Print this page
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
Reviewed by: Yuri Pankov <yuri.pankov@nexenta.com>
Revert "NEX-5801 Snapshots left over after failed backups"
This reverts commit f182fb95f09036db71fbfc6f0a6b90469b761f21.
NEX-5801 Snapshots left over after failed backups
Reviewed by: Rick Mesta <rick.mesta@nexenta.com>
Reviewed by: Evan Layton <evan.layton@nexenta.com>
Reviewed by: Sanjay Nadkarni <sanjay.nadkarni@nexenta.com>
NEX-2911 NDMP logging should use syslog and is too chatty
NEX-559 NDMP cannot backup/restore a file which spans multiple tapes
@@ -1,10 +1,9 @@
/*
* Copyright 2008 Sun Microsystems, Inc. All rights reserved.
* Use is subject to license terms.
*/
-
/*
* BSD 3 Clause License
*
* Copyright (c) 2007, The Storage Networking Industry Association.
*
@@ -36,15 +35,16 @@
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/* Copyright (c) 2007, The Storage Networking Industry Association. */
/* Copyright (c) 1996, 1997 PDC, Network Appliance. All Rights Reserved */
-/* Copyright 2014 Nexenta Systems, Inc. All rights reserved. */
+/* Copyright 2016 Nexenta Systems, Inc. All rights reserved. */
#include <sys/types.h>
#include <errno.h>
#include <pwd.h>
+#include <syslog.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <sys/queue.h>
#include <arpa/inet.h>
#include <md5.h>
@@ -164,12 +164,10 @@
* Must wait until after sending the reply since the reply
* must be sent using the same protocol version that was used
* to process the request.
*/
if (reply.error == NDMP_NO_ERR) {
- NDMP_LOG(LOG_DEBUG, "set ver to: %d",
- request->protocol_version);
ndmp_set_version(connection, request->protocol_version);
session->ns_protocol_version = request->protocol_version;
}
}
@@ -197,37 +195,32 @@
unsigned char md5_digest[16];
char *passwd, *dec_passwd;
char *uname;
request = (ndmp_connect_client_auth_request *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type:%s",
- request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
- (request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
- (request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" :
- "Invalid")));
reply.error = NDMP_NO_ERR;
switch (request->auth_data.auth_type) {
case NDMP_AUTH_NONE:
/*
* Allow no authorization for development.
* Comment the following for a non-secure production server.
*/
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR,
"Authorization type should be md5 or cleartext.");
reply.error = NDMP_ILLEGAL_ARGS_ERR;
ndmpd_audit_connect(connection, EINVAL);
break;
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR, "User name is not set at server.");
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
@@ -234,21 +227,21 @@
ADT_FAIL_PAM + PAM_AUTH_ERR);
return;
}
auth = &request->auth_data.ndmp_auth_data_u.auth_text;
if (strcmp(uname, auth->user) != 0) {
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmpd_audit_connect(connection,
ADT_FAIL_PAM + PAM_AUTH_ERR);
break;
}
passwd = ndmpd_get_prop(NDMP_CLEARTEXT_PASSWORD);
if (!passwd || !*passwd) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR,
"Cleartext password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
@@ -258,15 +251,13 @@
} else {
dec_passwd = ndmp_base64_decode(passwd);
}
if (!dec_passwd || !*dec_passwd ||
strcmp(auth->password, dec_passwd) != 0) {
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
- } else {
- NDMP_LOG(LOG_DEBUG, "Authorization granted.");
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
@@ -274,12 +265,12 @@
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR, "User name is not set at server.");
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
@@ -287,12 +278,12 @@
return;
}
md5 = &request->auth_data.ndmp_auth_data_u.auth_md5;
passwd = ndmpd_get_prop(NDMP_CRAM_MD5_PASSWORD);
if (!passwd || !*passwd) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR, "MD5 password is not set at server.");
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR, "MD5 password is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
@@ -304,20 +295,18 @@
session = ndmp_get_client_data(connection);
create_md5_digest(md5_digest, dec_passwd,
session->ns_challenge);
if (strcmp(uname, md5->user) != 0) {
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR,
"Authorization denied. Not a valid user.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
} else if (memcmp(md5_digest, md5->auth_digest,
sizeof (md5_digest)) != 0) {
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR,
"Authorization denied. Invalid password.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
- } else {
- NDMP_LOG(LOG_DEBUG, "Authorization granted");
}
ndmpd_audit_connect(connection, reply.error ?
