samba.git/lib/talloc/wscript, branch talloc-2.4.0 Unnamed repository; edit this file 'description' to name the repository. talloc: version 2.4.0 2023-01-18T16:26:36+00:00 Stefan Metzmacher metze@samba.org 2023-01-18T10:52:33+00:00 5224ed98eeba43f22b5f5f87de5947fbb1c1c7c1 * Add talloc_asprintf_addbuf() * Support python 3.12 Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jule Anger <janger@samba.org> 
* Add talloc_asprintf_addbuf()
* Support python 3.12

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
lib: Move talloc_asprintf_addbuf() to talloc 2022-12-14T04:32:34+00:00 Volker Lendecke vl@samba.org 2022-11-28T09:19:54+00:00 ccb5bafe93eb431ba53569b5176317bcbdeae322 I wanted to use this in debug.c, but this would have meant to pollute debug's deps with a lot of stuff. Also, looking through uses of talloc_asprint_append(), very many of those don't do NULL checks properly and could benefit from the _addbuf() flavor. We can add a vasprintf variant later if the need shows up. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> 
I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
talloc: version 2.3.4 2022-06-08T17:02:29+00:00 Stefan Metzmacher metze@samba.org 2022-06-08T13:01:55+00:00 0189ccf9fc3d2a77cc83cffe180e307bcdccebb4 * Fix build problems BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
* Fix build problems

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
 nsswitch: reduce dependecies to private libraries and link static/builtin if possible 2021-11-30T15:53:34+00:00 Stefan Metzmacher metze@samba.org 2021-07-01T10:08:16+00:00 66e90b7391bd404580f3919c4f2b8625c9c89c0e Over the last month I got more and more reports, that it's not possible to use a custom Samba version on systems with sssd being installed, which depends on some specific samba libraries installed in the system. One major problem is that the custom libnss_winbind.so.2 depends on the libreplace-samba4.so of the custom build and also injects an RPATH into the running process. When sssd uses any nss library call it will get this, when it then tries to load some of its plugins via dlopen(), e.g. ldd /usr/lib64/sssd/libsss_ad.so| grep samba libsamba-util.so.0 => /lib64/libsamba-util.so.0 libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so libsamba-errors.so.1 => /lib64/libsamba-errors.so.1 libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so When that loads dlopen() will fail as a soname libreplace-samba4.so is already loaded, but the symbol version within the other one don't match, as the contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3. This is just an example and similar things can happen in all situations where we provide libraries, which are potentially injected into every process of the running system. These should only depend on libc.so and related basic system libraries in order to avoid the problem. We have the following libraries, which are in the that category: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so - async_dns_krb5_locator.so The rules of library loading are really complex and symbol versioning is not enough to solve it, only the combination of unique soname and unique symbol version suffix seem to solve the problem, but injecting an RPATH is still a problem. In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM() definitions with 'hide_symbols=True' in order to do some static linking of selected components, e.g. bld.SAMBA_SUBSYSTEM('replace-hidden', source=REPLACE_SOURCE, group='base_libraries', hide_symbols=True, deps='dl attr' + extra_libs) It's relatively simple to get to the point where the following are completely static: - libnss_winbind.so.2 - libnss_wins.so.2 - pam_winbind.so - winbind_krb5_locator.so But 'async_dns_krb5_locator.so' links in almost everything! It seems we install the krb5 plugins into our own $MODULESDIR/krb5/, so it may not be so critical, as long it's the admin who created the desired symlinks into the location the kerberos libraries search for plugins. Note the at least the locator plugins are always loaded without any configuration, every .so in a special path are loaded with dlopen(). This is done by every application using kerberos, so we load a lot of samba libraries into them. Packagers should not put async_dns_krb5_locator.so (nor a symlink) into the path that's reachable by libkrb5.so. As a longterm solution we may want to change async_dns_krb5_locator.so to use a helper process with posix_spawn() instead of doing everything within the process. Note I added hiden_symbols=True to the nss modules for Linux and FreeBSD only, because these are the only platforms I'm able to test on. We most likely should do the same on other platforms, but some with access to the platform should provide a tested patch. In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with '-hidden', I added the 'provide_builtin_linking=True' option, as the logic is very similar to what we already have with the '--builtin-libraries=BUILTIN_LIBRARIES' configure option. SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order to make it more strict that these plugins can't be used as normal depedency by other subsystems and libraries. While being there it was easy enough to make libwbclient.so also standalone without dependecies to other samba libraries. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> 
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.

