[SCM] Samba Shared Repository - branch v4-11-stable updated
Karolin Seeger
kseeger at samba.org
Tue Sep 3 11:18:25 UTC 2019
The branch, v4-11-stable has been updated
via c1d9e02d06a VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc3 release.
via f04985fe9b5 WHATSNEW: Add release notes for Samba 4.11.0rc3.
via efd6d670997 CVE-2019-10197: smbd: split change_to_user_impersonate() out of change_to_user_internal()
via a6ff560aa13 CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no permission on share root problem
via 7b39df0f144 CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory
via d690f6f3c4d CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in become_root()
via ae9bdef5c8a CVE-2019-10197: smbd: make sure that change_to_user_internal() always resets current_user.done_chdir
via bcfb7749869 CVE-2019-10197: smbd: separate out impersonation debug info into a new function.
via aa3ad5c451f WHATSNEW: BIND9_FLATFILE / rndc command deprecated
via d61fac0cbe4 docs: Deprecate "rndc command" for Samba 4.11
via a9d0e0b7bae ctdb-daemon: Make node inactive in the NODE_STOP control
via f454db8d960 ctdb-daemon: Drop unused function ctdb_local_node_got_banned()
via a93c591a11a ctdb-daemon: Switch banning code to use ctdb_node_become_inactive()
via 09397389958 ctdb-daemon: Factor out new function ctdb_node_become_inactive()
via 240ad91944d ctdb-tcp: Mark node as disconnected if incoming connection goes away
via adb19f17cd1 ctdb-tcp: Only mark a node connected if both directions are up
via 6668733c306 ctdb-tcp: Create outbound queue when the connection becomes writable
via 1ef2ffbab86 ctdb-tcp: Use TALLOC_FREE()
via bf39d0cff16 ctdb-tcp: Move incoming fd and queue into struct ctdb_tcp_node
via 4cf26ff2ec3 ctdb-tcp: Rename fd -> out_fd
via 0b4a99c22f5 ctdb-daemon: Add function ctdb_ip_to_node()
via 53b0fd2216d vfs:glusterfs_fuse: build only if we have setmntent()
via d8ba147db50 vfs:glusterfs_fuse: ensure fileids are constant across nodes
via c6d784debd8 vfs_glusterfs: Enable profiling for file system operations
via 53f828969d0 vfs_glusterfs: initialize st_ex_file_id, st_ex_itime and st_ex_iflags
via 900cc33accf vfs_default: use correct flag in vfswrap_fs_file_id
via 756bea42e0c ctdb-tools: Drop 'o' option from getopts command
via 80bd467affb ldb: Release ldb 2.0.6
via d819a1c2050 ldb: Free memory when repacking database
via 18fb5fb911d ldb: Log the partition we're repacking
via 1c2f1bd04ab ldb: Log pack format in user-friendly way
via 6de3d8f7ce0 ldb: Change pack format defines to enum
via b99fff86ebb ldb: Move where we update the pack format version
via 70726f2dfba ldb: Always log when the database pack format changes
via b3987205fe2 downgradedatabase: installing script
via 309ec3b63c5 downgradedatabase: Add man-page documentation
via a1b3796b564 downgradedatabase: rename to samba_downgrade_db
via 7a8f68f6150 tests: Avoid hardcoding relative filepath
via be508cda25d downgradedatabase: comply with samba.tests.source
via d18896d1998 vfs_gpfs: Implement special case for denying owner access to ACL
via 39495b14cdd vfs_gpfs: Move mapping from generic NFSv ACL to GPFS ACL to separate function
via 90ddc22ea55 docs: Remove gpfs:merge_writeappend from vfs_gpfs manpage
via 7c90ecdb15c vfs_gpfs: Remove merge_writeappend parameter
via d186689038c nfs4_acls: Use correct owner information for ACL after owner change
via 77052fbc65a nfs4_acls: Add test for merging duplicates when mapping from NFS4 ACL to DACL
via 78d426fb0d4 nfs4_acls: Remove duplicate entries when mapping from NFS4 ACL to DACL
via 7d40b00bac8 nfs4_acls: Rename smbacl4_fill_ace4 function
via 8ac9c1f75f3 nfs4_acls: Add additional owner entry when mapping to NFS4 ACL with IDMAP_TYPE_BOTH
via 01e913caf03 nfs4_acls: Remove redundant pointer variable
via b3aad3426a8 nfs4_acls: Remove redundant logging from smbacl4_fill_ace4
via 693aa2dbfc8 nfs4_acls: Move adding of NFS4 ACE to ACL to smbacl4_fill_ace4
via d806dba002c nfs4_acls: Move smbacl4_MergeIgnoreReject function
via 428579d3fde nfs4_acls: Remove i argument from smbacl4_MergeIgnoreReject
via d5965e3a43f nfs4_acls: Add missing braces in smbacl4_win2nfs4
via 6661fecf267 nfs4_acls: Add helper function for checking INHERIT flags.
