[SCM] Samba Shared Repository - branch v4-9-test updated

Karolin Seeger kseeger at samba.org
Mon Mar 4 15:03:02 UTC 2019


The branch, v4-9-test has been updated
       via  47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
       via  ba75d5f4839 vfs_ceph: fix strict_allocate_ftruncate()
       via  15ef70cb53a vfs_ceph: add missing fallocate hook
       via  13bf811858f s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.
       via  ffb706ddbce s3: torture: Add additional POSIX mkdir tests.
       via  4b58042f3fa smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.
       via  fe4254ef4e1 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.
       via  f59064f8a96 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.
       via  53dfd92b82e winbindd: set idmap cache entries as the last step in async wb_xids2sids
       via  9c36a6dd16a winbindd: track whether a result from xid2sid was coming from the cache
       via  b6587172d0c winbindd: switch send-next/done order
       via  06862c77d5c winbindd: update xid in wb_xids2sids_state->xids with what we got
       via  4cf7bddc645 winbindd: convert id to a pointer in wb_xids2sids_dom_done()
       via  577ac999fbd winbindd: make xids a const argument to wb_xids2sids_send()
       via  915aff6fe7c winbindd: make a copy of xid's in wb_xids2sids_send()
       via  eb16d3b7bc1 ctdb-cluster-mutex: Separate out command and file handling
       via  65c3c5801ff ctdb-recoverd: Time out attempt to take recovery lock after 120s
       via  4c059e03ef7 ctdb-recoverd: Ban node on unknown error when taking recovery lock
       via  fd9a02c0bb2 ctdb-recoverd: Make recoverd context available in recovery lock handle
       via  f63f2a0ee39 ctdb-recoverd: Clean up logging on failure to take recovery lock
       via  fb8c3bd8995 ctdb-recoverd: Free cluster mutex handler on failure to take lock
       via  592f02112bb ctdb-config: Change example recovery lock setting to one that fails
       via  ad3751b5a51 messages_dgm: Properly handle receiver re-initialization
       via  9dd1b416654 torture3: Extend read3 for the "messaging target re-inits" failure
       via  6bea9304998 messages_dgm: Use saved errno value
       via  6a38b9917b2 man pages: document prefork process model
       via  ab66f70056c notifyd: Fix SIGBUS on sparc
      from  2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test


- Log -----------------------------------------------------------------
commit 47fb4ba84f307f1a89a0821276be26caab1826d9
Author: David Disseldorp <ddiss at samba.org>
Date:   Wed Feb 27 11:52:42 2019 +0100

    vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback
    
    Both libcephfs functions are supported and capable of extending files,
    so fallback can be dropped.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9)
    
    Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-9-test): Mon Mar  4 15:02:26 UTC 2019 on sn-devel-144

commit ba75d5f483911b0f44828a0e9cfc35cfd7dfe4c6
Author: David Disseldorp <ddiss at samba.org>
Date:   Tue Feb 26 16:07:27 2019 +0100

    vfs_ceph: fix strict_allocate_ftruncate()
    
    The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt
    *local* filesystem ftruncate(). Fix this.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 70329c36ed91dd0e50ff66f9b0a85c62ac8a621e)

commit 15ef70cb53a038847f424a7881bcbc09f8e0a80f
Author: David Disseldorp <ddiss at samba.org>
Date:   Tue Feb 26 21:26:27 2019 +0100

    vfs_ceph: add missing fallocate hook
    
    SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through
    to vfs_default, which results in a local filesystem I/O attempt using a
    libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807
    
    Signed-off-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 5a7e7280813559fb70a9fc8e4238cb6015ee3b53)

commit 13bf811858fe41f30960871b0618b3c53cacf1dc
Author: Jeremy Allison <jra at samba.org>
Date:   Sun Feb 24 08:15:23 2019 -0800

    s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.
    
    Previous regression test ensures we still return the correct
    error code for POSIX pathname operations.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144
    
    (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205)

commit ffb706ddbce86175b69bc5425cf9a4b86737f5ec
Author: Jeremy Allison <jra at samba.org>
Date:   Sun Feb 24 08:03:32 2019 -0800

    s3: torture: Add additional POSIX mkdir tests.
    
    Ensure that if POSIX_foo exists as a file
    we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND
    if we try and traverse it as a directory.
    
    Also ensure creation/deletion of POSIX_foo/foo fails
    for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND
    if the directory POSIX_foo/ doesn't exist.
    
    knownfail is back :-).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 632d0db8c42d50f5eecd002d9573f739cd945960)

commit 4b58042f3fa2dbb4ac65efb565431b9ace862b4a
Author: Jeremy Allison <jra at samba.org>
Date:   Sat Feb 23 12:24:31 2019 -0800

    smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.
    
