glusterfs.git/xlators/features/marker/utils/src, branch v3.3.2qa1 localtime and ctime are not MT-SAFE 2013-02-08T20:04:42+00:00 Kaleb S. KEITHLEY kkeithle@redhat.com 2012-06-22T15:25:32+00:00 988460a9f597a489f22d39cd259fdb17fe2e5de6 There are a number of nit-level issues throughout the source with the use of localtime and ctime. While they apparently aren't causing too many problems, apart from the one in bz 828058, they ought to be fixed. Among the "real" problems that are fixed in this patch: 1) general localtime and ctime not MT-SAFE. There's a non-zero chance that another thread calling localtime (or ctime) will over-write the static data about to be used in another thread 2) localtime(& <64-bit-type>) or ctime(& <64-bit-type>) generally not a problem on 64-bit or little-endian 32-bit. But even though we probably have zero users on big-ending 32-bit platforms, it's still incorrect. 3) multiple nested calls passed as params. Last one wins, i.e. over- writes result of prior calls. 4) Inconsistent error handling. Most of these calls are for logging, tracing, or dumping. I submit that if an error somehow occurs in the call to localtime or ctime, the log/trace/dump still should still occur. 5) Appliances should all have their clocks set to UTC, and all log entries, traces, and dumps should use GMT. 6) fix strtok(), change to strtok_r() Other things this patch fixes/changes (that aren't bugs per se): 1) Change "%Y-%m-%d %H:%M:%S" and similar to their equivalent shorthand, e.g. "%F %T" 2) change sizeof(timestr) to sizeof timestr. sizeof is an operator, not a function. You don't use i +(32), why use sizeof(<var>). (And yes, you do use parens with sizeof(<type>).) 3) change 'char timestr[256]' to 'char timestr[32]' where appropriate. Per-thread stack is limited. Time strings are never longer than ~20 characters, so why waste 220+ bytes on the stack? Things this patch doesn't fix: 1) hodgepodge of %Y-%m-%d %H:%M:%S versus %Y/%m/%d-%H%M%S and other variations. It's not clear to me whether this ever matters, not to mention 3rd party log filtering tools may already rely on a particular format. Still it would be nice to have a single manifest constant and have every call to localtime/strftime consistently use the same format. BUG: 832173 Change-Id: Iee9719db4576eacc6c75694d9107954d0912cba8 Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com> Reviewed-on: http://review.gluster.org/3613 Reviewed-by: Anand Avati <avati@redhat.com> Tested-by: Anand Avati <avati@redhat.com> 
There are a number of nit-level issues throughout the source with
the use of localtime and ctime. While they apparently aren't causing
too many problems, apart from the one in bz 828058, they ought to be
fixed. Among the "real" problems that are fixed in this patch:
1) general localtime and ctime not MT-SAFE. There's a non-zero chance
   that another thread calling localtime (or ctime) will over-write
   the static data about to be used in another thread
2) localtime(& <64-bit-type>) or ctime(& <64-bit-type>) generally
   not a problem on 64-bit or little-endian 32-bit. But even though
   we probably have zero users on big-ending 32-bit platforms, it's
   still incorrect.
3) multiple nested calls passed as params. Last one wins, i.e. over-
   writes result of prior calls.
4) Inconsistent error handling. Most of these calls are for logging,
   tracing, or dumping. I submit that if an error somehow occurs in
   the call to localtime or ctime, the log/trace/dump still should
   still occur.
5) Appliances should all have their clocks set to UTC, and all log
   entries, traces, and dumps should use GMT.
6) fix strtok(), change to strtok_r()

Other things this patch fixes/changes (that aren't bugs per se):
1) Change "%Y-%m-%d %H:%M:%S" and similar to their equivalent shorthand,
   e.g. "%F %T"
2) change sizeof(timestr) to sizeof timestr. sizeof is an operator,
   not a function. You don't use i +(32), why use sizeof(<var>).
   (And yes, you do use parens with sizeof(<type>).)
3) change 'char timestr[256]' to 'char timestr[32]' where appropriate.
   Per-thread stack is limited. Time strings are never longer than ~20
   characters, so why waste 220+ bytes on the stack?

Things this patch doesn't fix:
1) hodgepodge of %Y-%m-%d %H:%M:%S versus %Y/%m/%d-%H%M%S and other
   variations. It's not clear to me whether this ever matters, not to
   mention 3rd party log filtering tools may already rely on a
   particular format. Still it would be nice to have a single manifest
   constant and have every call to localtime/strftime consistently use
   the same format.