via e08f9b24097 nfs4_acls: Use correct type when checking ownerGID
via b1b8e37881f nfs4_acls: Use switch/case for checking idmap type
via 6d88ab39e8e nfs4_acls: Use sids_to_unixids to lookup uid or gid
via 0313f1552f9 test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with IDMAP_TYPE_BOTH
via 7d73c37ae7b test_nfs4_acls: Add test for mapping from NFS4 ACL to DACL with IDMAP_TYPE_BOTH
via 2de4919e8a3 test_nfs4_acls: Add test for mapping from NFS4 to DACL in config mode special
via d3a9648eb63 test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with config special
via 4022997f030 test_nfs4_acls: Add test for matching DACL entries for acedup
via 490d13557a4 test_nfs4_acls: Add test for acedup settings
via 31d60e8cf2c test_nfs4_acls: Add test for 'map full control' option
via 61002278b80 test_nfs4_acls: Add test for mapping from NFS4 to DACL CREATOR entries
via 4e46dbc7749 test_nfs4_acls: Add test for mapping CREATOR entries to NFS4 ACL entries
via aa466a0104d test_nfs4_acls: Add test for mapping from DACL to special NFS4 ACL entries
via dda9e525c55 test_nfs4_acls: Add test for mapping of special NFS4 ACL entries to DACL entries
via 368c370dc2f test_nfs4_acls: Add test for mapping permissions from DACL to NFS4 ACL
via 014ae431e64 test_nfs4_acls: Add test for mapping permissions from NFS4 ACL to DACL
via ec532e3ed55 test_nfs4_acls: Add test for flags mapping from DACL to NFS4 ACL
via c1eb8ec5c33 test_nfs4_acls: Add test for flags mapping from NFS4 ACL to DACL
via 4120b8dcbe8 test_nfs4_acls: Add tests for mapping of ACL types
via 526da3f215a test_nfs4_acls: Add tests for mapping of empty ACLs
via 88b0461ca0d selftest: Start implementing unit test for nfs4_acls
via 9e82d8ae7fa nfs4_acls: Remove fsp from smbacl4_win2nfs4
via 72d79334a53 Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
via ea38596181c VERSION: Bump version up to 4.11.0rc3...
