[SCM] Samba Shared Repository - branch v4-11-stable updated
Karolin Seeger
kseeger at samba.org
Tue Oct 6 07:16:26 UTC 2020
The branch, v4-11-stable has been updated
via ee1f3500a1e VERSION: Disable GIT_SNAPSHOT for the 4.11.14 release.
via 80086ce5563 WHATSNEW: Add release notes for Samba 4.11.14.
via 979e078065e winbind: Fix a memleak
via cd50a5329a0 VERSION: Bump version up to 4.11.14...
via 70e9e595121 Merge tag 'samba-4.11.13' into v4-11-test
via 061d484f6da smbd: don't log success as error
via 17800f413bc lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
via 7d0bb8cbced tldap: Receiving "msgid == 0" means the connection is dead
via 6fca7ca8977 test: Test winbind idmap_ad ticket expiry behaviour
via df35c04f46f idmap_ad: Pass tldap debug messages on to DEBUG()
via e3b951241cf tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
via bf7dfed4f90 tldap: Make sure all requests are cancelled on rundown
via ec8e422f6ea tldap: Centralize connection rundown on error
via 61b337dfb7b tldap: Maintain the ldap read request in tldap_context
via 5cc2ac271d1 tldap: Always remove ourselves from ld->pending at cleanup time
via 31a8c24a5d1 tldap: Fix tldap_msg_received()
via 90e0feb0a35 tldap: Only free() ld->pending if "req" is part of it
via 74fef4bc2ce ldap_server: Terminate LDAP connections on krb ticket expiry
via e2e0be0a312 ldap_server: Add the krb5 expiry to conn->limits
via 1df2076dd47 torture: Test ldap session expiry
via 8c0e5ddedf5 build: Wrap a long line
via 3d7572b4032 ctdb-recoverd: Rename update_local_flags() -> update_flags()
via c348d7a5878 ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps
via 7723e7d23d7 ctdb-recoverd: Get remote nodemaps earlier
via 1956ee1f6b8 ctdb-recoverd: Do not fetch the nodemap from the recovery master
via 8faae66a253 ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes
via 238564c7495 ctdb-recoverd: Fix node_pnn check and assignment of nodemap into array
via d1f01ff312b ctdb-recoverd: Add fail callback to assign banning credits
via 90c0609df4c ctdb-recoverd: Add an intermediate state struct for nodemap fetching
via b0d4ae271de ctdb-recoverd: Move memory allocation into get_remote_nodemaps()
via 942db2b3d27 ctdb-recoverd: Change signature of get_remote_nodemaps()
via 9e52bb0c5c6 ctdb-recoverd: Fix a local memory leak
via 55216cda607 ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
via 660f584477a ctdb-recoverd: Simplify calculation of new flags
via d8e6304a2bd ctdb-recoverd: Correctly find nodemap entry for pnn
via 94a9842af6c ctdb-recoverd: Do not retrieve nodemap from recovery master
via c33e8703c10 ctdb-recoverd: Flatten update_flags_on_all_nodes()
via 94416b40b7e ctdb-recoverd: Move ctdb_ctrl_modflags() to ctdb_recoverd.c
via d1b1da94eb1 ctdb-recoverd: Improve a call to update_flags_on_all_nodes()
via 6419e3de633 ctdb-recoverd: Use update_flags_on_all_nodes()
via fffe852285b ctdb-recoverd: Introduce some local variables to improve readability
via 34bc583a7f1 ctdb-recoverd: Change update_flags_on_all_nodes() to take rec argument
via cea37c849ce ctdb-recoverd: Drop unused nodemap argument from update_flags_on_all_nodes()
via 051a9021d50 lib/util: do not install /usr/bin/test_util
from ef64fc24b31 VERSION: Disable GIT_SNAPSHOT for the 4.11.13 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 64 ++++++++-
ctdb/include/ctdb_client.h | 5 -
ctdb/server/ctdb_client.c | 65 ---------
ctdb/server/ctdb_recoverd.c | 264 +++++++++++++++++++++++-----------
lib/replace/wscript | 3 +
lib/util/wscript_build | 3 +-
nsswitch/tests/test_ticket_expiry.sh | 74 ++++++++++
selftest/target/Samba3.pm | 1 +
selftest/target/Samba4.pm | 6 +-
source3/lib/tldap.c | 146 ++++++++++++-------
source3/locking/locking.c | 13 +-
source3/selftest/tests.py | 5 +
source3/winbindd/idmap_ad.c | 36 +++++
source3/winbindd/winbindd_ads.c | 1 +
source4/heimdal_build/wscript_build | 7 +-
source4/ldap_server/ldap_backend.c | 37 +++++
source4/ldap_server/ldap_bind.c | 15 ++
source4/ldap_server/ldap_server.c | 66 +++++++++
source4/ldap_server/ldap_server.h | 2 +
source4/selftest/tests.py | 7 +-
source4/torture/ldap/common.c | 2 +
source4/torture/ldap/session_expiry.c | 121 ++++++++++++++++
source4/torture/wscript_build | 13 +-
24 files changed, 738 insertions(+), 220 deletions(-)
create mode 100755 nsswitch/tests/test_ticket_expiry.sh
create mode 100644 source4/torture/ldap/session_expiry.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index cd93dc7e95f..449df3b877b 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=13
+SAMBA_VERSION_RELEASE=14
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 76dc4cc0d5a..a46f56c3bd9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,62 @@
+ ===============================
+ Release Notes for Samba 4.11.14
+ October 06, 2020
+ ===============================
+
+
+This is the latest stable release of the Samba 4.11 release series.
