Print this page
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Revert "NEX-5801 Snapshots left over after failed backups"
This reverts commit f182fb95f09036db71fbfc6f0a6b90469b761f21.
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-2911 NDMP logging should use syslog and is too chatty
NEX-559 NDMP cannot backup/restore a file which spans multiple tapes
*** 1,10 ****
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-
/*
* BSD 3 Clause License
*
* Copyright (c) 2007, The Storage Networking Industry Association.
*
--- 1,9 ----
*** 36,50 ****
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Copyright (c) 2007, The Storage Networking Industry Association. */
/* Copyright (c) 1996, 1997 PDC, Network Appliance. All Rights Reserved */
! /* Copyright 2014 Nexenta Systems, Inc. All rights reserved. */
#include <sys/types.h>
#include <errno.h>
#include <pwd.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/queue.h>
#include <arpa/inet.h>
#include <md5.h>
--- 35,50 ----
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Copyright (c) 2007, The Storage Networking Industry Association. */
/* Copyright (c) 1996, 1997 PDC, Network Appliance. All Rights Reserved */
! /* Copyright 2016 Nexenta Systems, Inc. All rights reserved. */
#include <sys/types.h>
#include <errno.h>
#include <pwd.h>
+ #include <syslog.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/queue.h>
#include <arpa/inet.h>
#include <md5.h>
*** 164,175 ****
* Must wait until after sending the reply since the reply
* must be sent using the same protocol version that was used
* to process the request.
*/
if (reply.error == NDMP_NO_ERR) {
- NDMP_LOG(LOG_DEBUG, "set ver to: %d",
- request->protocol_version);
ndmp_set_version(connection, request->protocol_version);
session->ns_protocol_version = request->protocol_version;
}
}
--- 164,173 ----
*** 197,233 ****
unsigned char md5_digest[16];
char *passwd, *dec_passwd;
char *uname;
request = (ndmp_connect_client_auth_request *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type:%s",
- request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
- (request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
- (request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" :
- "Invalid")));
reply.error = NDMP_NO_ERR;
switch (request->auth_data.auth_type) {
case NDMP_AUTH_NONE:
/*
* Allow no authorization for development.
* Comment the following for a non-secure production server.
*/
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR,
"Authorization type should be md5 or cleartext.");
reply.error = NDMP_ILLEGAL_ARGS_ERR;
ndmpd_audit_connect(connection, EINVAL);
break;
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
--- 195,226 ----
unsigned char md5_digest[16];
char *passwd, *dec_passwd;
char *uname;
request = (ndmp_connect_client_auth_request *)body;
reply.error = NDMP_NO_ERR;
switch (request->auth_data.auth_type) {
case NDMP_AUTH_NONE:
/*
* Allow no authorization for development.
* Comment the following for a non-secure production server.
*/
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR,
"Authorization type should be md5 or cleartext.");
reply.error = NDMP_ILLEGAL_ARGS_ERR;
ndmpd_audit_connect(connection, EINVAL);
break;
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
*** 234,254 ****
ADT_FAIL_PAM + PAM_AUTH_ERR);
return;
}
auth = &request->auth_data.ndmp_auth_data_u.auth_text;
if (strcmp(uname, auth->user) != 0) {
! NDMP_LOG(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmpd_audit_connect(connection,
ADT_FAIL_PAM + PAM_AUTH_ERR);
break;
}
passwd = ndmpd_get_prop(NDMP_CLEARTEXT_PASSWORD);
if (!passwd || !*passwd) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR,
"Cleartext password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
--- 227,247 ----
ADT_FAIL_PAM + PAM_AUTH_ERR);
return;
}
auth = &request->auth_data.ndmp_auth_data_u.auth_text;
if (strcmp(uname, auth->user) != 0) {
! syslog(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmpd_audit_connect(connection,
ADT_FAIL_PAM + PAM_AUTH_ERR);
break;
}
passwd = ndmpd_get_prop(NDMP_CLEARTEXT_PASSWORD);
if (!passwd || !*passwd) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR,
"Cleartext password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
*** 258,272 ****
} else {
dec_passwd = ndmp_base64_decode(passwd);
}
if (!dec_passwd || !*dec_passwd ||