    For posix_pathnames don't blunder into the name_has_wildcard OR
    get_real_filename() codepaths as they may be doing case insensitive lookups.
    So when creating a new POSIX directory 'Foo' they might
    match on name 'foo'.
    
    Remove POSIX-MKDIR from knownfail.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144
    
    (cherry picked from commit 12da33e2bbce657f25abe9bc4cb936ca4615b30f)

commit fe4254ef4e130fb74917713a4eda14619630807f
Author: Jeremy Allison <jra at samba.org>
Date:   Sat Feb 23 12:26:01 2019 -0800

    smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 980db8debde68f9edce13fc01bc45a904379cffd)

commit f59064f8a9611739a232bd30610e53bf5f86feb9
Author: Jeremy Allison <jra at samba.org>
Date:   Sat Feb 23 17:52:34 2019 -0800

    s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.
    
    Test does:
    
    mkdir POSIX_foo
    mkdir POSIX_Foo
    mkdir POSIX_foo/Foo
    mkdir POSIX_foo/foo
    mkdir POSIX_Foo/Foo
    mkdir POSIX_Foo/foo
    
    Which should pass a SMB1 POSIX extensions server
    as posix mkdir should always be case sensitive
    no matter what the share is set to.
    
    Mark as knownfail for now.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit f0decb31fff24ceb57d23bebbfb87aa0e5103947)

commit 53dfd92b82e7d950a4fb8b2fc034bc28a5b107d9
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 21 16:55:09 2019 +0100

    winbindd: set idmap cache entries as the last step in async wb_xids2sids
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144
    
    (cherry picked from commit 9b9565c3e69b92c298c7168e516387bb249c9e36)

commit 9c36a6dd16a7e72ca3bfde4fa231549209c7d040
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Feb 22 11:00:00 2019 +0100

    winbindd: track whether a result from xid2sid was coming from the cache
    
    This is needed in preparation of moving the step to update the idmap
    cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the
    top-level callback wb_xids2sids_done().
    
    Currently the sequence of action is:
    
    * check cache, if not found:
      * ask backends
      * cache result from backend
    * return results
    
    Iow, if we got something from the cache, we don't write the cache.
    
    The next commit defers updating the cache to the top-level callback, so
    the sequence becomes
    
    * check cache, if not found:
      * ask backends
    * cache results
    * return results
    
    This has two problems:
    
    * it needlessly writes to the cache what we just got from it
    
    * it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in
      the following case:
    
      - existing ID_TYPE_BOTH mapping in the cache, eg:
    
        IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B
    
      - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID
    
      - cache lookup with idmap_cache_find_gid2sid() succeeds
    
      - when caching results we'd call idmap_cache_set_sid2unixid() with the
        callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will
        overwrite the SID-to-xid mapping with ID_TYPE_GID
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 62f54229fced20102e11ad1da02faef45c2a7c2e)

commit b6587172d0c5b5f9c7c0693a31382cf83a09bbcd
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 21 16:52:21 2019 +0100

    winbindd: switch send-next/done order
    
    In preparation of adding more logic to the done step. No change in
    behaviour.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 8e9c2a1f6ceb06d695a6572701b96a3e3821ac42)

commit 06862c77d5c76f01af90d184a1a93cc499eece9c
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 21 18:40:20 2019 +0100

    winbindd: update xid in wb_xids2sids_state->xids with what we got
    
    In preparation of priming the idmap cache in the top-level
    wb_xids2sids_done(), not in the per-idmap-domain callback
    wb_xids2sids_dom_done().
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 7f23ef7b2cf7bd6e8dc087aa15137292b421a689)

commit 4cf7bddc64540d59bcaf7ce8b574a8e6d03f96b0
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 21 18:39:46 2019 +0100

    winbindd: convert id to a pointer in wb_xids2sids_dom_done()
    
    No change in behaviour.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit f8bf4fc608639695651f75c52b31f95e796a5a26)

commit 577ac999fbd2740f4ee2173517a2df19e15f27c1
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Feb 22 16:29:07 2019 +0100

    winbindd: make xids a const argument to wb_xids2sids_send()
    
    The previous commit made an internal copy of xids, this commit makes it
    more obvious that we must not mess with the xids argument but treat it as
    an in-parameter and don't write to it.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 5d277ea7ea258676b9ea5081a451a5874af115f6)

commit 915aff6fe7cf00f58b8a5a192a30c50ed9429167
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Feb 21 18:34:51 2019 +0100

    winbindd: make a copy of xid's in wb_xids2sids_send()
    
    This is in preparation of setting the result of the mapping in the top-
    level callback wb_xids2sids_done(), not in the per-idmap-domain callback
    wb_xids2sids_dom_done().
    