+Please note that there will be *security releases only* beyond this point.
+
+
+Changes since 4.11.13
+---------------------
+
+o Günther Deschner <gd at samba.org>
+ * BUG 14166: lib/util: Do not install /usr/bin/test_util.
+
+o Philipp Gesang <philipp.gesang at intra2net.com>
+ * BUG 14490: smbd: don't log success as error.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
+ response.
+
+o Laurent Menase <laurent.menase at hpe.com>
+ * BUG 14388: winbind: Fix a memleak.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14465: idmap_ad: Pass tldap debug messages on to DEBUG().
+ * BUG 14482: lib/replace: Move lib/replace/closefrom.c from
+ ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 14466: ctdb disable/enable can fail due to race condition.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+
===============================
Release Notes for Samba 4.11.13
September 18, 2020
@@ -98,10 +157,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
-
- ===============================
+---------------------------------------------------------------------- ===============================
Release Notes for Samba 4.11.12
August 25, 2020
===============================
diff --git a/ctdb/include/ctdb_client.h b/ctdb/include/ctdb_client.h
index 198a8a38dbb..b89c4e49b2f 100644
--- a/ctdb/include/ctdb_client.h
+++ b/ctdb/include/ctdb_client.h
@@ -195,11 +195,6 @@ int ctdb_ctrl_get_ifaces(struct ctdb_context *ctdb,
TALLOC_CTX *mem_ctx,
struct ctdb_iface_list_old **ifaces);
-int ctdb_ctrl_modflags(struct ctdb_context *ctdb,
- struct timeval timeout,
- uint32_t destnode,
- uint32_t set, uint32_t clear);
-
int ctdb_ctrl_get_all_tunables(struct ctdb_context *ctdb,
struct timeval timeout, uint32_t destnode,
struct ctdb_tunable_list *tunables);
diff --git a/ctdb/server/ctdb_client.c b/ctdb/server/ctdb_client.c
index 67455745ede..566b59903ba 100644
--- a/ctdb/server/ctdb_client.c
+++ b/ctdb/server/ctdb_client.c
@@ -1243,71 +1243,6 @@ int ctdb_ctrl_get_ifaces(struct ctdb_context *ctdb,
return 0;
}
-/*
- set/clear the permanent disabled bit on a remote node
- */
-int ctdb_ctrl_modflags(struct ctdb_context *ctdb, struct timeval timeout, uint32_t destnode,
- uint32_t set, uint32_t clear)
-{
- int ret;
- TDB_DATA data;
- struct ctdb_node_map_old *nodemap=NULL;
- struct ctdb_node_flag_change c;
- TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
- uint32_t recmaster;
- uint32_t *nodes;
-
-
- /* find the recovery master */
- ret = ctdb_ctrl_getrecmaster(ctdb, tmp_ctx, timeout, CTDB_CURRENT_NODE, &recmaster);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get recmaster from local node\n"));
- talloc_free(tmp_ctx);
- return ret;
- }
-
-
- /* read the node flags from the recmaster */
- ret = ctdb_ctrl_getnodemap(ctdb, timeout, recmaster, tmp_ctx, &nodemap);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get nodemap from node %u\n", destnode));