from 521240aa372 VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 62 +-
ctdb/include/ctdb_private.h | 5 +-
ctdb/server/ctdb_banning.c | 26 +-
ctdb/server/ctdb_recover.c | 45 +
ctdb/server/ctdb_server.c | 24 +-
ctdb/tcp/ctdb_tcp.h | 16 +-
ctdb/tcp/tcp_connect.c | 208 ++-
ctdb/tcp/tcp_init.c | 21 +-
ctdb/tcp/tcp_io.c | 17 +-
ctdb/tools/onnode | 2 +-
docs-xml/manpages/samba_downgrade_db.8.xml | 95 +
docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 8 +
docs-xml/manpages/vfs_gpfs.8.xml | 20 -
docs-xml/smbdotconf/domain/rndccommand.xml | 7 +
docs-xml/wscript_build | 1 +
lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.6.sigs} | 0
...yldb-util-1.1.10.sigs => pyldb-util-2.0.6.sigs} | 0
lib/ldb/include/ldb.h | 3 +
lib/ldb/include/ldb_module.h | 13 +-
lib/ldb/ldb_key_value/ldb_kv.c | 2 -
lib/ldb/ldb_key_value/ldb_kv.h | 1 +
lib/ldb/ldb_key_value/ldb_kv_index.c | 25 +-
lib/ldb/wscript | 2 +-
python/samba/tests/blackbox/downgradedatabase.py | 4 +-
python/samba/tests/usage.py | 2 +
selftest/knownfail.d/usage | 1 -
selftest/target/Samba3.pm | 19 +-
source3/modules/nfs4_acls.c | 361 ++--
source3/modules/nfs4_acls.h | 2 +
source3/modules/test_nfs4_acls.c | 1898 ++++++++++++++++++++
source3/modules/vfs_default.c | 2 +-
source3/modules/vfs_glusterfs.c | 341 +++-
source3/modules/vfs_glusterfs_fuse.c | 193 +-
source3/modules/vfs_gpfs.c | 121 +-
source3/modules/wscript_build | 5 +
source3/script/tests/test_smbclient_s3.sh | 30 +
source3/selftest/tests.py | 4 +
source3/smbd/uid.c | 62 +-
source3/wscript | 4 +-
.../{sambadowngradedatabase => samba_downgrade_db} | 26 +-
source4/scripting/bin/wscript_build | 3 +-
source4/scripting/wscript_build | 2 +-
43 files changed, 3256 insertions(+), 429 deletions(-)
create mode 100644 docs-xml/manpages/samba_downgrade_db.8.xml
copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.6.sigs} (100%)
copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.6.sigs} (100%)
create mode 100644 source3/modules/test_nfs4_acls.c
rename source4/scripting/bin/{sambadowngradedatabase => samba_downgrade_db} (77%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 12f04435907..a8742ca9e50 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6a0cc9d72fd..eece43fcd9e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the second release candidate of Samba 4.11. This is *not*
+This is the third release candidate of Samba 4.11. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -68,6 +68,20 @@ in the following years. If you have a strong requirement for SMB1
(except for supporting old Linux Kernels), please file a bug
at https://bugzilla.samba.org and let us know about the details.
+BIND9_FLATFILE deprecated
+-------------------------
+
+The BIND9_FLATFILE DNS backend is deprecated in this release and will
+be removed in the future. This was only practically useful on a single
+domain controller or under expert care and supervision.
+
+This release therefore deprecates the "rndc command" smb.conf
+parameter, which is used to support this configuration. After writing
+out a list of DCs permitted to make changes to the DNS Zone "rndc
+command" is called with reload to tell the 'named' server if a DC was
+added/removed to to the domain.
+
+
NEW FEATURES/CHANGES
====================
@@ -342,6 +356,52 @@ smb.conf changes
web port Removed
fruit:zero_file_id Changed default False
debug encryption New: dump encryption keys False
+ rndc command Deprecated
+
+
+CHANGES SINCE 4.11.0rc2
+=======================
+
+o Michael Adam <obnox at samba.org>
+ * BUG 13972: Different Device Id for GlusterFS FUSE mount is causing data
+ loss in CTDB cluster.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 14059: ldb: Release ldb 2.0.6 (log database repack so users know what
+ is happening).
+ * BUG 14092: docs: Deprecate "rndc command" for Samba 4.11.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 14059: ldb: Free memory when repacking database.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 14089: vfs_default: Use correct flag in vfswrap_fs_file_id.
+ * BUG 14090: vfs_glusterfs: Initialize st_ex_file_id, st_ex_itime and
+ st_ex_iflags.
+
+o Anoop C S <anoopcs at redhat.com>
+ * BUG 14093: vfs_glusterfs: Enable profiling for file system operations.