    When caching the mapping we need the id-type from the backend, so we
    need a way to pass up that information from wb_xids2sids_dom_done() up
    to wb_xids2sids_done()
    
    The xids array copy gets passed from wb_xids2sids_send() to
    wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly
    update the top-level copy.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit f5a8bc2f945be45cdade5f70d4f975bae8337f67)

commit eb16d3b7bc112b0faece3a304d339b3effd0713a
Author: Martin Schwenke <martin at meltin.net>
Date:   Mon Jan 21 12:16:43 2019 +1100

    ctdb-cluster-mutex: Separate out command and file handling
    
    This code is difficult to read and there really is no common code
    between the 2 cases.  For example, there is no need to split a
    filename into words.  Separating each of the 2 cases into its own
    function makes the logic much easier to understand.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    
    Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
    Autobuild-Date(master): Mon Feb 25 03:40:16 CET 2019 on sn-devel-144
    
    (cherry picked from commit c93430fe8fe530a55b9a04cf6cc660c3d420e333)
    (cherry picked from commit d5131afc533102ed5adfb147bf1a316e51810729)

commit 65c3c5801ff47ce48a7061f47c00bcd61c7c3c1e
Author: Martin Schwenke <martin at meltin.net>
Date:   Fri Feb 22 15:09:33 2019 +1100

    ctdb-recoverd: Time out attempt to take recovery lock after 120s
    
    Currently this will wait forever.  It really needs a timeout in case
    the cluster filesystem (or other lock mechanism) is completely wedged.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 13a1a4808935290dceb219daccd7aac3fda4e184)

commit 4c059e03ef75085c47c8ec15025655b0efdf8460
Author: Martin Schwenke <martin at meltin.net>
Date:   Thu Jan 10 14:01:57 2019 +1100

    ctdb-recoverd: Ban node on unknown error when taking recovery lock
    
    We really shouldn't see unknown errors.  They probably represent a
    misconfigured recovery lock or similar.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 45a77d65b2e39b4af94da4ab99575f4ee08a7ebd)

commit fd9a02c0bb29778c3b049de4437bec2ce50542ea
Author: Martin Schwenke <martin at meltin.net>
Date:   Thu Jan 10 13:24:34 2019 +1100

    ctdb-recoverd: Make recoverd context available in recovery lock handle
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit c0fb62ed3954fc6e8667480aba92003fc270f257)

commit f63f2a0ee39ae7ea849580a7ad455cbcd70a43db
Author: Martin Schwenke <martin at meltin.net>
Date:   Mon Jan 21 16:36:13 2019 +1100

    ctdb-recoverd: Clean up logging on failure to take recovery lock
    
    Add an explicit case for a timeout and clean up the other messages.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 7e4aae6943291c3144c8a3ff97537e8d4c7dc7c9)

commit fb8c3bd89959d677f481dc2684f32ec33d66d9d5
Author: Martin Schwenke <martin at meltin.net>
Date:   Mon Jan 21 16:28:28 2019 +1100

    ctdb-recoverd: Free cluster mutex handler on failure to take lock
    
    If nested events occur while the file descriptor handler is still
    active then chaos can ensue.  For example, if a node is banned and the
    lock is explicitly cancelled (e.g. due to election loss) then
    double-talloc-free()s abound.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 621658cbed5d91d7096fc208bac2ff93a1880e7d)

commit 592f02112bbb7f2a9f5fa197db85482fe9367e36
Author: Martin Schwenke <martin at meltin.net>
Date:   Thu Jan 10 14:15:18 2019 +1100

    ctdb-config: Change example recovery lock setting to one that fails
    
    ctdbd will start without a recovery lock configured.  It will log a
    message saying that this is not optimal.  However, a careless user may
    overlook both this message and the importance of setting a recovery
    lock.  If the existing example configuration is uncommented then the
    directory containing it will be created (by 01.reclock.script) and the
    failure (i.e. multiple nodes able to take the lock) will be confusing.
    