- talloc_free(tmp_ctx);
- return -1;
- }
- if (destnode >= nodemap->num) {
- DEBUG(DEBUG_ERR,(__location__ " Nodemap from recmaster does not contain node %d\n", destnode));
- talloc_free(tmp_ctx);
- return -1;
- }
-
- c.pnn = destnode;
- c.old_flags = nodemap->nodes[destnode].flags;
- c.new_flags = c.old_flags;
- c.new_flags |= set;
- c.new_flags &= ~clear;
-
- data.dsize = sizeof(c);
- data.dptr = (unsigned char *)&c;
-
- /* send the flags update to all connected nodes */
- nodes = list_of_connected_nodes(ctdb, nodemap, tmp_ctx, true);
-
- if (ctdb_client_async_control(ctdb, CTDB_CONTROL_MODIFY_FLAGS,
- nodes, 0,
- timeout, false, data,
- NULL, NULL,
- NULL) != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
-
- talloc_free(tmp_ctx);
- return -1;
- }
-
- talloc_free(tmp_ctx);
- return 0;
-}
-
-
/*
get all tunables
*/
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 2c029256c02..7c53335604a 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -425,18 +425,62 @@ static int set_recovery_mode(struct ctdb_context *ctdb,
}
/*
- update flags on all active nodes
+ * Update flags on all connected nodes
*/
-static int update_flags_on_all_nodes(struct ctdb_context *ctdb, struct ctdb_node_map_old *nodemap, uint32_t pnn, uint32_t flags)
+static int update_flags_on_all_nodes(struct ctdb_recoverd *rec,
+ uint32_t pnn,
+ uint32_t flags)
{
+ struct ctdb_context *ctdb = rec->ctdb;
+ struct timeval timeout = CONTROL_TIMEOUT();
+ TDB_DATA data;
+ struct ctdb_node_map_old *nodemap=NULL;
+ struct ctdb_node_flag_change c;
+ TALLOC_CTX *tmp_ctx = talloc_new(ctdb);
+ uint32_t *nodes;
+ uint32_t i;
int ret;
- ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), pnn, flags, ~flags);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
+ nodemap = rec->nodemap;
+
+ for (i = 0; i < nodemap->num; i++) {
+ if (pnn == nodemap->nodes[i].pnn) {
+ break;
+ }
+ }
+ if (i >= nodemap->num) {
+ DBG_ERR("Nodemap does not contain node %d\n", pnn);
+ talloc_free(tmp_ctx);
return -1;
}
+ c.pnn = pnn;
+ c.old_flags = nodemap->nodes[i].flags;
+ c.new_flags = flags;
+
+ data.dsize = sizeof(c);
+ data.dptr = (unsigned char *)&c;
+
+ /* send the flags update to all connected nodes */
+ nodes = list_of_connected_nodes(ctdb, nodemap, tmp_ctx, true);
+
+ ret = ctdb_client_async_control(ctdb,
+ CTDB_CONTROL_MODIFY_FLAGS,
+ nodes,
+ 0,
+ timeout,
+ false,
+ data,
+ NULL,
+ NULL,
+ NULL);
+ if (ret != 0) {
+ DBG_ERR("Unable to update flags on remote nodes\n");
+ talloc_free(tmp_ctx);
+ return -1;
+ }
+
+ talloc_free(tmp_ctx);
return 0;
}
@@ -493,60 +537,57 @@ static void ctdb_wait_election(struct ctdb_recoverd *rec)
}
/*
- Update our local flags from all remote connected nodes.
- This is only run when we are or we belive we are the recovery master
+ * Update local flags from all remote connected nodes and push out
+ * flags changes to all nodes. This is only run by the recovery
+ * master.