+
+o Aaron Haslett <aaronhaslett at catalyst.net.nz>
+ * BUG 14059: Backport sambadowngradedatabase for v4.11.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14035: CVE-2019-10197: Permissions check deny can allow user to escape
+ from the share.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 14032: vfs_gpfs: Implement special case for denying owner access to
+ ACL.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 14084: Avoid marking a node as connected before it can receive packets.
+ * BUG 14086: Fix onnode test failure with ShellCheck >= 0.4.7.
+ * BUG 14087: ctdb-daemon: Stop "ctdb stop" from completing before freezing
+ databases.
KNOWN ISSUES
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h
index 2bcc7c94156..1f168dae2b8 100644
--- a/ctdb/include/ctdb_private.h
+++ b/ctdb/include/ctdb_private.h
@@ -481,7 +481,6 @@ int ctdb_ibw_init(struct ctdb_context *ctdb);
/* from ctdb_banning.c */
-void ctdb_local_node_got_banned(struct ctdb_context *ctdb);
int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata);
int32_t ctdb_control_get_ban_state(struct ctdb_context *ctdb, TDB_DATA *outdata);
void ctdb_ban_self(struct ctdb_context *ctdb);
@@ -819,6 +818,8 @@ int32_t ctdb_control_recd_ping(struct ctdb_context *ctdb);
int32_t ctdb_control_set_recmaster(struct ctdb_context *ctdb,
uint32_t opcode, TDB_DATA indata);
+void ctdb_node_become_inactive(struct ctdb_context *ctdb);
+
int32_t ctdb_control_stop_node(struct ctdb_context *ctdb);
int32_t ctdb_control_continue_node(struct ctdb_context *ctdb);
@@ -831,6 +832,8 @@ void ctdb_stop_recoverd(struct ctdb_context *ctdb);
int ctdb_set_transport(struct ctdb_context *ctdb, const char *transport);
+struct ctdb_node *ctdb_ip_to_node(struct ctdb_context *ctdb,
+ const ctdb_sock_addr *nodeip);
uint32_t ctdb_ip_to_pnn(struct ctdb_context *ctdb,
const ctdb_sock_addr *nodeip);
diff --git a/ctdb/server/ctdb_banning.c b/ctdb/server/ctdb_banning.c
index 9cd163645a1..3c711575e8c 100644
--- a/ctdb/server/ctdb_banning.c
+++ b/ctdb/server/ctdb_banning.c
@@ -57,30 +57,6 @@ static void ctdb_ban_node_event(struct tevent_context *ev,
}
}
-void ctdb_local_node_got_banned(struct ctdb_context *ctdb)
-{
- struct ctdb_db_context *ctdb_db;
-
- DEBUG(DEBUG_NOTICE, ("This node has been banned - releasing all public "
- "IPs and setting the generation to INVALID.\n"));
-
- /* Reset the generation id to 1 to make us ignore any
- REQ/REPLY CALL/DMASTER someone sends to us.
- We are now banned so we shouldnt service database calls
- anymore.
- */
- ctdb->vnn_map->generation = INVALID_GENERATION;
- for (ctdb_db = ctdb->db_list; ctdb_db != NULL; ctdb_db = ctdb_db->next) {
- ctdb_db->generation = INVALID_GENERATION;
- }
-
- /* Recovery daemon will set the recovery mode ACTIVE and freeze
- * databases.
