Skip Menu |
 

From: "Richard Basch" <basch@MIT.EDU>
To: <krb5-bugs@MIT.EDU>
Subject: 1.10.5 & 1.10.6 kpropd patch
Date: Sat, 6 Jul 2013 00:39:02 -0400
Download (untitled) / with headers
text/plain 1.2KiB
The fix ported back from 1.11 to 1.10 to resolve the potential issue where a
failed full resync might result in a database still reporting it is current
was incorrect. Attached is a patch which ensures if a full resync fails
that the resulting database is not considered "current".

I have seen the condition if kpropd logs an error similar to "kpropd: Full
resync, invalid return."


Show quoted text
-----Original Message-----
From: Richard Basch [mailto:probe@mail.bright-prospects.com]
Sent: Saturday, July 06, 2013 12:33 AM
To: basch@mit.edu; richard.basch@gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig 2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c 2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
break;
}

+ if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+ /* Re-init ulog so we don't accidentally think we are current */
+ if (log_ctx && log_ctx->iproprole) {
+ log_ctx->ulog->kdb_last_sno = 0;
+ log_ctx->ulog->kdb_last_time.seconds = 0;
+ log_ctx->ulog->kdb_last_time.useconds = 0;
+
+ log_ctx->ulog->kdb_first_sno = 0;
+ log_ctx->ulog->kdb_first_time.seconds = 0;
+ log_ctx->ulog->kdb_first_time.useconds = 0;
+ }
+ }
+
if (runonce == 1)
goto done;

From: "Richard Basch" <basch@MIT.EDU>
To: <krbdev@MIT.EDU>, <krb5-bugs@MIT.EDU>
Subject: 1.10.5 & 1.10.6 kpropd patch
Date: Sat, 6 Jul 2013 08:34:53 -0400
Download (untitled) / with headers
text/plain 1.3KiB
The fix ported back from 1.11.2 to 1.10.5 to resolve the potential issue
where a failed full resync might result in a database still reporting it is
current is flawed. Attached is a patch which ensures if a full resync fails
the resulting database is not considered "current".

I have seen this bad database condition if kpropd logs an error similar to
"kpropd: Full resync, invalid return."

Sorry... I don't have my krb5 1.10 tree in github... it's only 10 additional
lines of code + 3 other lines for readability (comments, whitespace).

Show quoted text
-----Original Message-----
From: Richard Basch [mailto:probe@mail.bright-prospects.com]
Sent: Saturday, July 06, 2013 12:33 AM
To: basch@mit.edu; richard.basch@gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig 2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c 2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
break;
}

+ if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+ /* Re-init ulog so we don't accidentally think we are current */
+ if (log_ctx && log_ctx->iproprole) {
+ log_ctx->ulog->kdb_last_sno = 0;
+ log_ctx->ulog->kdb_last_time.seconds = 0;
+ log_ctx->ulog->kdb_last_time.useconds = 0;
+
+ log_ctx->ulog->kdb_first_sno = 0;
+ log_ctx->ulog->kdb_first_time.seconds = 0;
+ log_ctx->ulog->kdb_first_time.useconds = 0;
+ }
+ }
+
if (runonce == 1)
goto done;

Date: Sat, 06 Jul 2013 18:26:00 -0400
From: Richard Basch <basch@alum.mit.edu>
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch
To: rt@krbdev.mit.edu
CC: richard.basch@gs.com, 'Richard Basch' <basch@mit.edu>
RT-Send-Cc:
Download (untitled) / with headers
text/plain 2.2KiB
I added the patch to github:

https://github.com/rbasch/krb5/commit/cc4bf70b59d34ff76a329cdddc7ee03f9f5b55
d7


Show quoted text
-----Original Message-----
From: krb5 [mailto:rt@krbdev.mit.edu]
Sent: Saturday, July 06, 2013 4:30 PM
To: basch@mit.edu
Subject: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch


Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"1.10.5 & 1.10.6 kpropd patch",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [krbdev.mit.edu #7677].

Please include the string:

[krbdev.mit.edu #7677]

in the subject line of all future correspondence about this issue. To do so,

you may reply to this message.

Thank you,


-------------------------------------------------------------------------
The fix ported back from 1.11.2 to 1.10.5 to resolve the potential issue
where a failed full resync might result in a database still reporting it is
current is flawed. Attached is a patch which ensures if a full resync fails
the resulting database is not considered "current".