strcmp(auth->password, dec_passwd) != 0) {
! NDMP_LOG(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
- } else {
- NDMP_LOG(LOG_DEBUG, "Authorization granted.");
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
--- 251,263 ----
} else {
dec_passwd = ndmp_base64_decode(passwd);
}
if (!dec_passwd || !*dec_passwd ||
strcmp(auth->password, dec_passwd) != 0) {
! syslog(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
*** 274,285 ****
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
--- 265,276 ----
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
*** 287,298 ****
return;
}
md5 = &request->auth_data.ndmp_auth_data_u.auth_md5;
passwd = ndmpd_get_prop(NDMP_CRAM_MD5_PASSWORD);
if (!passwd || !*passwd) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR, "MD5 password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
--- 278,289 ----
return;
}
md5 = &request->auth_data.ndmp_auth_data_u.auth_md5;
passwd = ndmpd_get_prop(NDMP_CRAM_MD5_PASSWORD);
if (!passwd || !*passwd) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR, "MD5 password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
*** 304,323 ****
session = ndmp_get_client_data(connection);
create_md5_digest(md5_digest, dec_passwd,
session->ns_challenge);
if (strcmp(uname, md5->user) != 0) {
! NDMP_LOG(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
} else if (memcmp(md5_digest, md5->auth_digest,
sizeof (md5_digest)) != 0) {
! NDMP_LOG(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
- } else {
- NDMP_LOG(LOG_DEBUG, "Authorization granted");
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
--- 295,312 ----
session = ndmp_get_client_data(connection);
create_md5_digest(md5_digest, dec_passwd,
session->ns_challenge);
if (strcmp(uname, md5->user) != 0) {
! syslog(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
} else if (memcmp(md5_digest, md5->auth_digest,
sizeof (md5_digest)) != 0) {
! syslog(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
*** 355,370 ****
ndmp_connect_server_auth_request *request;
ndmp_connect_server_auth_reply reply;
request = (ndmp_connect_server_auth_request *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type:%s",
- request->client_attr.auth_type == NDMP_AUTH_NONE ? "None" :
- (request->client_attr.auth_type == NDMP_AUTH_TEXT ? "Text" :
- (request->client_attr.auth_type == NDMP_AUTH_MD5 ? "MD5" :
- "Invalid")));
-
reply.error = NDMP_NO_ERR;
reply.auth_result.auth_type = request->client_attr.auth_type;
switch (request->client_attr.auth_type) {
case NDMP_AUTH_NONE:
break;
--- 344,353 ----
*** 441,454 ****
struct in_addr addr;
char *uname;
char *type;
request = (ndmp_connect_client_auth_request_v3 *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type %s",
- request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
- request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
- request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" : "Invalid");
reply.error = NDMP_NO_ERR;
switch (request->auth_data.auth_type) {
case NDMP_AUTH_NONE:
--- 424,433 ----
*** 459,470 ****
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
--- 438,449 ----
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
*** 481,492 ****
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
! NDMP_LOG(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
--- 460,471 ----
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
! syslog(LOG_ERR, "Authorization denied.");
! syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
*** 512,522 ****
ndmp_set_authorized(connection, TRUE);
} else {
ndmp_set_authorized(connection, FALSE);
if (tcp_get_peer(connection->conn_sock, &addr.s_addr,
NULL) != -1) {
! NDMP_LOG(LOG_ERR,
"Authorization(%s) denied for %s.", type,
inet_ntoa(IN_ADDR(addr)));
}
}
--- 491,501 ----
ndmp_set_authorized(connection, TRUE);
} else {
ndmp_set_authorized(connection, FALSE);
if (tcp_get_peer(connection->conn_sock, &addr.s_addr,
NULL) != -1) {
! syslog(LOG_ERR,
"Authorization(%s) denied for %s.", type,
inet_ntoa(IN_ADDR(addr)));
}
}
*** 549,569 ****
if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
return;
if ((nlp = ndmp_get_nlp(session)) == NULL)
return;
- NDMP_LOG(LOG_DEBUG, "ver: %u",
- session->ns_protocol_version);
-
/* Send the SHUTDOWN message before closing the connection. */
req.reason = NDMP_SHUTDOWN;
req.protocol_version = session->ns_protocol_version;