BUG: 832173

Change-Id: Iee9719db4576eacc6c75694d9107954d0912cba8
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: http://review.gluster.org/3613
Reviewed-by: Anand Avati <avati@redhat.com>
Tested-by: Anand Avati <avati@redhat.com>
NetBSD build fixes 2012-07-13T21:08:22+00:00 Emmanuel Dreyfus manu@netbsd.org 2012-07-06T14:53:35+00:00 74d7d2d53c539c822cf7b6da44a515f1e326c5bc This is a backport of Change-Id: Icd7290f1e340675d763665a0d0c5f95bc14e0c55 BUG: 764655 Change-Id: Iaca3dc30e61c0864af673b90d2a7fdea6a3143cc Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.com/3577 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
This is a backport of Change-Id: Icd7290f1e340675d763665a0d0c5f95bc14e0c55

BUG: 764655
Change-Id: Iaca3dc30e61c0864af673b90d2a7fdea6a3143cc
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.com/3577
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
NetBSD build fixes. 2012-07-05T18:28:31+00:00 Emmanuel Dreyfus manu@netbsd.org 2012-06-15T07:45:23+00:00 d98068a71b63330180281e09347c02d69213c2aa This is a backport of Change-Id: Ib8183d4b585465d05a7adf3a4ceae93ae1bded15 BUG: 764655 Change-Id: I552b87b72c234b3a11af6ffd4a03975879602363 Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org> Reviewed-on: http://review.gluster.com/3574 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
This is a backport of Change-Id: Ib8183d4b585465d05a7adf3a4ceae93ae1bded15

BUG: 764655
Change-Id: I552b87b72c234b3a11af6ffd4a03975879602363
Signed-off-by: Emmanuel Dreyfus <manu@netbsd.org>
Reviewed-on: http://review.gluster.com/3574
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
geo-rep / gsyncd.c: fix coverity fix 2012-05-22T18:22:48+00:00 Csaba Henk csaba@redhat.com 2012-05-16T10:10:47+00:00 258b0f9b2e73d560774d80bd4724155e550ea31b gsyncd wrapper was segfaulting as coverity fix freed up pointer at wrong place (after it was reused) Instead of the apporach of the original coverity fix that added elaborate control flow to hunt down potential leaks, here we move the code over to static allocations in place of (the not really necessary) dynamic ones. Change-Id: Ida3855ff4a4f4371b350d27f858f129ceed51785 BUG: 789278 Signed-off-by: Csaba Henk <csaba@redhat.com> Reviewed-on: http://review.gluster.com/3345 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> Reviewed-on: http://review.gluster.com/3405 
gsyncd wrapper was segfaulting as coverity fix freed
up pointer at wrong place (after it was reused)

Instead of the apporach of the original coverity fix
that added elaborate control flow to hunt down potential
leaks, here we move the code over to static allocations
in place of (the not really necessary) dynamic ones.

Change-Id: Ida3855ff4a4f4371b350d27f858f129ceed51785
BUG: 789278
Signed-off-by: Csaba Henk <csaba@redhat.com>
Reviewed-on: http://review.gluster.com/3345
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
Reviewed-on: http://review.gluster.com/3405
geo-replication: coverity resource leak fixes 2012-05-09T07:41:28+00:00 Amar Tumballi amarts@redhat.com 2012-05-03T11:09:55+00:00 17b0814243b4ccd56c0ce570b7f42d5e572e1e71 Change-Id: I5739e9c9ae6fe78a6defb640d630e5f918ac1295 Signed-off-by: Amar Tumballi <amarts@redhat.com> BUG: 789278 Reviewed-on: http://review.gluster.com/3266 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Anand Avati <avati@redhat.com> 
Change-Id: I5739e9c9ae6fe78a6defb640d630e5f918ac1295
Signed-off-by: Amar Tumballi <amarts@redhat.com>
BUG: 789278
Reviewed-on: http://review.gluster.com/3266
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Anand Avati <avati@redhat.com>
log to stderr if "-" is given as log-file 2011-11-20T15:36:02+00:00 Csaba Henk csaba@gluster.com 2011-10-05T09:47:14+00:00 e1de01c3fdde2497cc4a24491b75579624467456 This works around broken /dev/stderr on some systems. Change-Id: I017b03082ff630c4a713ae74990e88b3fa20d0e1 BUG: 3686 Reviewed-on: http://review.gluster.com/560 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
This works around broken /dev/stderr on some systems.