- */
-
- ctdb_release_all_ips(ctdb);
-}
-
int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata)
{
struct ctdb_ban_state *bantime = (struct ctdb_ban_state *)indata.dptr;
@@ -129,7 +105,7 @@ int32_t ctdb_control_set_ban_state(struct ctdb_context *ctdb, TDB_DATA indata)
ctdb_ban_node_event, ctdb);
if (!already_banned) {
- ctdb_local_node_got_banned(ctdb);
+ ctdb_node_become_inactive(ctdb);
}
return 0;
}
diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c
index 343728839c1..1654c6d3978 100644
--- a/ctdb/server/ctdb_recover.c
+++ b/ctdb/server/ctdb_recover.c
@@ -1420,12 +1420,57 @@ int32_t ctdb_control_set_recmaster(struct ctdb_context *ctdb, uint32_t opcode, T
return 0;
}
+void ctdb_node_become_inactive(struct ctdb_context *ctdb)
+{
+ struct ctdb_db_context *ctdb_db;
+
+ D_WARNING("Making node INACTIVE\n");
+
+ /*
+ * Do not service database calls - reset generation to invalid
+ * so this node ignores any REQ/REPLY CALL/DMASTER
+ */
+ ctdb->vnn_map->generation = INVALID_GENERATION;
+ for (ctdb_db = ctdb->db_list; ctdb_db != NULL; ctdb_db = ctdb_db->next) {
+ ctdb_db->generation = INVALID_GENERATION;
+ }
+
+ /*
+ * Although this bypasses the control, the only thing missing
+ * is the deferred drop of all public IPs, which isn't
+ * necessary because they are dropped below
+ */
+ if (ctdb->recovery_mode != CTDB_RECOVERY_ACTIVE) {
+ D_NOTICE("Recovery mode set to ACTIVE\n");
+ ctdb->recovery_mode = CTDB_RECOVERY_ACTIVE;
+ }
+
+ /*
+ * Initiate database freeze - this will be scheduled for
+ * immediate execution and will be in progress long before the
+ * calling control returns
+ */
+ ctdb_daemon_send_control(ctdb,
+ ctdb->pnn,
+ 0,
+ CTDB_CONTROL_FREEZE,
+ 0,
+ CTDB_CTRL_FLAG_NOREPLY,
+ tdb_null,
+ NULL,
+ NULL);
+
+ D_NOTICE("Dropping all public IP addresses\n");
+ ctdb_release_all_ips(ctdb);
+}
int32_t ctdb_control_stop_node(struct ctdb_context *ctdb)
{
DEBUG(DEBUG_ERR, ("Stopping node\n"));
ctdb->nodes[ctdb->pnn]->flags |= NODE_FLAGS_STOPPED;
+ ctdb_node_become_inactive(ctdb);
+
return 0;
}
diff --git a/ctdb/server/ctdb_server.c b/ctdb/server/ctdb_server.c
index dcd761a2961..9724d1fe0a8 100644
--- a/ctdb/server/ctdb_server.c
+++ b/ctdb/server/ctdb_server.c
@@ -45,9 +45,9 @@ int ctdb_set_transport(struct ctdb_context *ctdb, const char *transport)
return 0;
}
-/* Return the PNN for nodeip, CTDB_UNKNOWN_PNN if nodeip is invalid */
-uint32_t ctdb_ip_to_pnn(struct ctdb_context *ctdb,
- const ctdb_sock_addr *nodeip)
+/* Return the node structure for nodeip, NULL if nodeip is invalid */
+struct ctdb_node *ctdb_ip_to_node(struct ctdb_context *ctdb,
+ const ctdb_sock_addr *nodeip)
{
unsigned int nodeid;
@@ -56,11 +56,25 @@ uint32_t ctdb_ip_to_pnn(struct ctdb_context *ctdb,
continue;
}
if (ctdb_same_ip(&ctdb->nodes[nodeid]->address, nodeip)) {
- return ctdb->nodes[nodeid]->pnn;
+ return ctdb->nodes[nodeid];
}
}
- return CTDB_UNKNOWN_PNN;
+ return NULL;
+}
+
+/* Return the PNN for nodeip, CTDB_UNKNOWN_PNN if nodeip is invalid */
+uint32_t ctdb_ip_to_pnn(struct ctdb_context *ctdb,
+ const ctdb_sock_addr *nodeip)