*/
-static int update_local_flags(struct ctdb_recoverd *rec, struct ctdb_node_map_old *nodemap)
+static int update_flags(struct ctdb_recoverd *rec,
+ struct ctdb_node_map_old *nodemap,
+ struct ctdb_node_map_old **remote_nodemaps)
{
unsigned int j;
struct ctdb_context *ctdb = rec->ctdb;
TALLOC_CTX *mem_ctx = talloc_new(ctdb);
- /* get the nodemap for all active remote nodes and verify
- they are the same as for this node
- */
+ /* Check flags from remote nodes */
for (j=0; j<nodemap->num; j++) {
struct ctdb_node_map_old *remote_nodemap=NULL;
+ uint32_t local_flags = nodemap->nodes[j].flags;
+ uint32_t remote_flags;
int ret;
- if (nodemap->nodes[j].flags & NODE_FLAGS_DISCONNECTED) {
+ if (local_flags & NODE_FLAGS_DISCONNECTED) {
continue;
}
if (nodemap->nodes[j].pnn == ctdb->pnn) {
continue;
}
- ret = ctdb_ctrl_getnodemap(ctdb, CONTROL_TIMEOUT(), nodemap->nodes[j].pnn,
- mem_ctx, &remote_nodemap);
- if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to get nodemap from remote node %u\n",
- nodemap->nodes[j].pnn));
- ctdb_set_culprit(rec, nodemap->nodes[j].pnn);
- talloc_free(mem_ctx);
- return -1;
- }
- if (nodemap->nodes[j].flags != remote_nodemap->nodes[j].flags) {
- /* We should tell our daemon about this so it
- updates its flags or else we will log the same
- message again in the next iteration of recovery.
- Since we are the recovery master we can just as
- well update the flags on all nodes.
- */
- ret = ctdb_ctrl_modflags(ctdb, CONTROL_TIMEOUT(), nodemap->nodes[j].pnn, remote_nodemap->nodes[j].flags, ~remote_nodemap->nodes[j].flags);
+ remote_nodemap = remote_nodemaps[j];
+ remote_flags = remote_nodemap->nodes[j].flags;
+
+ if (local_flags != remote_flags) {
+ ret = update_flags_on_all_nodes(rec,
+ nodemap->nodes[j].pnn,
+ remote_flags);
if (ret != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to update nodeflags on remote nodes\n"));
+ DBG_ERR(
+ "Unable to update flags on remote nodes\n");
+ talloc_free(mem_ctx);
return -1;
}
- /* Update our local copy of the flags in the recovery
- daemon.
- */
- DEBUG(DEBUG_NOTICE,("Remote node %u had flags 0x%x, local had 0x%x - updating local\n",
- nodemap->nodes[j].pnn, remote_nodemap->nodes[j].flags,
- nodemap->nodes[j].flags));
- nodemap->nodes[j].flags = remote_nodemap->nodes[j].flags;
+ /*
+ * Update the local copy of the flags in the
+ * recovery daemon.
+ */
+ D_NOTICE("Remote node %u had flags 0x%x, "
+ "local had 0x%x - updating local\n",
+ nodemap->nodes[j].pnn,
+ remote_flags,
+ local_flags);
+ nodemap->nodes[j].flags = remote_flags;
}
- talloc_free(remote_nodemap);
}
talloc_free(mem_ctx);
return 0;
@@ -1125,7 +1166,9 @@ static int do_recovery(struct ctdb_recoverd *rec,
continue;
}
- ret = update_flags_on_all_nodes(ctdb, nodemap, i, nodemap->nodes[i].flags);
+ ret = update_flags_on_all_nodes(rec,
+ nodemap->nodes[i].pnn,
+ nodemap->nodes[i].flags);
if (ret != 0) {
if (nodemap->nodes[i].flags & NODE_FLAGS_INACTIVE) {
DEBUG(DEBUG_WARNING, (__location__ "Unable to update flags on inactive node %d\n", i));
@@ -2172,37 +2215,94 @@ done:
}
-static void async_getnodemap_callback(struct ctdb_context *ctdb, uint32_t node_pnn, int32_t res, TDB_DATA outdata, void *callback_data)
+struct remote_nodemaps_state {
+ struct ctdb_node_map_old **remote_nodemaps;
+ struct ctdb_recoverd *rec;
+};
+
+static void async_getnodemap_callback(struct ctdb_context *ctdb,
+ uint32_t node_pnn,
+ int32_t res,
+ TDB_DATA outdata,
+ void *callback_data)
{
- struct ctdb_node_map_old **remote_nodemaps = callback_data;