    Instead, change the example setting to one that will result in banned
    nodes, encouraging users to consciously configure (or deconfigure) the
    recovery lock.  Tweak the corresponding comment.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13790
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 82e7f38214896c2c200132bc6dde3348cfac16cc)

commit ad3751b5a51097a6f7d695660f9ea11278bbf182
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Feb 7 16:15:46 2019 +0100

    messages_dgm: Properly handle receiver re-initialization
    
    This only properly covers the small-message nonblocking case. Covering
    the large-message and the blocking case is a much larger effort assuming
    we want to re-send the failed message if parts of the message has gone
    through properly. Don't do that for now.
    
    This was found by sanba_dnsupdate constantly recreating its irpc handle to
    winbindd in the RODC case.
    
    The messaging_dgm code cached connected datagram sockets based on the
    destination pid for 1 second. Which means the IRPC responses from
    winbindd are never delivered to samba_dnsupdate,
    which will then hit a timeout.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 2543bba0364d8054e9ad316f5611621841bc061d)

commit 9dd1b416654beb2c3771e6924c08c45518a7b3aa
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Feb 7 17:48:34 2019 +0100

    torture3: Extend read3 for the "messaging target re-inits" failure
    
    Do ping_pong a hundred times, re-initializing the msg_ctx every time.
    
    https://bugzilla.samba.org/show_bug.cgi?id=13786
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 8d8f62c4b9dea381ce9f5833bc794553ae358173)

commit 6bea930499819988be5a0ba901c05b124091b54f
Author: Volker Lendecke <vl at samba.org>
Date:   Thu Feb 7 15:57:06 2019 +0100

    messages_dgm: Use saved errno value
    
    In this case this is just a cleanup, the value has just been set by
    messaging_dgm_sendmsg. But as that already saves errno into a local
    variable, use that.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit c27afc098398274abaed6dc9bef2019091c1b635)

commit 6a38b9917b2c25bb557687df2c24618273b6f7f5
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Thu Feb 7 13:50:40 2019 +1300

    man pages: document prefork process model
    
    Document the process model options -M
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13765
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    Autobuild-User(master): Tim Beale <timbeale at samba.org>
    Autobuild-Date(master): Thu Jan 31 04:25:14 CET 2019 on sn-devel-144
    
    (manual merge of commit 4ecdcc4b462d03bec3ec36ba1b90f45d9977be8b,
     with description updated for v4.9 behaviour)

commit ab66f70056c3b038c8e24426a99c6ce27bd42722
Author: Jiří Šašek <jiri.sasek at oracle.com>
Date:   Thu Dec 6 14:10:53 2018 +0100

    notifyd: Fix SIGBUS on sparc
    
    Problem is the structure "struct notify_instance" can lay in message buffer on
    address not dividable by 8 but this structure begins by uint_64 (secs in
    time-stamp). Structure should be re-packed to standalone buffer before the use.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704
    Signed-off-by: jiri.sasek at oracle.com
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/config/ctdb.conf                        |  13 +-
 ctdb/server/ctdb_cluster_mutex.c             | 113 +++++++++------
 ctdb/server/ctdb_recoverd.c                  |  36 ++++-
 docs-xml/manpages/samba.8.xml                |  35 ++++-
 docs-xml/smbdotconf/base/preforkchildren.xml |   4 +-
 selftest/skip                                |   1 +
 source3/lib/messages_dgm.c                   |  18 ++-
 source3/modules/vfs_ceph.c                   | 112 ++++-----------
 source3/selftest/tests.py                    |   2 +-
 source3/smbd/filename.c                      |  43 ++++++
 source3/smbd/notifyd/notifyd.c               |  11 +-
 source3/smbd/trans2.c                        |   1 +
 source3/torture/test_messaging_read.c        |  44 +++---
 source3/torture/torture.c                    | 202 +++++++++++++++++++++++++++
 source3/winbindd/wb_xids2sids.c              |  74 +++++++---
 source3/winbindd/winbindd_proto.h            |   2 +-
 16 files changed, 519 insertions(+), 192 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/config/ctdb.conf b/ctdb/config/ctdb.conf
index a9e6f693405..5440600a435 100644
--- a/ctdb/config/ctdb.conf
+++ b/ctdb/config/ctdb.conf
@@ -11,7 +11,12 @@
 	# log level = NOTICE
 