+{
+ struct ctdb_node *node;
+
+ node = ctdb_ip_to_node(ctdb, nodeip);
+ if (node == NULL) {
+ return CTDB_UNKNOWN_PNN;
+ }
+
+ return node->pnn;
}
/* Load a nodes list file into a nodes array */
diff --git a/ctdb/tcp/ctdb_tcp.h b/ctdb/tcp/ctdb_tcp.h
index 0a998c94da4..9a615fc6393 100644
--- a/ctdb/tcp/ctdb_tcp.h
+++ b/ctdb/tcp/ctdb_tcp.h
@@ -26,23 +26,19 @@ struct ctdb_tcp {
int listen_fd;
};
-/*
- state associated with an incoming connection
-*/
-struct ctdb_incoming {
- struct ctdb_context *ctdb;
- int fd;
- struct ctdb_queue *queue;
-};
-
/*
state associated with one tcp node
*/
struct ctdb_tcp_node {
- int fd;
+ int out_fd;
struct ctdb_queue *out_queue;
+
struct tevent_fd *connect_fde;
struct tevent_timer *connect_te;
+
+ struct ctdb_context *ctdb;
+ int in_fd;
+ struct ctdb_queue *in_queue;
};
diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c
index d757abdf26c..6123380ca9f 100644
--- a/ctdb/tcp/tcp_connect.c
+++ b/ctdb/tcp/tcp_connect.c
@@ -44,15 +44,13 @@ void ctdb_tcp_stop_connection(struct ctdb_node *node)
{
struct ctdb_tcp_node *tnode = talloc_get_type(
node->private_data, struct ctdb_tcp_node);
-
- ctdb_queue_set_fd(tnode->out_queue, -1);
- talloc_free(tnode->connect_te);
- talloc_free(tnode->connect_fde);
- tnode->connect_fde = NULL;
- tnode->connect_te = NULL;
- if (tnode->fd != -1) {
- close(tnode->fd);
- tnode->fd = -1;
+
+ TALLOC_FREE(tnode->out_queue);
+ TALLOC_FREE(tnode->connect_te);
+ TALLOC_FREE(tnode->connect_fde);
+ if (tnode->out_fd != -1) {
+ close(tnode->out_fd);
+ tnode->out_fd = -1;
}
}
@@ -93,12 +91,13 @@ static void ctdb_node_connect_write(struct tevent_context *ev,
int error = 0;
socklen_t len = sizeof(error);
int one = 1;
+ int ret;
talloc_free(tnode->connect_te);
tnode->connect_te = NULL;
- if (getsockopt(tnode->fd, SOL_SOCKET, SO_ERROR, &error, &len) != 0 ||
- error != 0) {
+ ret = getsockopt(tnode->out_fd, SOL_SOCKET, SO_ERROR, &error, &len);
+ if (ret != 0 || error != 0) {
ctdb_tcp_stop_connection(node);
tnode->connect_te = tevent_add_timer(ctdb->ev, tnode,
timeval_current_ofs(1, 0),
@@ -109,22 +108,54 @@ static void ctdb_node_connect_write(struct tevent_context *ev,
talloc_free(tnode->connect_fde);
tnode->connect_fde = NULL;
- if (setsockopt(tnode->fd,IPPROTO_TCP,TCP_NODELAY,(char *)&one,sizeof(one)) == -1) {
- DEBUG(DEBUG_WARNING, ("Failed to set TCP_NODELAY on fd - %s\n",
- strerror(errno)));
+ ret = setsockopt(tnode->out_fd,
+ IPPROTO_TCP,
+ TCP_NODELAY,
+ (char *)&one,
+ sizeof(one));
+ if (ret == -1) {
+ DBG_WARNING("Failed to set TCP_NODELAY on fd - %s\n",
+ strerror(errno));
}
- if (setsockopt(tnode->fd,SOL_SOCKET,SO_KEEPALIVE,(char *)&one,sizeof(one)) == -1) {
- DEBUG(DEBUG_WARNING, ("Failed to set KEEPALIVE on fd - %s\n",
- strerror(errno)));
+ ret = setsockopt(tnode->out_fd,
+ SOL_SOCKET,
+ SO_KEEPALIVE,(char *)&one,
+ sizeof(one));
+ if (ret == -1) {
+ DBG_WARNING("Failed to set KEEPALIVE on fd - %s\n",
+ strerror(errno));
}
- ctdb_queue_set_fd(tnode->out_queue, tnode->fd);
+ tnode->out_queue = ctdb_queue_setup(node->ctdb,
+ tnode,