ADT_FAIL_PAM + PAM_AUTH_ERR : 0);
free(dec_passwd);
@@ -355,16 +344,10 @@
ndmp_connect_server_auth_request *request;
ndmp_connect_server_auth_reply reply;
request = (ndmp_connect_server_auth_request *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type:%s",
- request->client_attr.auth_type == NDMP_AUTH_NONE ? "None" :
- (request->client_attr.auth_type == NDMP_AUTH_TEXT ? "Text" :
- (request->client_attr.auth_type == NDMP_AUTH_MD5 ? "MD5" :
- "Invalid")));
-
reply.error = NDMP_NO_ERR;
reply.auth_result.auth_type = request->client_attr.auth_type;
switch (request->client_attr.auth_type) {
case NDMP_AUTH_NONE:
break;
@@ -441,14 +424,10 @@
struct in_addr addr;
char *uname;
char *type;
request = (ndmp_connect_client_auth_request_v3 *)body;
- NDMP_LOG(LOG_DEBUG, "auth_type %s",
- request->auth_data.auth_type == NDMP_AUTH_NONE ? "None" :
- request->auth_data.auth_type == NDMP_AUTH_TEXT ? "Text" :
- request->auth_data.auth_type == NDMP_AUTH_MD5 ? "MD5" : "Invalid");
reply.error = NDMP_NO_ERR;
switch (request->auth_data.auth_type) {
case NDMP_AUTH_NONE:
@@ -459,12 +438,12 @@
case NDMP_AUTH_TEXT:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CLEARTEXT_USERNAME)) == NULL ||
*uname == 0) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR, "User name is not set at server.");
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
@@ -481,12 +460,12 @@
case NDMP_AUTH_MD5:
/* Check authorization. */
if ((uname = ndmpd_get_prop(NDMP_CRAM_MD5_USERNAME)) == NULL ||
*uname == 0) {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- NDMP_LOG(LOG_ERR, "User name is not set at server.");
+ syslog(LOG_ERR, "Authorization denied.");
+ syslog(LOG_ERR, "User name is not set at server.");
reply.error = NDMP_NOT_AUTHORIZED_ERR;
ndmp_set_authorized(connection, FALSE);
ndmp_send_reply(connection, (void *) &reply,
"sending ndmp_connect_client_auth reply");
ndmpd_audit_connect(connection,
@@ -512,11 +491,11 @@
ndmp_set_authorized(connection, TRUE);
} else {
ndmp_set_authorized(connection, FALSE);
if (tcp_get_peer(connection->conn_sock, &addr.s_addr,
NULL) != -1) {
- NDMP_LOG(LOG_ERR,
+ syslog(LOG_ERR,
"Authorization(%s) denied for %s.", type,
inet_ntoa(IN_ADDR(addr)));
}
}
@@ -549,21 +528,18 @@
if (!(session = (ndmpd_session_t *)ndmp_get_client_data(connection)))
return;
if ((nlp = ndmp_get_nlp(session)) == NULL)
return;
- NDMP_LOG(LOG_DEBUG, "ver: %u",
- session->ns_protocol_version);
-
/* Send the SHUTDOWN message before closing the connection. */
req.reason = NDMP_SHUTDOWN;
req.protocol_version = session->ns_protocol_version;
req.text_reason = "Connection closed by server.";
if (ndmp_send_request(connection, NDMP_NOTIFY_CONNECTION_STATUS,
NDMP_NO_ERR, (void *) &req, 0) < 0) {
