1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

2258 Commits

Author SHA1 Message Date
Gary Lockyer
9ccf164550 ctdb/server/ctdb_daemon.c set socket close on exec
Set SOCKET_CLOEXEC on the sockets returned by accept.  This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2017-12-18 04:38:20 +01:00
Amitay Isaacs
de3f0d889b ctdb-recovery-helper: Deregister message handler in error paths
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188

If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler.  So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-12-13 08:48:18 +01:00
Amitay Isaacs
d7a5cd589b ctdb-daemon: Send STARTUP control after startup event
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up.  Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event.  Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.

Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.

To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event.  By this time all the running nodes in the cluster
are connected.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144
2017-11-30 15:29:48 +01:00
Amitay Isaacs
73e261b48c ctdb-takeover: Send tcp tickles immediately on STARTUP control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-11-30 11:34:20 +01:00
Amitay Isaacs
2b253f6b1b ctdb-takeover: Refactor code to send tickle lists for all public IPs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-11-30 11:34:20 +01:00
Amitay Isaacs
f026314661 ctdb-eventd: Simplify eventd code
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 24 15:49:46 CET 2017 on sn-devel-144
2017-11-24 15:49:46 +01:00
Amitay Isaacs
848f242598 ctdb-daemon: Allocate deferred calls off calling context
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152

This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-11-21 05:03:16 +01:00
Amitay Isaacs
2cb5fdac42 ctdb-daemon: Add code to process ctdb_req_tunnel packets
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:19 +02:00
Amitay Isaacs
9c51535775 ctdb-daemon: Add implementation of tunnel controls
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-10 11:45:18 +02:00
Amitay Isaacs
70d306373e ctdb-daemon: Send broadcast to connected nodes, not configured nodes
https://bugzilla.samba.org/show_bug.cgi?id=13056

Database recovery takes care of attaching missing databases on all the nodes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-10-05 05:19:21 +02:00
Volker Lendecke
e12ed08bd5 ctdb: Centralize ctdb_version_string
Whenever the current git hash changes, we recompile ctdb.c and
ctdb_daemon.c. As both have quite a few warnings with -Wall, this
makes it quite difficult to see the real warnings that pop up during
development. Centralize the ctdb_version_string to just a single file
without warnings.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-26 09:37:13 +02:00
Volker Lendecke
a919ded138 ctdbd: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-26 09:37:13 +02:00
Amitay Isaacs
e342f1f078 ctdb-daemon: Check all connections from a process in CHECK_PID_SRVID control
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-09-22 16:59:06 +02:00
Amitay Isaacs
02ae3d9fab ctdb-daemon: Add implementation of control CHECK_PID_SRVID
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-21 08:53:26 +02:00
Martin Schwenke
93668f5026 ctdb-protocol: Optionally print port for address printing functions
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-19 13:30:26 +02:00
Martin Schwenke
3783b66fb3 ctdb-build: Split protocol-util as a separate subsystem
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-19 13:30:26 +02:00
Martin Schwenke
b0244d46b5 Revert "ctdb-daemon: Don't explicitly stop monitoring during shutdown"
This reverts commit 19318d28354190a9cfafa1696e41c90351f85af9.

With this commit, a shutdown that occurs while the startup event is
running can cause an abort because the startup callback will try to
decrease the run state from SHUTDOWN to RUNNING.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-19 01:28:13 +02:00
Martin Schwenke
d0d805977f Revert "ctdb-daemon: Remove unused function ctdb_stop_monitoring()"
This reverts commit b119104267635d96b1f99a2e98d35438841585bf.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-19 01:28:13 +02:00
Martin Schwenke
b119104267 ctdb-daemon: Remove unused function ctdb_stop_monitoring()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:16 +02:00
Martin Schwenke
64225c63dd ctdb-daemon: Drop monitoring mode
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:16 +02:00
Martin Schwenke
b00e360515 ctdb-daemon: Drop implementation of monitor controls
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:16 +02:00
Martin Schwenke
74f29a48db ctdb-daemon: Mark monitoring controls obsolete
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Martin Schwenke
19318d2835 ctdb-daemon: Don't explicitly stop monitoring during shutdown
Monitoring is skipped when not in run state RUNNING, so remove the
dependency on the monitoring code.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Martin Schwenke
4656b0816a ctdb-daemon: Don't explicitly disable monitoring around recovery
Monitoring can fail during recovery due to databases (e.g. registry)
being unavailable.  This has been avoided by explicitly disabling
monitoring around recovery via the START_RECOVERY and END_RECOVERY
controls.  With this approach only there is still a window between
enabling recovery mode and START_RECOVERY when monitoring could be
attempted.  However, explicitly disabling monitoring is unnecessary
because monitoring is not done when a node is in recovery.

So remove the explicit disable/enable of monitoring and rely on
monitoring being skipped when recovery mode is active.

