samba.git/lib/replace/wscript, branch talloc-2.3.4 Unnamed repository; edit this file 'description' to name the repository. lib/replace: Do not typedef int bool 2022-03-23T12:31:47+00:00 Andrew Bartlett abartlet@samba.org 2022-03-22T03:12:00+00:00 c0f5af21acb8018a5e53d25f1560d2a96b79a7c0 We need a genuine boolean type, as otherwise expressions like bool foo = (4 & 4); if (foo == true) { exit(1); } else { exit(2); } could evaluate differently on non-modern platforms, and that would be a real pain to debug. _Bool and bool are in C99 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15028 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Wed Mar 23 12:31:47 UTC 2022 on sn-devel-184 
We need a genuine boolean type, as otherwise expressions like

	bool foo = (4 & 4);
	if (foo == true) {
		exit(1);
	} else {
		exit(2);
	}

could evaluate differently on non-modern platforms, and
that would be a real pain to debug.

_Bool and bool are in C99

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15028

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 23 12:31:47 UTC 2022 on sn-devel-184
configure: Check for __atomic_add_fetch() and __atomic_load() 2021-12-15T00:15:33+00:00 Volker Lendecke vl@samba.org 2021-12-13T16:40:52+00:00 62dab3921b335d47a0c9c419714d0e2ea2320f74 To be used in the tdb_seqnum code soon Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
To be used in the tdb_seqnum code soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
lib/replace: For heimdal_build: Try to use the OS or compiler provided atomic operators 2021-12-07T04:05:34+00:00 Andrew Bartlett abartlet@samba.org 2021-07-06T00:26:44+00:00 a0d75b1cce4b97e1d6b78ba2b7adf96988d55608 This provides the defines that may be needed to use the compiler-provided atomics, rather than a fallback. Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> 
This provides the defines that may be needed to use the
compiler-provided atomics, rather than a fallback.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
nsswitch: reduce dependecies to private libraries and link static/builtin if possible 2021-11-30T15:53:34+00:00 Stefan Metzmacher metze@samba.org 2021-07-01T10:08:16+00:00 66e90b7391bd404580f3919c4f2b8625c9c89c0e Over the last month I got more and more reports, that it's not possible to use a custom Samba version on systems with sssd being installed, which depends on some specific samba libraries installed in the system. One major problem is that the custom libnss_winbind.so.2 depends on the libreplace-samba4.so of the custom build and also injects an RPATH into the running process. When sssd uses any nss library call it will get this, when it then tries to load some of its plugins via dlopen(), e.g. ldd /usr/lib64/sssd/libsss_ad.so| grep samba libsamba-util.so.0 => /lib64/libsamba-util.so.0 libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so libsamba-errors.so.1 => /lib64/libsamba-errors.so.1 libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so When that loads dlopen() will fail as a soname libreplace-samba4.so is already loaded, but the symbol version within the other one don't match, as the contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3. This is just an example and similar things can happen in all situations where we provide libraries, which are potentially injected into every process of the running system. These should only depend on libc.so and related basic system libraries in order to avoid the problem. We have the following libraries, which are in the that category: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so - async_dns_krb5_locator.so The rules of library loading are really complex and symbol versioning is not enough to solve it, only the combination of unique soname and unique symbol version suffix seem to solve the problem, but injecting an RPATH is still a problem. In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM() definitions with 'hide_symbols=True' in order to do some static linking of selected components, e.g. bld.SAMBA_SUBSYSTEM('replace-hidden', source=REPLACE_SOURCE, group='base_libraries', hide_symbols=True, deps='dl attr' + extra_libs) It's relatively simple to get to the point where the following are completely static: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so But 'async_dns_krb5_locator.so' links in almost everything! It seems we install the krb5 plugins into our own $MODULESDIR/krb5/, so it may not be so critical, as long it's the admin who created the desired symlinks into the location the kerberos libraries search for plugins. Note the at least the locator plugins are always loaded without any configuration, every .so in a special path are loaded with dlopen(). This is done by every application using kerberos, so we load a lot of samba libraries into them. Packagers should not put async_dns_krb5_locator.so (nor a symlink) into the path that's reachable by libkrb5.so. As a longterm solution we may want to change async_dns_krb5_locator.so to use a helper process with posix_spawn() instead of doing everything within the process. Note I added hiden_symbols=True to the nss modules for Linux and FreeBSD only, because these are the only platforms I'm able to test on. We most likely should do the same on other platforms, but some with access to the platform should provide a tested patch. In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with '-hidden', I added the 'provide_builtin_linking=True' option, as the logic is very similar to what we already have with the '--builtin-libraries=BUILTIN_LIBRARIES' configure option. SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order to make it more strict that these plugins can't be used as normal depedency by other subsystems and libraries. While being there it was easy enough to make libwbclient.so also standalone without dependecies to other samba libraries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.