 [cluster]
-	# Shared recovery lock file to avoid split brain.  No default.
-	# Do NOT run CTDB without a recovery lock file unless you know exactly
-	# what you are doing.
-	# recovery lock = /shared/recovery.lock
+	# Shared recovery lock file to avoid split brain.  Daemon
+	# default is no recovery lock.  Do NOT run CTDB without a
+	# recovery lock file unless you know exactly what you are
+	# doing.
+	#
+	# Please see the RECOVERY LOCK section in ctdb(7) for more
+	# details.
+	#
+	# recovery lock = !/bin/false RECOVERY LOCK NOT CONFIGURED
diff --git a/ctdb/server/ctdb_cluster_mutex.c b/ctdb/server/ctdb_cluster_mutex.c
index 330d5fd1d90..2e3cb8112ad 100644
--- a/ctdb/server/ctdb_cluster_mutex.c
+++ b/ctdb/server/ctdb_cluster_mutex.c
@@ -118,72 +118,101 @@ static void cluster_mutex_handler(struct tevent_context *ev,
 
 static char cluster_mutex_helper[PATH_MAX+1] = "";
 
-static bool cluster_mutex_helper_args(TALLOC_CTX *mem_ctx,
-				      const char *argstring, char ***argv)
+static bool cluster_mutex_helper_args_file(TALLOC_CTX *mem_ctx,
+					   const char *argstring,
+					   char ***argv)
 {
-	int nargs, i, ret, n;
-	bool is_command = false;
+	bool ok;
 	char **args = NULL;
-	char *strv = NULL;
-	char *t = NULL;
 
-	if (argstring != NULL && argstring[0] == '!') {
-		/* This is actually a full command */
-		is_command = true;
-		t = discard_const(&argstring[1]);
-	} else {
-		is_command = false;
-		t = discard_const(argstring);
+	ok = ctdb_set_helper("cluster mutex helper",
+			     cluster_mutex_helper,
+			     sizeof(cluster_mutex_helper),
+			     "CTDB_CLUSTER_MUTEX_HELPER",
+			     CTDB_HELPER_BINDIR,
+			     "ctdb_mutex_fcntl_helper");
+	if (! ok) {
+		DBG_ERR("ctdb exiting with error: "
+			"Unable to set cluster mutex helper\n");
+		exit(1);
 	}
 
-	ret = strv_split(mem_ctx, &strv, t, " \t");
-	if (ret != 0) {
-		DEBUG(DEBUG_ERR,
-		      ("Unable to parse mutex helper string \"%s\" (%s)\n",
-		       argstring, strerror(ret)));
+
+	/* Array includes default helper, file and NULL */
+	args = talloc_array(mem_ctx, char *, 3);
+	if (args == NULL) {
+		DBG_ERR("Memory allocation error\n");
 		return false;
 	}
-	n = strv_count(strv);
 
-	args = talloc_array(mem_ctx, char *, n + (is_command ? 1 : 2));
+	args[0] = cluster_mutex_helper;
 
-	if (args == NULL) {
-		DEBUG(DEBUG_ERR,(__location__ " out of memory\n"));
+	args[1] = talloc_strdup(args, argstring);
+	if (args[1] == NULL) {
+		DBG_ERR("Memory allocation error\n");
 		return false;
 	}
 
-	nargs = 0;
-
-	if (! is_command) {
-		if (!ctdb_set_helper("cluster mutex helper",
-				     cluster_mutex_helper,
-				     sizeof(cluster_mutex_helper),
-				     "CTDB_CLUSTER_MUTEX_HELPER",
-				     CTDB_HELPER_BINDIR,
-				     "ctdb_mutex_fcntl_helper")) {
-			DEBUG(DEBUG_ERR,("ctdb exiting with error: %s\n",
-					 __location__
-					 " Unable to set cluster mutex helper\n"));
-			exit(1);
-		}
+	args[2] = NULL;
+
+	*argv = args;
+	return true;
+}
 
-		args[nargs++] = cluster_mutex_helper;
+static bool cluster_mutex_helper_args_cmd(TALLOC_CTX *mem_ctx,
+					  const char *argstring,
+					  char ***argv)
+{
+	int i, ret, n;
+	char **args = NULL;
+	char *strv = NULL;
+	char *t = NULL;
+
+	ret = strv_split(mem_ctx, &strv, argstring, " \t");
+	if (ret != 0) {
+		D_ERR("Unable to parse mutex helper command \"%s\" (%s)\n",
+		      argstring,
+		      strerror(ret));
+		return false;
 	}
+	n = strv_count(strv);
+
+	/* Extra slot for NULL */
+	args = talloc_array(mem_ctx, char *, n + 1);
+	if (args == NULL) {
+		DBG_ERR("Memory allocation error\n");
+		return false;
+	}
+
+	talloc_steal(args, strv);
 
 	t = NULL;
-	for (i = 0; i < n; i++) {
-		/* Don't copy, just keep cmd_args around */
+	for (i = 0 ; i < n; i++) {
 		t = strv_next(strv, t);
-		args[nargs++] = t;
+		args[i] = t;
 	}
 