+ tnode->out_fd,
+ CTDB_TCP_ALIGNMENT,
+ ctdb_tcp_tnode_cb,
+ node,
+ "to-node-%s",
+ node->name);
+ if (tnode->out_queue == NULL) {
+ DBG_ERR("Failed to set up outgoing queue\n");
+ ctdb_tcp_stop_connection(node);
+ tnode->connect_te = tevent_add_timer(ctdb->ev,
+ tnode,
+ timeval_current_ofs(1, 0),
+ ctdb_tcp_node_connect,
+ node);
+ return;
+ }
/* the queue subsystem now owns this fd */
- tnode->fd = -1;
+ tnode->out_fd = -1;
- /* tell the ctdb layer we are connected */
- node->ctdb->upcalls->node_connected(node);
+ /*
+ * Mark the node to which this connection has been established
+ * as connected, but only if the corresponding listening
+ * socket is also connected
+ */
+ if (tnode->in_fd != -1) {
+ node->ctdb->upcalls->node_connected(node);
+ }
}
@@ -149,26 +180,24 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te,
sock_out = node->address;
- tnode->fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
- if (tnode->fd == -1) {
- DEBUG(DEBUG_ERR, (__location__ " Failed to create socket\n"));
+ tnode->out_fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
+ if (tnode->out_fd == -1) {
+ DBG_ERR("Failed to create socket\n");
return;
}
- ret = set_blocking(tnode->fd, false);
+ ret = set_blocking(tnode->out_fd, false);
if (ret != 0) {
- DEBUG(DEBUG_ERR,
- (__location__
- " failed to set socket non-blocking (%s)\n",
- strerror(errno)));
- close(tnode->fd);
- tnode->fd = -1;
+ DBG_ERR("Failed to set socket non-blocking (%s)\n",
+ strerror(errno));
+ close(tnode->out_fd);
+ tnode->out_fd = -1;
return;
}
- set_close_on_exec(tnode->fd);
+ set_close_on_exec(tnode->out_fd);
- DEBUG(DEBUG_DEBUG, (__location__ " Created TCP SOCKET FD:%d\n", tnode->fd));
+ DBG_DEBUG("Created TCP SOCKET FD:%d\n", tnode->out_fd);
/* Bind our side of the socketpair to the same address we use to listen
* on incoming CTDB traffic.
@@ -197,39 +226,48 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, struct tevent_timer *te,
default:
DEBUG(DEBUG_ERR, (__location__ " unknown family %u\n",
sock_in.sa.sa_family));
- close(tnode->fd);
- tnode->fd = -1;
+ close(tnode->out_fd);
+ tnode->out_fd = -1;
return;
}
- if (bind(tnode->fd, (struct sockaddr *)&sock_in, sockin_size) == -1) {
- DEBUG(DEBUG_ERR, (__location__ " Failed to bind socket %s(%d)\n",
- strerror(errno), errno));
- close(tnode->fd);
- tnode->fd = -1;
+ ret = bind(tnode->out_fd, (struct sockaddr *)&sock_in, sockin_size);
+ if (ret == -1) {
+ DBG_ERR("Failed to bind socket (%s)\n", strerror(errno));
+ close(tnode->out_fd);
+ tnode->out_fd = -1;
return;
}
- if (connect(tnode->fd, (struct sockaddr *)&sock_out, sockout_size) != 0 &&
- errno != EINPROGRESS) {
+ ret = connect(tnode->out_fd,
+ (struct sockaddr *)&sock_out,
+ sockout_size);
+ if (ret != 0 && errno != EINPROGRESS) {
ctdb_tcp_stop_connection(node);
- tnode->connect_te = tevent_add_timer(ctdb->ev, tnode,
+ tnode->connect_te = tevent_add_timer(ctdb->ev,
+ tnode,
timeval_current_ofs(1, 0),
- ctdb_tcp_node_connect, node);
+ ctdb_tcp_node_connect,
+ node);
return;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list