[SCM] Samba Shared Repository - branch master updated
Amitay Isaacs
amitay at samba.org
Mon Nov 2 10:21:01 UTC 2020
The branch, master has been updated
via 4bf010309cd selftest: Drop dummy environment variables for CTDB daemons
via 65ab8cb014c ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
via 78c3b5b6a83 ctdb-daemon: Clean up call to bind socket
via 9404f8631ec ctdb-daemon: Clean up socket bind/secure/listen
from ee79d39aa0c idmap_nss.8.xml: update manpage as discussed on the samba mailing list
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 4bf010309cd747a42069cb5469ccb7711364ef18
Author: Martin Schwenke <martin at meltin.net>
Date: Thu Oct 29 09:05:37 2020 +1100
selftest: Drop dummy environment variables for CTDB daemons
This existed to avoid UID_WRAPPER_ROOT=1 causing ctdbd to fail to
chown the socket. The chown is no longer done in test mode so remove
this confusing hack.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Nov 2 10:20:45 UTC 2020 on sn-devel-184
commit 65ab8cb014ca7ac97433ec53d6d163e6da5a3fe7
Author: Martin Schwenke <martin at meltin.net>
Date: Sat Oct 24 20:35:53 2020 +1100
ctdb-daemon: Do not attempt to chown Unix domain socket in test mode
If run with UID wrapper and UID_WRAPPER_ROOT=1 then securing the
socket will fail.
Test mode means that local daemons are in use, so securing the socket
is not important.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 78c3b5b6a83d934c99ac25480fbc01f9aeb198e3
Author: Martin Schwenke <martin at meltin.net>
Date: Sat Oct 24 21:54:21 2020 +1100
ctdb-daemon: Clean up call to bind socket
Variable res is only used once and ret is re-used many times. Drop
res, use ret, which doesn't need to be initialised. Modernise debug
macro.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 9404f8631ecc028c4e98879fbc67ccd2be09249f
Author: Martin Schwenke <martin at meltin.net>
Date: Sat Oct 24 20:29:58 2020 +1100
ctdb-daemon: Clean up socket bind/secure/listen
Obey the coding style, modernise debug macros, clean up whitespace.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
ctdb/server/ctdb_daemon.c | 54 ++++++++++++++++++++++++++++-------------------
selftest/target/Samba3.pm | 9 +-------
2 files changed, 33 insertions(+), 30 deletions(-)
Changeset truncated at 500 lines:
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 7ebb419bc1f..9035f5b4748 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -1168,10 +1168,10 @@ static void ctdb_accept_client(struct tevent_context *ev,
/*
- create a unix domain socket and bind it
- return a file descriptor open on the socket
-*/
-static int ux_socket_bind(struct ctdb_context *ctdb)
+ * Create a unix domain socket, bind it, secure it and listen. Return
+ * the file descriptor for the socket.
+ */
+static int ux_socket_bind(struct ctdb_context *ctdb, bool test_mode_enabled)
{
struct sockaddr_un addr = { .sun_family = AF_UNIX };
int ret;
@@ -1191,38 +1191,48 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
ret = set_blocking(ctdb->daemon.sd, false);
if (ret != 0) {
- DEBUG(DEBUG_ERR,
- (__location__
- " failed to set socket non-blocking (%s)\n",
- strerror(errno)));
+ DBG_ERR("Failed to set socket non-blocking (%s)\n",
+ strerror(errno));
goto failed;
}
- if (bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(DEBUG_CRIT,("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name));
+ ret = bind(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr));
+ if (ret == -1) {
+ D_ERR("Unable to bind on ctdb socket '%s'\n", ctdb->daemon.name);
goto failed;
}
- if (chown(ctdb->daemon.name, geteuid(), getegid()) != 0 ||
- chmod(ctdb->daemon.name, 0700) != 0) {
- DEBUG(DEBUG_CRIT,("Unable to secure ctdb socket '%s', ctdb->daemon.name\n", ctdb->daemon.name));
+ if (!test_mode_enabled) {
+ ret = chown(ctdb->daemon.name, geteuid(), getegid());
+ if (ret != 0 && !test_mode_enabled) {
+ D_ERR("Unable to secure (chown) ctdb socket '%s'\n",
+ ctdb->daemon.name);
+ goto failed;
+ }
+ }
+
+ ret = chmod(ctdb->daemon.name, 0700);
+ if (ret != 0) {
+ D_ERR("Unable to secure (chmod) ctdb socket '%s'\n",
+ ctdb->daemon.name);
goto failed;
}
- if (listen(ctdb->daemon.sd, 100) != 0) {
- DEBUG(DEBUG_CRIT,("Unable to listen on ctdb socket '%s'\n", ctdb->daemon.name));
+ ret = listen(ctdb->daemon.sd, 100);
+ if (ret != 0) {
+ D_ERR("Unable to listen on ctdb socket '%s'\n",
+ ctdb->daemon.name);
goto failed;
}
- DEBUG(DEBUG_NOTICE, ("Listening to ctdb socket %s\n",
- ctdb->daemon.name));
+ D_NOTICE("Listening to ctdb socket %s\n", ctdb->daemon.name);
return 0;
failed:
close(ctdb->daemon.sd);
ctdb->daemon.sd = -1;
- return -1;
+ return -1;
}
static void initialise_node_flags (struct ctdb_context *ctdb)
@@ -1462,7 +1472,7 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
bool interactive,
bool test_mode_enabled)
{
- int res, ret = -1;
+ int ret;
struct tevent_fd *fde;
/* Fork if not interactive */
@@ -1485,9 +1495,9 @@ int ctdb_start_daemon(struct ctdb_context *ctdb,
ctdb_create_pidfile(ctdb);
/* create a unix domain stream socket to listen to */
- res = ux_socket_bind(ctdb);
- if (res!=0) {
- DEBUG(DEBUG_ALERT,("Cannot continue. Exiting!\n"));
+ ret = ux_socket_bind(ctdb, test_mode_enabled);
+ if (ret != 0) {
+ D_ERR("Cannot continue. Exiting!\n");
exit(10);
}
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index cfa2677a673..5623e2a149f 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3414,20 +3414,13 @@ sub check_or_start_ctdb($$) {
my $cmd = "ctdb/tests/local_daemons.sh";
my @full_cmd = ("$cmd", "$prefix", "start", "$i");
- # Dummy environment variables to avoid
- # Samba3::get_env_for_process() from generating them
- # and including UID_WRAPPER_ROOT=1, which causes
- # "Unable to secure ctdb socket" error.
- my $env_vars = {
- CTDB_DUMMY => "1",
- };
my $daemon_ctx = {
NAME => "ctdbd",
BINARY_PATH => $cmd,
FULL_CMD => [ @full_cmd ],
TEE_STDOUT => 1,
LOG_FILE => "/dev/null",
- ENV_VARS => $env_vars,
+ ENV_VARS => {},
};
print "STARTING CTDBD (node ${i})\n";
--
Samba Shared Repository
More information about the samba-cvs
mailing list