,27 @@
 }
 
 /*******************************************************************************
+ Lock the secrets tdb based on a string - this is used as a primitive form of mutex
+ between smbd instances. This varient makes the lock local to this node if we
+ are clustered
+*******************************************************************************/
+
+void *secrets_named_local_mutex(TALLOC_CTX *mem_ctx, const char *name)
+{
+	char *name2;
+	void *mutex;
+
+	name2 = talloc_asprintf(mem_ctx, "LOCAL[%u]: %s", get_my_vnn(), name);
+	if (name2 == NULL) {
+		return NULL;
+	}
+
+	mutex = secrets_named_mutex(mem_ctx, name2);
+	talloc_free(name2);
+	return mutex;
+}
+
+/*******************************************************************************
  Store a complete AFS keyfile into secrets.tdb.
 *******************************************************************************/