The only possible change of behaviour with this change is that there
is now a window between setting recovery mode to normal and the
END_RECOVERY control where monitoring is enabled.  However, at this
point databases would be available and the "recovered" event will
cancel any in-progress monitoring.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Martin Schwenke
173aa683d5 ctdb-daemon: Don't explicitly disable monitoring when stopping a node
Monitoring is now avoided for inactive nodes anyway.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Martin Schwenke
12cf6640e4 ctdb-daemon: Skip monitoring when not in RUNNING runstate
Monitoring does not need to be done in other states.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Martin Schwenke
873db694c9 ctdb-daemon: Skip monitoring when node is inactive
This is currently handled by explicitly disabling monitoring in
various places.  However, those places shouldn't need to know about
monitoring but it is OK for monitoring to know about global node
states.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-14 14:49:15 +02:00
Amitay Isaacs
77c17b03cf ctdb-daemon: Free up record data if a call request is deferred
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029

If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred.  In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around.  Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-14 14:49:15 +02:00
Martin Schwenke
bff8d410f9 ctdb-daemon: Don't release all IPs before "startup" event
This doesn't belong in the monitoring/startup code and it is already
done in the 10.interface "init" event.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-09-12 12:23:19 +02:00
Amitay Isaacs
6e588913dd ctdb-recoverd: Abort recovery/takeover if recmaster changes
Recovery and takeover are run via helper from recovery daemon.  While the
helpers are running, it's possible for the current node to lose election.
If that happens, abort the currently running recovery/takeover helper.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-12 12:23:19 +02:00
Amitay Isaacs
f57d379446 ctdb-daemon: GET_DB_SEQNUM should read database conditionally
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021

Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number.  Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.

If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.

Before reading the sequence number, check if the database access is
allowed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-12 12:23:18 +02:00
Amitay Isaacs
5d2f2677de ctdb-daemon: Add a function to check if db access is allowed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-12 12:23:18 +02:00
Amitay Isaacs
d0a20baf43 ctdb-daemon: Fix implementation of process_exists control
Only check processes that are CTDB clients.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-09 10:53:10 +02:00
Amitay Isaacs
164d65ace2 ctdb-protocol: Replace ctdb_event_header with sock_packet_header
This removes the static declaration and adds prototype declarations
of ctdb_event_header marshalling functions to avoid compiler warnings.
These functions will be removed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-09-01 08:52:07 +02:00
Amitay Isaacs
676df8770b ctdb-protocol: Fix marshalling for ctdb_rec_buffer
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-08-30 14:59:23 +02:00
Martin Schwenke
94cc5eaddc ctdb-common: Allow sock_daemon to daemonise during startup
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-29 11:14:09 +02:00
Amitay Isaacs
b67cc00c93 ctdb-common: Move PID file creation to sock_daemon_run_send()
Only create PID file when actually starting the daemon, rather than
when setting up the context.  This will facilitate future changes.

Tweak test to confirm that PID file is no longer created during setup.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-29 11:14:09 +02:00
Martin Schwenke
710f5d922d ctdb-daemon: Use become_daemon() instead of custom code
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-29 11:14:09 +02:00
Martin Schwenke
5f5762d654 ctdb-daemon: Narrow a #include
Only time.h is needed here, not all of samba_util.h.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-29 11:14:09 +02:00
Amitay Isaacs
1f7f112317 ctdb-client: Fix ctdb_attach() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Aug 25 13:32:58 CEST 2017 on sn-devel-144
2017-08-25 13:32:58 +02:00
Amitay Isaacs
9987fe7209 ctdb-client: Optionally return database id from ctdb_ctrl_createdb()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-08-25 09:41:26 +02:00
Amitay Isaacs
4bd0a20a75 ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12978

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-08-25 09:41:25 +02:00
Volker Lendecke
00f32962e8 ctdb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2017-08-25 00:15:20 +02:00
Martin Schwenke
16e6b56b41 ctdb-daemon: Fix a return value
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-17 15:50:37 +02:00
Martin Schwenke
776e9f56f1 ctdb-daemon: Fix default socket location
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-17 15:50:37 +02:00
Amitay Isaacs
df41818bef ctdb-daemon: Drop the implementation of CHECK_SRVIDS control
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Aug 14 13:00:16 CEST 2017 on sn-devel-144
2017-08-14 13:00:16 +02:00
Martin Schwenke
eb66ef2e3b ctdb-takeover: Do not call ctdb_announce_vnn_iface() for updateip
This causes any tracked connections for the IP address to be lost.

When doing a takeip, the server sends a tickle ACK to the client, the
client responds with a valid ACK and the server's TCP stack responds
with a reset because the connection does not exist.  However, in the
updateip, case the connection *does* exist, so the tickle *does not*
cause the connection to be reset.

ctdb_announce_vnn_iface() clears the list of tracked TCP connections
while sending the tickle ACKs.  So, if there are no reconnects as in
the takeip case, then the list of connections is simply lost.

The "updateip" event in the 10.interface event script already sends
gratuitous ARPs and tickles connections in both directions.  This
ensures that traffic continues after packets may have been dropped
when the script temporarily blocks traffic to the IP address.

All of this means that the call to ctdb_announce_vnn_iface() can just
be deleted.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2017-08-10 06:43:13 +02:00
Martin Schwenke
59ebb29e6a ctdb-common: Rename pidfile_create() -> pidfile_context_create()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
2017-08-02 03:39:11 +02:00
Amitay Isaacs
027689a2cf ctdb-daemon: Increase priority of logs when recovery happens
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-07-04 13:11:16 +02:00
Amitay Isaacs
f9e826a976 ctdb-daemon: Increase priority of logs when shutting down
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2017-07-04 13:11:16 +02:00