I have seen this bad database condition if kpropd logs an error similar to
"kpropd: Full resync, invalid return."

Sorry... I don't have my krb5 1.10 tree in github... it's only 10 additional
lines of code + 3 other lines for readability (comments, whitespace).

-----Original Message-----
From: Richard Basch [mailto:probe@mail.bright-prospects.com]
Sent: Saturday, July 06, 2013 12:33 AM
To: basch@mit.edu; richard.basch@gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig 2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c 2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
break;
}

+ if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+ /* Re-init ulog so we don't accidentally think we are current */
+ if (log_ctx && log_ctx->iproprole) {
+ log_ctx->ulog->kdb_last_sno = 0;
+ log_ctx->ulog->kdb_last_time.seconds = 0;
+ log_ctx->ulog->kdb_last_time.useconds = 0;
+
+ log_ctx->ulog->kdb_first_sno = 0;
+ log_ctx->ulog->kdb_first_time.seconds = 0;
+ log_ctx->ulog->kdb_first_time.useconds = 0;
+ }
+ }
+
if (runonce == 1)
goto done;

Date: Sat, 06 Jul 2013 18:42:50 -0400
From: Richard Basch <basch@alum.mit.edu>
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch
To: 'Richard Basch' <basch@alum.mit.edu>, rt@krbdev.mit.edu
CC: richard.basch@gs.com, 'Richard Basch' <basch@mit.edu>
RT-Send-Cc:
Download (untitled) / with headers
text/plain 2.7KiB
Correction the entry can be retrieved from:

https://github.com/rbasch/krb5/commit/638b2e299157b1c2e637cb992bc07cf9f55985
94

(I fixed the log message in the commit.)

Show quoted text
-----Original Message-----
From: Richard Basch [mailto:basch@alum.mit.edu]
Sent: Saturday, July 06, 2013 6:26 PM
To: 'rt@krbdev.mit.edu'
Cc: 'richard.basch@gs.com'; 'Richard Basch'
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch

I added the patch to github:

https://github.com/rbasch/krb5/commit/cc4bf70b59d34ff76a329cdddc7ee03f9f5b55
d7


-----Original Message-----
From: krb5 [mailto:rt@krbdev.mit.edu]
Sent: Saturday, July 06, 2013 4:30 PM
To: basch@mit.edu
Subject: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch


Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"1.10.5 & 1.10.6 kpropd patch",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [krbdev.mit.edu #7677].

Please include the string:

[krbdev.mit.edu #7677]

in the subject line of all future correspondence about this issue. To do so,

you may reply to this message.

Thank you,


-------------------------------------------------------------------------
The fix ported back from 1.11.2 to 1.10.5 to resolve the potential issue
where a failed full resync might result in a database still reporting it is
current is flawed. Attached is a patch which ensures if a full resync fails
the resulting database is not considered "current".

I have seen this bad database condition if kpropd logs an error similar to
"kpropd: Full resync, invalid return."

Sorry... I don't have my krb5 1.10 tree in github... it's only 10 additional
lines of code + 3 other lines for readability (comments, whitespace).

-----Original Message-----
From: Richard Basch [mailto:probe@mail.bright-prospects.com]
Sent: Saturday, July 06, 2013 12:33 AM
To: basch@mit.edu; richard.basch@gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig 2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c 2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
break;
}

+ if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+ /* Re-init ulog so we don't accidentally think we are current */
+ if (log_ctx && log_ctx->iproprole) {
+ log_ctx->ulog->kdb_last_sno = 0;
+ log_ctx->ulog->kdb_last_time.seconds = 0;
+ log_ctx->ulog->kdb_last_time.useconds = 0;
+
+ log_ctx->ulog->kdb_first_sno = 0;
+ log_ctx->ulog->kdb_first_time.seconds = 0;
+ log_ctx->ulog->kdb_first_time.useconds = 0;
+ }
+ }
+
if (runonce == 1)
goto done;

Date: Tue, 16 Jul 2013 23:29:41 -0400
From: Richard Basch <basch@alum.mit.edu>
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch
To: rt-comment@krbdev.mit.edu, "''AdminCc of krbdev.mit.edu Ticket #7677':'"@mta6.srv.hcvlny.cv.net
RT-Send-Cc:
Download (untitled) / with headers
text/plain 4.1KiB
FYI - I don't know if the problem also exists in 1.11; the 1.11 code path
for kpropd changed significantly and I have not performed similar levels of
testing as I had with 1.10. Even with 1.10, I could not reproduce the
problem 100% reliably, but I did observe the problem multiple times in my QA
environment (only twice in production), and eventually I was able to
correlate the error condition with the log messages (with near 100%
correlation accuracy).