One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.

ldd /usr/lib64/sssd/libsss_ad.so| grep samba

   libsamba-util.so.0 => /lib64/libsamba-util.so.0
   libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
   libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
   libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
   libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
   libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
   libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
   libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
   libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
   libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so

When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.

This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.

We have the following libraries, which are in the that category:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so

The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.

In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.

   bld.SAMBA_SUBSYSTEM('replace-hidden',
                       source=REPLACE_SOURCE,
                       group='base_libraries',
                       hide_symbols=True,
                       deps='dl attr' + extra_libs)

It's relatively simple to get to the point where the following are
completely static:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so

But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.

Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.

As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.

Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.

In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.

SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.

While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
talloc: version 2.3.3 2021-07-14T21:06:36+00:00 Stefan Metzmacher metze@samba.org 2021-07-14T20:28:19+00:00 bc1ee7ca0640f0136e5af7dcc4ca8ed0a5893053 - python: Ensure reference counts are properly incremented - Bug 9931: change pytalloc source to LGPL Signed-off-by: Stefan Metzmacher <metze@samba.org> 
- python: Ensure reference counts are properly incremented
- Bug 9931: change pytalloc source to LGPL

Signed-off-by: Stefan Metzmacher <metze@samba.org>
lib: talloc: Fix memlimit on pool realloc. 2020-11-09T02:46:50+00:00 Jeremy Allison jra@samba.org 2020-10-20T17:52:55+00:00 4566ee91b8c37f62e8b56242a48230db59cd5ff0 We only have to do the memlimit check before any real malloc or realloc. Allocations out of a memory pool have already been counted in the memory limit, so don't check in those cases. This is an application-visible change (although fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540 Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
We only have to do the memlimit check before any
real malloc or realloc. Allocations out of a
memory pool have already been counted in the
memory limit, so don't check in those cases.

This is an application-visible change (although
fixing a bug) so bump the ABI to 2.3.1 -> 2.3.2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14540

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
talloc: Release talloc 2.3.1 2019-11-18T10:11:41+00:00 Uri Simchoni uri@samba.org 2019-11-16T21:45:51+00:00 3e2eafeb4460c8b6b3c3dbf64bbc967ae1d601d0 * Upgrade waf to 2.0.18 to fix a cross-compilation issue BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846 Signed-off-by: Uri Simchoni <uri@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> 
* Upgrade waf to 2.0.18 to fix a cross-compilation issue

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
talloc: Release talloc 2.3.0 2019-07-22T22:20:25+00:00 Andrew Bartlett abartlet@samba.org 2019-07-22T01:42:37+00:00 cd20e3876c368556781ff0c8c14527b9339d3cad * add pytalloc_get_name() to safely access te talloc name in Python bindings * Use a new minor version to allow talloc updates in the 4.11 release stream Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz 
* add pytalloc_get_name() to safely access te talloc name in Python bindings
* Use a new minor version to allow talloc updates in the 4.11 release stream

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz
talloc: Follow pattern of ldb and tdb to ensure "make test" depends on a build 2019-05-06T05:46:11+00:00 Andrew Bartlett abartlet@samba.org 2019-05-05T23:09:16+00:00 305617a14d2a77d34785168ca2c5feb6f862a818 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> 
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
talloc: Release talloc 2.2.0 2019-03-21T04:06:16+00:00 Andrew Bartlett abartlet@samba.org 2019-03-04T09:12:18+00:00 b80140ba00282ce67f7d394bbf684e726df1126e * Remove pytalloc_CObject_FromTallocPtr() * Remove --extra-python (a build time mode to produce Python2 and Python3 bindings at the same time) * New minor version to allow Samba 4.10 to release a talloc if required from that branch Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> 
 * Remove pytalloc_CObject_FromTallocPtr()
 * Remove --extra-python (a build time mode to produce Python2 and Python3
   bindings at the same time)
 * New minor version to allow Samba 4.10 to release a talloc if
   required from that branch

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>