-	/* Make sure last argument is NULL */
-	args[nargs] = NULL;
+	args[n] = NULL;
 
 	*argv = args;
 	return true;
 }
 
+static bool cluster_mutex_helper_args(TALLOC_CTX *mem_ctx,
+				      const char *argstring,
+				      char ***argv)
+{
+	bool ok;
+
+	if (argstring != NULL && argstring[0] == '!') {
+		ok = cluster_mutex_helper_args_cmd(mem_ctx, &argstring[1], argv);
+	} else {
+		ok = cluster_mutex_helper_args_file(mem_ctx, argstring, argv);
+	}
+
+	return ok;
+}
+
 struct ctdb_cluster_mutex_handle *
 ctdb_cluster_mutex(TALLOC_CTX *mem_ctx,
 		   struct ctdb_context *ctdb,
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 673c99c3d34..469fd21b463 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -888,6 +888,7 @@ struct ctdb_recovery_lock_handle {
 	bool locked;
 	double latency;
 	struct ctdb_cluster_mutex_handle *h;
+	struct ctdb_recoverd *rec;
 };
 
 static void take_reclock_handler(char status,
@@ -897,22 +898,45 @@ static void take_reclock_handler(char status,
 	struct ctdb_recovery_lock_handle *s =
 		(struct ctdb_recovery_lock_handle *) private_data;
 
+	s->locked = (status == '0') ;
+
+	/*
+	 * If unsuccessful then ensure the process has exited and that
+	 * the file descriptor event handler has been cancelled
+	 */
+	if (! s->locked) {
+		TALLOC_FREE(s->h);
+	}
+
 	switch (status) {
 	case '0':
 		s->latency = latency;
 		break;
 
 	case '1':
-		DEBUG(DEBUG_ERR,
-		      ("Unable to take recovery lock - contention\n"));
+		D_ERR("Unable to take recovery lock - contention\n");
+		break;
+
+	case '2':
+		D_ERR("Unable to take recovery lock - timeout\n");
 		break;
 
 	default:
-		DEBUG(DEBUG_ERR, ("ERROR: when taking recovery lock\n"));
+		D_ERR("Unable to take recover lock - unknown error\n");
+
+		{
+			struct ctdb_recoverd *rec = s->rec;
+			struct ctdb_context *ctdb = rec->ctdb;
+			uint32_t pnn = ctdb_get_pnn(ctdb);
+
+			D_ERR("Banning this node\n");
+			ctdb_ban_node(rec,
+				      pnn,
+				      ctdb->tunable.recovery_ban_period);
+		}
 	}
 
 	s->done = true;
-	s->locked = (status == '0') ;
 }
 
 static bool ctdb_recovery_lock(struct ctdb_recoverd *rec);
@@ -943,10 +967,12 @@ static bool ctdb_recovery_lock(struct ctdb_recoverd *rec)
 		return false;
 	};
 
+	s->rec = rec;
+
 	h = ctdb_cluster_mutex(s,
 			       ctdb,
 			       ctdb->recovery_lock,
-			       0,
+			       120,
 			       take_reclock_handler,
 			       s,
 			       lost_reclock_handler,
diff --git a/docs-xml/manpages/samba.8.xml b/docs-xml/manpages/samba.8.xml
index 529b687be49..0d5affddd24 100644
--- a/docs-xml/manpages/samba.8.xml
+++ b/docs-xml/manpages/samba.8.xml
@@ -101,14 +101,39 @@
 		</varlistentry>
 
 		<varlistentry>
-		<term>-M model</term>
+		<term>-M|--model</term>
 		<listitem><para>This parameter can be used to specify the
 		"process model" samba should use. This determines
 		how concurrent clients are handled. Available process
-		models include <emphasis>single</emphasis> (everything in
-		a single process), <emphasis>standard</emphasis> (similar
-		behaviour to that of Samba 3), <emphasis>thread</emphasis>
-		(single process, different threads.
+		models include:
+		<itemizedlist>
+			<listitem><para><emphasis>single</emphasis></para>
+			<para>All Samba services run in a single process. This is
+			not recommended for production configurations.
+			</para></listitem>
+
+			<listitem><para><emphasis>standard</emphasis></para>
+			<para>A process is created for each Samba service,
+			and for those services that support it (currently only
+			LDAP and NETLOGON) a new processes is started
+			for each new client connection.</para></listitem>
+
+			<listitem><para><emphasis>prefork</emphasis></para>
+			<para>A process is started for each Samba service, and a
+			fixed number of worker processes are started for those
+			services that support it (currently only LDAP).
+			The client connections are then shared amongst the worker
+			processes.
+			Requests for services not supporting prefork are handled
+			by a single process for that service.</para>
+			<para>The number of prefork worker processes started is
+			controlled by the
+			<citerefentry><refentrytitle>smb.conf</refentrytitle>
+			<manvolnum>5</manvolnum></citerefentry> parameter
+		        <smbconfoption name="prefork children"/>,
+			which defaults to 1.
+			</para></listitem>
+		</itemizedlist>
 		</para></listitem>
 		</varlistentry>
 