One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.

ldd /usr/lib64/sssd/libsss_ad.so| grep samba

   libsamba-util.so.0 => /lib64/libsamba-util.so.0
   libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
   libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
   libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
   libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
   libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
   libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
   libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
   libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
   libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so

When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.

This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.

We have the following libraries, which are in the that category:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so

The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.

In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.

   bld.SAMBA_SUBSYSTEM('replace-hidden',
                       source=REPLACE_SOURCE,
                       group='base_libraries',
                       hide_symbols=True,
                       deps='dl attr' + extra_libs)

It's relatively simple to get to the point where the following are
completely static:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so

But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.

Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.

As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.

Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.

In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.

SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.

While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
lib/replace: use dlsym(RTLD_DEFAULT,) for {nss,nss_host,uid,socket}_wrapper_enabled() 2021-11-30T15:53:34+00:00 Stefan Metzmacher metze@samba.org 2021-08-05T16:03:14+00:00 05ca7b9809d7329aea93fc8f1b8b2e54703f1dbd We should not provide the symbols ourself instead we should just check if they are already available when we want to check the result. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
We should not provide the symbols ourself instead we should just check
if they are already available when we want to check the result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
lib/replace: drop runtime copy_file_range() check 2021-09-07T19:24:57+00:00 Ralph Boehme slow@samba.org 2021-09-05T13:09:12+00:00 2b86cff4a4df81e37ca9a4d95b8b928b0a912633 This reverts commit 4354823c5146753ef8a3791bc8562379096659b8 "libreplace: properly execute SYS_copy_file_range check". We now use a runtime check in the user of copy_file_range(). Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 7 19:24:57 UTC 2021 on sn-devel-184 
This reverts commit 4354823c5146753ef8a3791bc8562379096659b8
"libreplace: properly execute SYS_copy_file_range check".

We now use a runtime check in the user of copy_file_range().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  7 19:24:57 UTC 2021 on sn-devel-184
libreplace: remove now unused USE_COPY_FILE_RANGE define 2021-08-13T11:45:17+00:00 Ralph Boehme slow@samba.org 2021-08-12T16:31:40+00:00 1641e6c528e027dbfff96a834b94a8654a03a168 The only user was removed in the previous commit. We still need the preceeding checks however, based on that replace.c provides a copy_file_range() fallback. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795 RN: copy_file_range() may fail with EOPNOTSUPP Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184 
The only user was removed in the previous commit. We still need the preceeding
checks however, based on that replace.c provides a copy_file_range() fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14795
RN: copy_file_range() may fail with EOPNOTSUPP

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Aug 13 11:45:17 UTC 2021 on sn-devel-184
libreplace: properly execute SYS_copy_file_range check 2021-08-10T19:37:14+00:00 Ralph Boehme slow@samba.org 2021-08-07T15:18:25+00:00 4354823c5146753ef8a3791bc8562379096659b8 It seems some systems (like Centos 7) have the SYS_copy_file_range define but fail the syscall when actually being called. The current configure check is only compiled, not run so erroneously reports a working SYS_copy_file_range. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786 RN: Insufficient libreplace check for SYS_copy_file_range check Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Aug 10 19:37:14 UTC 2021 on sn-devel-184 
It seems some systems (like Centos 7) have the SYS_copy_file_range define but
fail the syscall when actually being called. The current configure check is only
compiled, not run so erroneously reports a working SYS_copy_file_range.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786
RN: Insufficient libreplace check for SYS_copy_file_range check

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Aug 10 19:37:14 UTC 2021 on sn-devel-184
libreplace: properly give headers to conf.CHECK_CODE when checking for copy_file_range_syscall 2021-08-10T18:44:30+00:00 Ralph Boehme slow@samba.org 2021-08-07T15:18:08+00:00 22a58a51846749495613e5b572c31ba4752bc61b BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14786

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
replace: copy_file_range() 2021-06-30T16:51:29+00:00 Ralph Boehme slow@samba.org 2021-06-24T12:13:50+00:00 4dcc04228df233be15efe9c31bcbaba822b140c4 BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12033

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>