Change-Id: I017b03082ff630c4a713ae74990e88b3fa20d0e1
BUG: 3686
Reviewed-on: http://review.gluster.com/560
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
gsyncd: control rsync target 2011-09-22T12:23:54+00:00 Csaba Henk csaba@gluster.com 2011-09-13T11:12:38+00:00 7e04913aa6f4ddb45e95099ef648564bf90da0b3 - require/perform rsync invocation with unprotected args (so that target is revealed to gateway program) - make use of some procfs wizardry to find gsyncd sibling and match rsync target against its working directory Change-Id: Iae1e39b0e61f22563c0f2a2e0605567e0d1902df BUG: 2825 Reviewed-on: http://review.gluster.com/461 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
- require/perform rsync invocation with unprotected args
  (so that target is revealed to gateway program)
- make use of some procfs wizardry to find gsyncd sibling
  and match rsync target against its working directory

Change-Id: Iae1e39b0e61f22563c0f2a2e0605567e0d1902df
BUG: 2825
Reviewed-on: http://review.gluster.com/461
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
gsyncd: implement restricted mode and utility dispatch 2011-09-22T12:23:32+00:00 Csaba Henk csaba@gluster.com 2011-09-11T17:45:57+00:00 2ab00369e7ef99d287dad5301d2f334dcfd67a70 With this change, the suggested way of setting up a geo-sync slave is to use an ssh key with gsyncd as a forced command (see sshd(8)), or set gsyncd as shell. This prevents the master in executing arbitrary commands on slave (a major security hole). Detailed list the changes: - All gsyncd invocations that are not done by glusterd are considered unsafe and then we operate in so-called "restricted mode" (see below) - if we are invoked on purpose (ie. it's not the case that sshd forced us to run as frontend of a remote-invoked command), we execute gsyncd.py - if invoked by sshd as frontend command, we check the remote command line and call the required utility if it's among the allowed ones (rsyncd and gsyncd) - with rsync, we check if invocation is server mode and some other sanity measures - with gsyncd, in restricted mode we enforce the usage of the glusterd provided config file, and in python, we enforce operation in server mode and some other sanity checks Impact on using geo-rep the old way: remote file slave now also requires a running glusterd (to pick up config from). Missing: we not implemented check of the rsync target path. The issue of master being able to modify arbitrary locations is planned to be mitigated by using geo-rep with an unprivileged user. Change-Id: I9b5825bfe282a9ca777429aadd554d78708f1638 BUG: 2825 Reviewed-on: http://review.gluster.com/460 Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
With this change, the suggested way of setting up a geo-sync
slave is to use an ssh key with gsyncd as a forced command
(see sshd(8)), or set gsyncd as shell. This prevents the master
in executing arbitrary commands on slave (a major security hole).

Detailed list the changes:
- All gsyncd invocations that are not done by glusterd are
  considered unsafe and then we operate in so-called "restricted mode"
  (see below)
- if we are invoked on purpose (ie. it's not the case that sshd forced
  us to run as frontend of a remote-invoked command), we execute gsyncd.py
- if invoked by sshd as frontend command, we check the remote command
  line and call the required utility if it's among the allowed ones
  (rsyncd and gsyncd)
- with rsync, we check if invocation is server mode and some other
  sanity measures
- with gsyncd, in restricted mode we enforce the usage of the glusterd
  provided config file, and in python, we enforce operation in
  server mode and some other sanity checks

Impact on using geo-rep the old way: remote file slave now also
requires a running glusterd (to pick up config from).

Missing: we not implemented check of the rsync target path.
The issue of master being able to modify arbitrary locations
is planned to be mitigated by using geo-rep with an unprivileged
user.

Change-Id: I9b5825bfe282a9ca777429aadd554d78708f1638
BUG: 2825
Reviewed-on: http://review.gluster.com/460
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>
geo-rep: rewrite gsyncd wrapper in C 2011-09-22T12:22:59+00:00 Csaba Henk csaba@gluster.com 2011-09-02T17:03:33+00:00 1098aaa51d2e3dca9e6c48ee1e9cb43bc87936f4 This rewrite does not change functionality; it's purpose is to prepare followup modifications which will let all slave side helper programs being dispatched to through gsyncd. The string processing that's required for that task would be too much cumbersome in shell. Change-Id: Ia7858aba5efeb5dcff16a918ea1c02253f0e49ab BUG: 2825 Reviewed-on: http://review.gluster.com/459 Reviewed-by: Amar Tumballi <amar@gluster.com> Tested-by: Gluster Build System <jenkins@build.gluster.com> Reviewed-by: Vijay Bellur <vijay@gluster.com> 
This rewrite does not change functionality;
it's purpose is to prepare followup modifications which will let
all slave side helper programs being dispatched to through
gsyncd. The string processing that's required for that task would
be too much cumbersome in shell.

Change-Id: Ia7858aba5efeb5dcff16a918ea1c02253f0e49ab
BUG: 2825
Reviewed-on: http://review.gluster.com/459
Reviewed-by: Amar Tumballi <amar@gluster.com>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Reviewed-by: Vijay Bellur <vijay@gluster.com>