diff --git a/docs-xml/smbdotconf/base/preforkchildren.xml b/docs-xml/smbdotconf/base/preforkchildren.xml
index 720e43909cb..f2f55a597a4 100644
--- a/docs-xml/smbdotconf/base/preforkchildren.xml
+++ b/docs-xml/smbdotconf/base/preforkchildren.xml
@@ -4,7 +4,9 @@
                  xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
 <description>
 	<para>This option controls the number of worker processes that are
-		started for each service when prefork process model is enabled.
+		started for each service when prefork process model is enabled
+		(see <citerefentry><refentrytitle>samba</refentrytitle>
+			<manvolnum>8</manvolnum></citerefentry> -M).
 		The prefork children are only started for those services that
 		support prefork (currently only ldap). For processes that don't
 		support preforking all requests are handled by a single process
diff --git a/selftest/skip b/selftest/skip
index dd60ab5a1fb..4d6648f3369 100644
--- a/selftest/skip
+++ b/selftest/skip
@@ -48,6 +48,7 @@
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-SYMLINK-EA # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-OFD-LOCK # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-STREAM-DELETE # Fails against the s4 ntvfs server
+^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).POSIX-MKDIR # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).WINDOWS-BAD-SYMLINK # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).RENAME-ACCESS # Fails against the s4 ntvfs server
 ^samba3.smbtorture_s3.plain\(ad_dc_ntvfs\).OWNER-RIGHTS # Don't test against the s4 ntvfs server anymore
diff --git a/source3/lib/messages_dgm.c b/source3/lib/messages_dgm.c
index 0ad8f46e09f..90d253d8e26 100644
--- a/source3/lib/messages_dgm.c
+++ b/source3/lib/messages_dgm.c
@@ -553,7 +553,7 @@ static void messaging_dgm_out_threaded_job(void *private_data)
 		if (state->sent != -1) {
 			return;
 		}
-		if (errno != ENOBUFS) {
+		if (state->err != ENOBUFS) {
 			return;
 		}
 
@@ -1421,6 +1421,7 @@ int messaging_dgm_send(pid_t pid,
 	struct messaging_dgm_context *ctx = global_dgm_context;
 	struct messaging_dgm_out *out;
 	int ret;
+	unsigned retries = 0;
 
 	if (ctx == NULL) {
 		return ENOTCONN;
@@ -1428,6 +1429,7 @@ int messaging_dgm_send(pid_t pid,
 
 	messaging_dgm_validate(ctx);
 
+again:
 	ret = messaging_dgm_out_get(ctx, pid, &out);
 	if (ret != 0) {
 		return ret;
@@ -1437,6 +1439,20 @@ int messaging_dgm_send(pid_t pid,
 
 	ret = messaging_dgm_out_send_fragmented(ctx->ev, out, iov, iovlen,
 						fds, num_fds);
+	if (ret == ECONNREFUSED) {
+		/*
+		 * We cache outgoing sockets. If the receiver has
+		 * closed and re-opened the socket since our last
+		 * message, we get connection refused. Retry.
+		 */
+
+		TALLOC_FREE(out);
+
+		if (retries < 5) {
+			retries += 1;
+			goto again;
+		}
+	}
 	return ret;
 }
 
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 47371bc9e08..a3fd6095ef5 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -1032,9 +1032,7 @@ static struct smb_filename *cephwrap_getwd(struct vfs_handle_struct *handle,
 static int strict_allocate_ftruncate(struct vfs_handle_struct *handle, files_struct *fsp, off_t len)
 {
 	off_t space_to_write;
-	uint64_t space_avail;
-	uint64_t bsize,dfree,dsize;
-	int ret;
+	int result;
 	NTSTATUS status;
 	SMB_STRUCT_STAT *pst;
 