- NDMP_LOG(LOG_NOTICE, "Sending connection shutdown notify");
+ syslog(LOG_NOTICE, "Sending connection shutdown notify");
return;
}
(void) mutex_lock(&nlp->nlp_mtx);
ndmp_close(connection);
@@ -647,13 +623,10 @@
static struct conn_list *
ndmp_connect_list_find(ndmp_connection_t *connection)
{
struct conn_list *clp;
- NDMP_LOG(LOG_DEBUG, "connection: 0x%p",
- connection);
-
LIST_FOREACH(clp, &cl_head, cl_q) {
if (clp->cl_conn == connection) {
(void) mutex_unlock(&cl_mutex);
return (clp);
}
@@ -678,11 +651,11 @@
ndmp_connect_list_add(ndmp_connection_t *connection, int *id)
{
struct conn_list *clp;
if (connection == NULL) {
- NDMP_LOG(LOG_DEBUG, "Invalid argument");
+ syslog(LOG_ERR, "ndmp_connect_list_add: Invalid argument");
return (-1);
}
if ((clp = ndmp_malloc(sizeof (struct conn_list))) == NULL)
return (-1);
@@ -716,11 +689,11 @@
struct conn_list *clp;
(void) mutex_lock(&cl_mutex);
if (!(clp = ndmp_connect_list_find(connection))) {
(void) mutex_unlock(&cl_mutex);
- NDMP_LOG(LOG_DEBUG, "connection not found");
+ syslog(LOG_ERR, "ndmp_connect_list_del: connection not found");
return (-1);
}
LIST_REMOVE(clp, cl_q);
(void) mutex_unlock(&cl_mutex);
@@ -745,12 +718,10 @@
static struct conn_list *
ndmp_connect_list_find_id(int id)
{
struct conn_list *clp;
- NDMP_LOG(LOG_DEBUG, "id: %d", id);
-
(void) mutex_lock(&cl_mutex);
LIST_FOREACH(clp, &cl_head, cl_q) {
if (clp->cl_id == id) {
(void) mutex_unlock(&cl_mutex);
return (clp);
@@ -1023,11 +994,11 @@
case NDMPV4:
ndmp_connect_get_conn(clp, enc_ctx);
ndmp_connect_get_v3(clp->cl_conn, enc_ctx);
break;
default:
- NDMP_LOG(LOG_DEBUG,
+ syslog(LOG_ERR,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
}
@@ -1058,11 +1029,11 @@
case NDMPV3:
case NDMPV4:
ndmpd_connect_close_v3(connection, (void *)NULL);
break;
default:
- NDMP_LOG(LOG_DEBUG,
+ syslog(LOG_ERR,
"Invalid session (0x%p) version 0x%x", session,
session->ns_protocol_version);
}
return (0);
@@ -1123,11 +1094,11 @@
sasd_drive_t *sd;
scsi_link_t *slink;
if ((n = sasd_dev_count()) == 0) {
ndmp_door_put_int32(enc_ctx, n);
- NDMP_LOG(LOG_DEBUG, "No device attached.");
+ syslog(LOG_DEBUG, "No device attached.");
return;
}
ndmp_door_put_int32(enc_ctx, n);
for (i = 0; i < n; i++) {
@@ -1182,14 +1153,12 @@
free(dec_passwd);
}
}
- if (rv == NDMP_NO_ERR) {
- NDMP_LOG(LOG_DEBUG, "Authorization granted.");
- } else {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
+ if (rv != NDMP_NO_ERR) {
+ syslog(LOG_ERR, "Authorization denied.");
}
return (rv);
}
@@ -1242,13 +1211,7 @@
}
free(dec_passwd);
}
}
- if (rv == NDMP_NO_ERR) {
- NDMP_LOG(LOG_DEBUG, "Authorization granted.");
- } else {
- NDMP_LOG(LOG_ERR, "Authorization denied.");
- }
-
return (rv);
}