req.text_reason = "Connection closed by server.";
if (ndmp_send_request(connection, NDMP_NOTIFY_CONNECTION_STATUS,
NDMP_NO_ERR, (void *) &req, 0) < 0) {
! NDMP_LOG(LOG_NOTICE, "Sending connection shutdown notify");
return;
}
(void) mutex_lock(&nlp->nlp_mtx);
ndmp_close(connection);
--- 528,545 ----
if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
return;
if ((nlp = ndmp_get_nlp(session)) == NULL)
return;
/* Send the SHUTDOWN message before closing the connection. */
req.reason = NDMP_SHUTDOWN;
req.protocol_version = session->ns_protocol_version;
req.text_reason = "Connection closed by server.";
if (ndmp_send_request(connection, NDMP_NOTIFY_CONNECTION_STATUS,
NDMP_NO_ERR, (void *) &req, 0) < 0) {
! syslog(LOG_NOTICE, "Sending connection shutdown notify");
return;
}
(void) mutex_lock(&nlp->nlp_mtx);
ndmp_close(connection);
*** 647,659 ****
static struct conn_list *
ndmp_connect_list_find(ndmp_connection_t *connection)
{
struct conn_list *clp;
- NDMP_LOG(LOG_DEBUG, "connection: 0x%p",
- connection);
-
LIST_FOREACH(clp, &cl_head, cl_q) {
if (clp->cl_conn == connection) {
(void) mutex_unlock(&cl_mutex);
return (clp);
}
--- 623,632 ----
*** 678,688 ****
ndmp_connect_list_add(ndmp_connection_t *connection, int *id)
{
struct conn_list *clp;
if (connection == NULL) {
! NDMP_LOG(LOG_DEBUG, "Invalid argument");
return (-1);
}
if ((clp = ndmp_malloc(sizeof (struct conn_list))) == NULL)
return (-1);
--- 651,661 ----
ndmp_connect_list_add(ndmp_connection_t *connection, int *id)
{
struct conn_list *clp;
if (connection == NULL) {
! syslog(LOG_ERR, "ndmp_connect_list_add: Invalid argument");
return (-1);
}
if ((clp = ndmp_malloc(sizeof (struct conn_list))) == NULL)
return (-1);
*** 716,726 ****
struct conn_list *clp;
(void) mutex_lock(&cl_mutex);
if (!(clp = ndmp_connect_list_find(connection))) {
(void) mutex_unlock(&cl_mutex);
! NDMP_LOG(LOG_DEBUG, "connection not found");
return (-1);
}
LIST_REMOVE(clp, cl_q);
(void) mutex_unlock(&cl_mutex);
--- 689,699 ----
struct conn_list *clp;
(void) mutex_lock(&cl_mutex);
if (!(clp = ndmp_connect_list_find(connection))) {
(void) mutex_unlock(&cl_mutex);
! syslog(LOG_ERR, "ndmp_connect_list_del: connection not found");
return (-1);
}
LIST_REMOVE(clp, cl_q);
(void) mutex_unlock(&cl_mutex);
*** 745,756 ****
static struct conn_list *
ndmp_connect_list_find_id(int id)
{
struct conn_list *clp;
- NDMP_LOG(LOG_DEBUG, "id: %d", id);
-
(void) mutex_lock(&cl_mutex);
LIST_FOREACH(clp, &cl_head, cl_q) {
if (clp->cl_id == id) {
(void) mutex_unlock(&cl_mutex);
return (clp);
--- 718,727 ----
*** 1023,1033 ****
case NDMPV4:
ndmp_connect_get_conn(clp, enc_ctx);
ndmp_connect_get_v3(clp->cl_conn, enc_ctx);
break;
default:
! NDMP_LOG(LOG_DEBUG,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
}
--- 994,1004 ----
case NDMPV4:
ndmp_connect_get_conn(clp, enc_ctx);
ndmp_connect_get_v3(clp->cl_conn, enc_ctx);
break;
default:
! syslog(LOG_ERR,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
}
*** 1058,1068 ****
case NDMPV3:
case NDMPV4:
ndmpd_connect_close_v3(connection, (void *)NULL);
break;
default:
! NDMP_LOG(LOG_DEBUG,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
return (0);
--- 1029,1039 ----
case NDMPV3:
case NDMPV4:
ndmpd_connect_close_v3(connection, (void *)NULL);
break;
default:
! syslog(LOG_ERR,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
return (0);
*** 1123,1133 ****
sasd_drive_t *sd;
scsi_link_t *slink;
if ((n = sasd_dev_count()) == 0) {
ndmp_door_put_int32(enc_ctx, n);
! NDMP_LOG(LOG_DEBUG, "No device attached.");
return;
}
ndmp_door_put_int32(enc_ctx, n);
for (i = 0; i < n; i++) {
--- 1094,1104 ----
sasd_drive_t *sd;
scsi_link_t *slink;
if ((n = sasd_dev_count()) == 0) {
ndmp_door_put_int32(enc_ctx, n);
! syslog(LOG_DEBUG, "No device attached.");
return;
}
ndmp_door_put_int32(enc_ctx, n);
for (i = 0; i < n; i++) {
*** 1182,1195 ****
free(dec_passwd);
}
}
! if (rv == NDMP_NO_ERR) {
! NDMP_LOG(LOG_DEBUG, "Authorization granted.");
! } else {
! NDMP_LOG(LOG_ERR, "Authorization denied.");
}
return (rv);
}
--- 1153,1164 ----
free(dec_passwd);
}
}
! if (rv != NDMP_NO_ERR) {
! syslog(LOG_ERR, "Authorization denied.");
}
return (rv);
}
*** 1242,1254 ****
}
free(dec_passwd);
}
}
- if (rv == NDMP_NO_ERR) {
- NDMP_LOG(LOG_DEBUG, "Authorization granted.");
- } else {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- }
-
return (rv);
}
--- 1211,1217 ----