The closest I ever came to replicating this in a QA environment entailed
performing a database dump on the slave at the same time as the ulog was
reinitialized on the master in order to force a full resync (as you may
recall, I sent another patch to reinitialize the log if a password policy
change occurs, though in this case, I was generally reloading a baseline
copy of a database at a fixed time, but the net effect is the same). The net
result was the serial number was updated but when I examined the database,
not all the data elements were consistent between the master and the slave.

Show quoted text
-----Original Message-----
From: krb5-bugs-bounces@MIT.EDU [mailto:krb5-bugs-bounces@MIT.EDU] On Behalf
Of Richard Basch via RT
Sent: Saturday, July 06, 2013 6:43 PM
To: 'AdminCc of krbdev.mit.edu Ticket #7677':
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch

Correction the entry can be retrieved from:

https://github.com/rbasch/krb5/commit/638b2e299157b1c2e637cb992bc07cf9f55985
94

(I fixed the log message in the commit.)

-----Original Message-----
From: Richard Basch [mailto:basch@alum.mit.edu]
Sent: Saturday, July 06, 2013 6:26 PM
To: 'rt@krbdev.mit.edu'
Cc: 'richard.basch@gs.com'; 'Richard Basch'
Subject: RE: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch

I added the patch to github:

https://github.com/rbasch/krb5/commit/cc4bf70b59d34ff76a329cdddc7ee03f9f5b55
d7


-----Original Message-----
From: krb5 [mailto:rt@krbdev.mit.edu]
Sent: Saturday, July 06, 2013 4:30 PM
To: basch@mit.edu
Subject: [krbdev.mit.edu #7677] AutoReply: 1.10.5 & 1.10.6 kpropd patch


Greetings,

This message has been automatically generated in response to the
creation of a trouble ticket regarding:
"1.10.5 & 1.10.6 kpropd patch",
a summary of which appears below.

There is no need to reply to this message right now. Your ticket has been
assigned an ID of [krbdev.mit.edu #7677].

Please include the string:

[krbdev.mit.edu #7677]

in the subject line of all future correspondence about this issue. To do so,

you may reply to this message.

Thank you,


-------------------------------------------------------------------------
The fix ported back from 1.11.2 to 1.10.5 to resolve the potential issue
where a failed full resync might result in a database still reporting it is
current is flawed. Attached is a patch which ensures if a full resync fails
the resulting database is not considered "current".

I have seen this bad database condition if kpropd logs an error similar to
"kpropd: Full resync, invalid return."

Sorry... I don't have my krb5 1.10 tree in github... it's only 10 additional
lines of code + 3 other lines for readability (comments, whitespace).

-----Original Message-----
From: Richard Basch [mailto:probe@mail.bright-prospects.com]
Sent: Saturday, July 06, 2013 12:33 AM
To: basch@mit.edu; richard.basch@gs.com
Subject: kpropd patch

--- src/slave/kpropd.c.orig 2013-04-17 20:40:18.000000000 -0400
+++ src/slave/kpropd.c 2013-07-06 00:27:45.135069434 -0400
@@ -931,6 +931,19 @@
break;
}

+ if (incr_ret->ret == UPDATE_FULL_RESYNC_NEEDED && frdone == 0) {
+ /* Re-init ulog so we don't accidentally think we are current */
+ if (log_ctx && log_ctx->iproprole) {
+ log_ctx->ulog->kdb_last_sno = 0;
+ log_ctx->ulog->kdb_last_time.seconds = 0;
+ log_ctx->ulog->kdb_last_time.useconds = 0;
+
+ log_ctx->ulog->kdb_first_sno = 0;
+ log_ctx->ulog->kdb_first_time.seconds = 0;
+ log_ctx->ulog->kdb_first_time.useconds = 0;
+ }
+ }
+
if (runonce == 1)
goto done;




_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs