IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is an unconditional reconfiguration so skip the unnecessary
logic.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This avoids churn as event scripts are renamed and moved about.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The current 10 minute timeout is causing autobuild failures in some
environments.
This timeout is simply meant to stop a test run from hanging
indefinitely due to a broken test. A 1 hour timeout is better than no
timeout.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 8 04:42:56 CET 2018 on sn-devel-144
Make use of talloc pools for the sock_queue's memory requirements.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Jan 30 18:12:32 CET 2018 on sn-devel-144
The sock_queue_destructor is not needed.
The performed tasks will be performed automatically.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Prevent further processing of sock_queue_process
if the received packet size is zero.
Signed-off-by: Swen Schillig <swen@vnet.ibm.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This typo causes the script to be run with the default shell. If this
is not bash then the shell will fail to parse integration.bash.
This is a regression caused by commit
c607989d91. Clearly nobody has run this
test on Debian for a long time. :-(
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 24 10:28:52 CET 2018 on sn-devel-144
The run_tests.sh -S option now takes the path to the socker-wrapper
shared library.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This will cause a hung test to time out and fail rather than letting a
test run hang indefinitely. Some tests can take 5 minutes to run, so
10 minutes should be plenty.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This test fails when it takes more than 10s to run. This can occur
when the system is loaded and socket-wrapper is used.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Set SOCKET_CLOEXEC on the sockets returned by accept. This ensures that
the socket is unavailable to any child process created by system().
Making it harder for malicious code to set up a command channel,
as seen in the exploit for CVE-2015-0240
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188
If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler. So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154
STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up. Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event. Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.
Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.
To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event. By this time all the running nodes in the cluster
are connected.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 24 15:49:46 CET 2017 on sn-devel-144
Looks like the if a process holding fcntl lock (on pid file) is killed,
then the lock is not released till the process is reaped using either
wait() or waitpid().
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Nov 21 08:58:45 CET 2017 on sn-devel-144
This avoids defining sock_daemon functions that are not needed in the test.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Fix tests to use wait_send() instead of startup() as a synchronization
point to ensure that the socket is listening.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152
This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Move the mkdir_p function to lib/util so it can be used elsewhere
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
CID 1420632: Resource leaks (RESOURCE LEAK)
CID 1420631: Security best practices violations (TOCTOU)
CID 1417432: Resource leaks (RESOURCE LEAK)
CID 1417429: Security best practices violations (TOCTOU)
CID 1417427: Resource leaks (RESOURCE LEAK)
These are all in test code and constrained to the test environment, so
can't result in privilege escape. No backport necessary. However, we
might as well get them off the list.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Nov 8 11:28:40 CET 2017 on sn-devel-144
Sockets need to be created from sock_daemon_run_send(). This means
that stale socket removal can depend on the PID file context being
initialised.
Also fix associated test.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This is an optimisation that can cause incorrect results. If ctdbd
was killed and there is a stale PID file then this will often cause
"CTDB exited during initialisation". The wrapper reads the old PID
from the PID file, finds the PID gone, complains and exits.
It is better to drop this code and finally get this right. If ctdbd
does exit early then it will take CTDB_STARTUP_TIMEOUT (default 10)
seconds before the wrapper fails. That's not too bad...
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Otherwise the client registration can race with the check in the test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13097
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Oct 26 13:32:24 CEST 2017 on sn-devel-144
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Oct 23 19:45:08 CEST 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Oct 18 10:19:48 CEST 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
This avoids running event script copies left by a package manager.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This can't fail but check it for completeness... just in case Coverity
decides to notice it.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Oct 16 09:27:17 CEST 2017 on sn-devel-144
Check for the expected result instead of just any failure.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
This causes failures to be folded down to 1, which is incorrect.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 10 15:50:04 CEST 2017 on sn-devel-144
This allows to tunnel new protocols using ctdb transport.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
parse_ip() has interface checking for IPv6 that is still used
indirectly by the IP takeover code via parse_ip_mask(). This will be
removed eventually.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Oct 5 09:19:31 CEST 2017 on sn-devel-144
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13056
The only time a ctdb_queue is created without valid fd is when CTDB
is trying to establish connections with other nodes in the cluster.
All the other uses always create a ctdb_queue with valid fd.
This avoids queueing up packets for dead nodes or nodes that are not
running in the cluster and stops consuming memory.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
https://bugzilla.samba.org/show_bug.cgi?id=13056
Database recovery takes care of attaching missing databases on all the nodes.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Whenever the current git hash changes, we recompile ctdb.c and
ctdb_daemon.c. As both have quite a few warnings with -Wall, this
makes it quite difficult to see the real warnings that pop up during
development. Centralize the ctdb_version_string to just a single file
without warnings.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13042
This is required for CHECK_PID_SRVID control implementation.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This avoids other potential users from unnecessarily setting up file
descriptors and such.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This replaces ctdb_killtcp(), which did the initialisation inside a
loop. The new logic is inverted, making it more natural.
The variable containing all the state is called "state" in
anticipation of the next commit that will convert this to a tevent_req
computation. This will mean less churn.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
One less use of trbt_tree_t. The code is easier to read and is
significantly smaller.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This and the supporting functions duplicate functionality (parse_ip()
and parse_ip_port()) from common/system_util.c. The old functions
will be removed at a later time.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
The current code is ambiguous in its use of src and dst. This allows
new code to use server and client for clarity.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
This reverts commit 19318d2835.
With this commit, a shutdown that occurs while the startup event is
running can cause an abort because the startup callback will try to
decrease the run state from SHUTDOWN to RUNNING.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Some of these are only in a comment but git grep finds them.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Monitoring is skipped when not in run state RUNNING, so remove the
dependency on the monitoring code.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Monitoring can fail during recovery due to databases (e.g. registry)
being unavailable. This has been avoided by explicitly disabling
monitoring around recovery via the START_RECOVERY and END_RECOVERY
controls. With this approach only there is still a window between
enabling recovery mode and START_RECOVERY when monitoring could be
attempted. However, explicitly disabling monitoring is unnecessary
because monitoring is not done when a node is in recovery.
So remove the explicit disable/enable of monitoring and rely on
monitoring being skipped when recovery mode is active.
The only possible change of behaviour with this change is that there
is now a window between setting recovery mode to normal and the
END_RECOVERY control where monitoring is enabled. However, at this
point databases would be available and the "recovered" event will
cancel any in-progress monitoring.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This is currently handled by explicitly disabling monitoring in
various places. However, those places shouldn't need to know about
monitoring but it is OK for monitoring to know about global node
states.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
ctdb_ltdb_fetch() only fills in relevant portion of ctdb_ltdb_header
if the record does not exist. This can result in uninitialized writes
to ctdb_rec_buffer.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029
If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred. In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around. Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
These test that ctdb_check_unix_socket() is working.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Sep 12 16:14:12 CEST 2017 on sn-devel-144
Generalise command-line parsing, taking hints from old netstat stub,
and use FAKE_NETSTAT_UNIX_LISTEN to specify listening Unix domain
sockets.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
This doesn't belong in the monitoring/startup code and it is already
done in the 10.interface "init" event.
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Recovery and takeover are run via helper from recovery daemon. While the
helpers are running, it's possible for the current node to lose election.
If that happens, abort the currently running recovery/takeover helper.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021
Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number. Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.
If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.
Before reading the sequence number, check if the database access is
allowed.
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>