+ struct remote_nodemaps_state *state =
+ (struct remote_nodemaps_state *)callback_data;
+ struct ctdb_node_map_old **remote_nodemaps = state->remote_nodemaps;
+ struct ctdb_node_map_old *nodemap = state->rec->nodemap;
+ size_t i;
- if (node_pnn >= ctdb->num_nodes) {
- DEBUG(DEBUG_ERR,(__location__ " pnn from invalid node\n"));
+ for (i = 0; i < nodemap->num; i++) {
+ if (nodemap->nodes[i].pnn == node_pnn) {
+ break;
+ }
+ }
+
+ if (i >= nodemap->num) {
+ DBG_ERR("Invalid PNN %"PRIu32"\n", node_pnn);
return;
}
- remote_nodemaps[node_pnn] = (struct ctdb_node_map_old *)talloc_steal(remote_nodemaps, outdata.dptr);
+ remote_nodemaps[i] = (struct ctdb_node_map_old *)talloc_steal(
+ remote_nodemaps, outdata.dptr);
+
+}
+
+static void async_getnodemap_error(struct ctdb_context *ctdb,
+ uint32_t node_pnn,
+ int32_t res,
+ TDB_DATA outdata,
+ void *callback_data)
+{
+ struct remote_nodemaps_state *state =
+ (struct remote_nodemaps_state *)callback_data;
+ struct ctdb_recoverd *rec = state->rec;
+ DBG_ERR("Failed to retrieve nodemap from node %u\n", node_pnn);
+ ctdb_set_culprit(rec, node_pnn);
}
-static int get_remote_nodemaps(struct ctdb_context *ctdb, TALLOC_CTX *mem_ctx,
- struct ctdb_node_map_old *nodemap,
- struct ctdb_node_map_old **remote_nodemaps)
+static int get_remote_nodemaps(struct ctdb_recoverd *rec,
+ TALLOC_CTX *mem_ctx,
+ struct ctdb_node_map_old ***remote_nodemaps)
{
+ struct ctdb_context *ctdb = rec->ctdb;
+ struct ctdb_node_map_old **t;
uint32_t *nodes;
+ struct remote_nodemaps_state state;
+ int ret;
- nodes = list_of_active_nodes(ctdb, nodemap, mem_ctx, true);
- if (ctdb_client_async_control(ctdb, CTDB_CONTROL_GET_NODEMAP,
- nodes, 0,
- CONTROL_TIMEOUT(), false, tdb_null,
+ t = talloc_zero_array(mem_ctx,
+ struct ctdb_node_map_old *,
+ rec->nodemap->num);
+ if (t == NULL) {
+ DBG_ERR("Memory allocation error\n");
+ return -1;
+ }
+
+ nodes = list_of_connected_nodes(ctdb, rec->nodemap, mem_ctx, false);
+
+ state.remote_nodemaps = t;
+ state.rec = rec;
+
+ ret = ctdb_client_async_control(ctdb,
+ CTDB_CONTROL_GET_NODEMAP,
+ nodes,
+ 0,
+ CONTROL_TIMEOUT(),
+ false,
+ tdb_null,
async_getnodemap_callback,
- NULL,
- remote_nodemaps) != 0) {
- DEBUG(DEBUG_ERR, (__location__ " Unable to pull all remote nodemaps\n"));
+ async_getnodemap_error,
+ &state);
+ talloc_free(nodes);
- return -1;
+ if (ret != 0) {
+ talloc_free(t);
+ return ret;
}
+ *remote_nodemaps = t;
return 0;
}
@@ -2447,10 +2547,17 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
}
- /* ensure our local copies of flags are right */
- ret = update_local_flags(rec, nodemap);
+ /* Get the nodemaps for all connected remote nodes */
+ ret = get_remote_nodemaps(rec, mem_ctx, &remote_nodemaps);
if (ret != 0) {
- DEBUG(DEBUG_ERR,("Unable to update local flags\n"));
+ DBG_ERR("Failed to read remote nodemaps\n");
+ return;
+ }
+
+ /* Ensure our local and remote flags are correct */
+ ret = update_flags(rec, nodemap, remote_nodemaps);
+ if (ret != 0) {
+ D_ERR("Unable to update flags\n");
return;
}
@@ -2523,33 +2630,14 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
goto takeover_run_checks;
}
- /* get the nodemap for all active remote nodes
- */
- remote_nodemaps = talloc_array(mem_ctx, struct ctdb_node_map_old *, nodemap->num);
- if (remote_nodemaps == NULL) {
- DEBUG(DEBUG_ERR, (__location__ " failed to allocate remote nodemap array\n"));
- return;
--
Samba Shared Repository
More information about the samba-cvs
mailing list