[SCM] Samba Shared Repository - branch master updated

Mon Nov 2 10:21:01 UTC 2020

The branch, master has been updated
       via  4bf010309cd selftest: Drop dummy environment variables for CTDB daemons
       via  65ab8cb014c ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
       via  78c3b5b6a83 ctdb-daemon: Clean up call to bind socket
       via  9404f8631ec ctdb-daemon: Clean up socket bind/secure/listen
      from  ee79d39aa0c idmap_nss.8.xml: update manpage as discussed on the samba mailing list

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4bf010309cd747a42069cb5469ccb7711364ef18
Author: Martin Schwenke <martin at meltin.net>
Date:   Thu Oct 29 09:05:37 2020 +1100

    selftest: Drop dummy environment variables for CTDB daemons
    
    This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
    chown the socket.  The chown is no longer done in test mode so remove
    this confusing hack.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
    Autobuild-Date(master): Mon Nov  2 10:20:45 UTC 2020 on sn-devel-184

commit 65ab8cb014ca7ac97433ec53d6d163e6da5a3fe7
Author: Martin Schwenke <martin at meltin.net>
Date:   Sat Oct 24 20:35:53 2020 +1100

    ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
    
    If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the
    socket will fail.
    
    Test mode means that local daemons are in use, so securing the socket
    is not important.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 78c3b5b6a83d934c99ac25480fbc01f9aeb198e3
Author: Martin Schwenke <martin at meltin.net>
Date:   Sat Oct 24 21:54:21 2020 +1100

    ctdb-daemon: Clean up call to bind socket
    
    Variable res is only used once and ret is re-used many times.  Drop
    res, use ret, which doesn't need to be initialised.  Modernise debug
    macro.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>

commit 9404f8631ecc028c4e98879fbc67ccd2be09249f
Author: Martin Schwenke <martin at meltin.net>
Date:   Sat Oct 24 20:29:58 2020 +1100

    ctdb-daemon: Clean up socket bind/secure/listen
    
    Obey the coding style, modernise debug macros, clean up whitespace.
    
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/server/ctdb_daemon.c | 54 ++++++++++++++++++++++++++++-------------------
 selftest/target/Samba3.pm |  9 +-------
 2 files changed, 33 insertions(+), 30 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 7ebb419bc1f..9035f5b4748 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -1168,10 +1168,10 @@ static void ctdb_accept_client(struct tevent_context *ev,
 
 
 /*
-  create a unix domain socket and bind it
-  return a file descriptor open on the socket 
-*/
-static int ux_socket_bind(struct ctdb_context *ctdb)
+ * Create a unix domain socket, bind it, secure it and listen.  Return
+ * the file descriptor for the socket.
+ */
+static int ux_socket_bind(struct ctdb_context *ctdb, bool test_mode_enabled)
 {
 	struct sockaddr_un addr = { .sun_family = AF_UNIX };
 	int ret;
@@ -1191,38 +1191,48 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
 
 	ret = set_blocking(ctdb->daemon.sd, false);
 	if (ret != 0) {
-		DEBUG(DEBUG_ERR,
-		      (__location__
-		       " failed to set socket non-blocking (%s)\n",
-		       strerror(errno)));
+		DBG_ERR("Failed to set socket non-blocking (%s)\n",
+			strerror(errno));
 		goto failed;
 	}
 
-	if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
-		DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name));
+	ret = bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr));
+	if (ret == -1) {
+		D_ERR("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name);
 		goto failed;
 	}
 
-	if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 ||
-	    chmod(ctdb->daemon.name, 0700) != 0) {
-		DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n", ctdb->daemon.name));
+	if (!test_mode_enabled) {
+		ret = chown(ctdb->daemon.name, geteuid(), getegid());
+		if (ret != 0 && !test_mode_enabled) {
+			D_ERR("Unable to secure (chown) ctdb socket '%s'\n",
+			      ctdb->daemon.name);
+			goto failed;
+		}
+	}
+
+	ret = chmod(ctdb->daemon.name, 0700);
+	if (ret != 0) {
+		D_ERR("Unable to secure (chmod) ctdb socket '%s'\n",
+		      ctdb->daemon.name);
 		goto failed;
 	}
 
 
-	if (listen(ctdb->daemon.sd, 100) != 0) {
-		DEBUG(DEBUG_CRIT,("Unable to listen on ctdb socket '%s'\n", ctdb->daemon.name));
+	ret = listen(ctdb->daemon.sd, 100);
+	if (ret != 0) {
+		D_ERR("Unable to listen on ctdb socket '%s'\n",
+		      ctdb->daemon.name);
 		goto failed;
 	}
 
-	DEBUG(DEBUG_NOTICE, ("Listening to ctdb socket %s\n",
-			     ctdb->daemon.name));
+	D_NOTICE("Listening to ctdb socket %s\n", ctdb->daemon.name);
 	return 0;
 
 failed:
 	close(ctdb->daemon.sd);
 	ctdb->daemon.sd = -1;
-	return -1;	
+	return -1;
 }
 
 static void initialise_node_flags (struct ctdb_context *ctdb)
@@ -1462,7 +1472,7 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
 		      bool interactive,
 		      bool test_mode_enabled)
 {
-	int res, ret = -1;
+	int ret;
 	struct tevent_fd *fde;
 
 	/* Fork if not interactive */
@@ -1485,9 +1495,9 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
 	ctdb_create_pidfile(ctdb);
 
 	/* create a unix domain stream socket to listen to */
-	res = ux_socket_bind(ctdb);
-	if (res!=0) {
-		DEBUG(DEBUG_ALERT,("Cannot continue.  Exiting!\n"));
+	ret = ux_socket_bind(ctdb, test_mode_enabled);
+	if (ret != 0) {
+		D_ERR("Cannot continue.  Exiting!\n");
 		exit(10);
 	}
 
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index cfa2677a673..5623e2a149f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3414,20 +3414,13 @@ sub check_or_start_ctdb($$) {
 
 		my $cmd = "ctdb/tests/local_daemons.sh";
 		my @full_cmd = ("$cmd", "$prefix", "start", "$i");
-		# Dummy environment variables to avoid
-		# Samba3::get_env_for_process() from generating them
-		# and including UID_WRAPPER_ROOT=1, which causes
-		# "Unable to secure ctdb socket" error.
-		my $env_vars = {
-			CTDB_DUMMY => "1",
-		};
 		my $daemon_ctx = {
 			NAME => "ctdbd",
 			BINARY_PATH => $cmd,
 			FULL_CMD => [ @full_cmd ],
 			TEE_STDOUT => 1,
 			LOG_FILE => "/dev/null",
-			ENV_VARS => $env_vars,
+			ENV_VARS => {},
 		};
 
 		print "STARTING CTDBD (node ${i})\n";


-- 
Samba Shared Repository