@@ -1053,106 +1051,45 @@ static int strict_allocate_ftruncate(struct vfs_handle_struct *handle, files_str
 		return 0;
 
 	/* Shrink - just ftruncate. */
-	if (pst->st_ex_size > len)
-		return ftruncate(fsp->fh->fd, len);
-
-	space_to_write = len - pst->st_ex_size;
-
-	/* for allocation try fallocate first. This can fail on some
-	   platforms e.g. when the filesystem doesn't support it and no
-	   emulation is being done by the libc (like on AIX with JFS1). In that
-	   case we do our own emulation. fallocate implementations can
-	   return ENOTSUP or EINVAL in cases like that. */
-	ret = SMB_VFS_FALLOCATE(fsp, 0, pst->st_ex_size, space_to_write);
-	if (ret == -1 && errno == ENOSPC) {
-		return -1;
-	}
-	if (ret == 0) {
-		return 0;
-	}
-	DEBUG(10,("[CEPH] strict_allocate_ftruncate: SMB_VFS_FALLOCATE failed with "
-		"error %d. Falling back to slow manual allocation\n", errno));
-
-	/* available disk space is enough or not? */
-	space_avail =
-	    get_dfree_info(fsp->conn, fsp->fsp_name, &bsize, &dfree, &dsize);
-	/* space_avail is 1k blocks */
-	if (space_avail == (uint64_t)-1 ||
-			((uint64_t)space_to_write/1024 > space_avail) ) {
-		errno = ENOSPC;
-		return -1;
+	if (pst->st_ex_size > len) {
+		result = ceph_ftruncate(handle->data, fsp->fh->fd, len);
+		WRAP_RETURN(result);
 	}
 
-	/* Write out the real space on disk. */
-	return vfs_slow_fallocate(fsp, pst->st_ex_size, space_to_write);
+	space_to_write = len - pst->st_ex_size;
+	result = ceph_fallocate(handle->data, fsp->fh->fd, 0, pst->st_ex_size,
+				space_to_write);
+	WRAP_RETURN(result);
 }
 
 static int cephwrap_ftruncate(struct vfs_handle_struct *handle, files_struct *fsp, off_t len)
 {
 	int result = -1;
-	SMB_STRUCT_STAT st;
-	char c = 0;
-	off_t currpos;
 
 	DBG_DEBUG("[CEPH] ftruncate(%p, %p, %llu\n", handle, fsp, llu(len));
 
 	if (lp_strict_allocate(SNUM(fsp->conn))) {
-		result = strict_allocate_ftruncate(handle, fsp, len);
-		return result;
+		return strict_allocate_ftruncate(handle, fsp, len);
 	}
 
-	/* we used to just check HAVE_FTRUNCATE_EXTEND and only use
-	   sys_ftruncate if the system supports it. Then I discovered that
-	   you can have some filesystems that support ftruncate
-	   expansion and some that don't! On Linux fat can't do
-	   ftruncate extend but ext2 can. */
-
 	result = ceph_ftruncate(handle->data, fsp->fh->fd, len);
-	if (result == 0)
-		goto done;
-
-	/* According to W. R. Stevens advanced UNIX prog. Pure 4.3 BSD cannot
-	   extend a file with ftruncate. Provide alternate implementation
-	   for this */
-	currpos = SMB_VFS_LSEEK(fsp, 0, SEEK_CUR);
-	if (currpos == -1) {
-		goto done;
-	}
-
-	/* Do an fstat to see if the file is longer than the requested
-	   size in which case the ftruncate above should have
-	   succeeded or shorter, in which case seek to len - 1 and
-	   write 1 byte of zero */
-	if (SMB_VFS_FSTAT(fsp, &st) == -1) {
-		goto done;
-	}
-
-#ifdef S_ISFIFO
-	if (S_ISFIFO(st.st_ex_mode)) {
-		result = 0;
-		goto done;
-	}
-#endif
-
-	if (st.st_ex_size == len) {
-		result = 0;
-		goto done;
-	}
-
-	if (st.st_ex_size > len) {
-		/* the sys_ftruncate should have worked */
-		goto done;
-	}
-
-	if (SMB_VFS_PWRITE(fsp, &c, 1, len-1)!=1) {
-		goto done;
-	}
-
-	result = 0;
+	WRAP_RETURN(result);
+}
 
-  done:
+static int cephwrap_fallocate(struct vfs_handle_struct *handle,
+			      struct files_struct *fsp,


-- 
Samba Shared Repository



More information about the samba-cvs mailing list