Attachment 18448 Details for Bug 15643 – patch for 4.20

[patch] patch for 4.20

v4-20-fix-libldb-deepbind.patch (text/plain), 10.08 KB, created by Andreas Schneider on 2024-09-27 12:15:29 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2024-09-27 12:15:29 UTC

Size: 10.08 KB

patch

obsolete

>From 46e15b11d44f3b322284daa2694ad8f7c018ddbe Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Sep 2024 09:19:17 +0200
>Subject: [PATCH 1/4] lib:ldb: Remove trailing spaces from ldb_modules.c
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from commit 8d6b5183770895fef002b6cce84902d1874fa502)
>---
> lib/ldb/common/ldb_modules.c | 34 +++++++++++++++++-----------------
> 1 file changed, 17 insertions(+), 17 deletions(-)
>
>diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
>index b5627b0d04f..5c970626206 100644
>--- a/lib/ldb/common/ldb_modules.c
>+++ b/lib/ldb/common/ldb_modules.c
>@@ -631,9 +631,9 @@ int ldb_next_start_trans(struct ldb_module *module)
> 		/* Set a default error string, to place the blame somewhere */
> 		ldb_asprintf_errstring(module->ldb, "start_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
> 	}
>-	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { 
>-		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_start_trans error: %s", 
>-			  ldb_errstring(module->ldb));				
>+	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
>+		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_start_trans error: %s",
>+			  ldb_errstring(module->ldb));
> 	}
> 	return ret;
> }
>@@ -650,9 +650,9 @@ int ldb_next_end_trans(struct ldb_module *module)
> 		/* Set a default error string, to place the blame somewhere */
> 		ldb_asprintf_errstring(module->ldb, "end_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
> 	}
>-	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { 
>-		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_end_trans error: %s", 
>-			  ldb_errstring(module->ldb));				
>+	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
>+		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_end_trans error: %s",
>+			  ldb_errstring(module->ldb));
> 	}
> 	return ret;
> }
>@@ -720,9 +720,9 @@ int ldb_next_prepare_commit(struct ldb_module *module)
> 		/* Set a default error string, to place the blame somewhere */
> 		ldb_asprintf_errstring(module->ldb, "prepare_commit error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
> 	}
>-	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { 
>-		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_prepare_commit error: %s", 
>-			  ldb_errstring(module->ldb));				
>+	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
>+		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_prepare_commit error: %s",
>+			  ldb_errstring(module->ldb));
> 	}
> 	return ret;
> }
>@@ -739,9 +739,9 @@ int ldb_next_del_trans(struct ldb_module *module)
> 		/* Set a default error string, to place the blame somewhere */
> 		ldb_asprintf_errstring(module->ldb, "del_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret);
> 	}
>-	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { 
>-		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_del_trans error: %s", 
>-			  ldb_errstring(module->ldb));				
>+	if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) {
>+		ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_del_trans error: %s",
>+			  ldb_errstring(module->ldb));
> 	}
> 	return ret;
> }
>@@ -777,17 +777,17 @@ int ldb_module_send_entry(struct ldb_request *req,
> 	    req->handle->nesting == 0) {
> 		char *s;
> 		struct ldb_ldif ldif;
>-		
>+
> 		ldif.changetype = LDB_CHANGETYPE_NONE;
> 		ldif.msg = discard_const_p(struct ldb_message, msg);
> 
> 		ldb_debug_add(req->handle->ldb, "ldb_trace_response: ENTRY\n");
> 
>-		/* 
>+		/*
> 		 * The choice to call
> 		 * ldb_ldif_write_redacted_trace_string() is CRITICAL
> 		 * for security.  It ensures that we do not output
>-		 * passwords into debug logs 
>+		 * passwords into debug logs
> 		 */
> 
> 		s = ldb_ldif_write_redacted_trace_string(req->handle->ldb, msg, &ldif);
>@@ -1104,8 +1104,8 @@ static int ldb_modules_load_dir(const char *modules_dir, const char *version)
> 	return LDB_SUCCESS;
> }
> 
>-/* 
>-   load any additional modules from the given directory 
>+/*
>+   load any additional modules from the given directory
> */
> void ldb_set_modules_dir(struct ldb_context *ldb, const char *path)
> {
>-- 
>2.46.1
>
>
>From e7096f92aee5d06f57d4462429aa2780fe6f3b57 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Sep 2024 09:19:44 +0200
>Subject: [PATCH 2/4] lib:ldb: Don't use RTLD_DEEPBIND by default
>
>It should be off by default, as this is not needed by default. It
>crashes named on startup, if bind is built with jemalloc support.
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from commit dc6927fdca2ad77dbcf212ef4d3ba0d118ec7bdf)
>---
> lib/ldb/common/ldb_modules.c | 21 ++++++---------------
> selftest/selftest.pl         |  6 ------
> selftest/wscript             |  5 ++---
> 3 files changed, 8 insertions(+), 24 deletions(-)
>
>diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
>index 5c970626206..08d251f9bdd 100644
>--- a/lib/ldb/common/ldb_modules.c
>+++ b/lib/ldb/common/ldb_modules.c
>@@ -945,7 +945,7 @@ static int ldb_modules_load_path(const char *path, const char *version)
> 	int dlopen_flags;
> 
> #ifdef RTLD_DEEPBIND
>-	bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL);
>+	bool deepbind_enabled = (getenv("LDB_MODULES_ENABLE_DEEPBIND") != NULL);
> #endif
> 
> 	ret = stat(path, &st);
>@@ -981,21 +981,12 @@ static int ldb_modules_load_path(const char *path, const char *version)
> 	dlopen_flags = RTLD_NOW;
> #ifdef RTLD_DEEPBIND
> 	/*
>-	 * use deepbind if possible, to avoid issues with different
>-	 * system library variants, for example ldb modules may be linked
>-	 * against Heimdal while the application may use MIT kerberos.
>+	 * On systems where e.g. different kerberos libraries are used, like a
>+	 * mix of Heimdal and MIT Kerberos, LDB_MODULES_ENABLE_DEEPBIND should
>+	 * be set to avoid issues.
> 	 *
>-	 * See the dlopen manpage for details.
>-	 *
>-	 * One typical user is the bind_dlz module of Samba,
>-	 * but symbol versioning might be enough...
>-	 *
>-	 * We need a way to disable this in order to allow the
>-	 * ldb_*ldap modules to work with a preloaded socket wrapper.
>-	 *
>-	 * So in future we may remove this completely
>-	 * or at least invert the default behavior.
>-	*/
>+	 * By default Linux distributions only have one Kerberos library.
>+	 */
> 	if (deepbind_enabled) {
> 		dlopen_flags |= RTLD_DEEPBIND;
> 	}
>diff --git a/selftest/selftest.pl b/selftest/selftest.pl
>index 3dbaa4f0c18..8e3964af90f 100755
>--- a/selftest/selftest.pl
>+++ b/selftest/selftest.pl
>@@ -421,12 +421,6 @@ $ENV{UID_WRAPPER} = 1;
> # We are already hitting the limit, so double it.
> $ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200;
> 
>-# Disable RTLD_DEEPBIND hack for Samba bind dlz module
>-#
>-# This is needed in order to allow the ldb_*ldap module
>-# to work with a preloaded socket wrapper.
>-$ENV{LDB_MODULES_DISABLE_DEEPBIND} = 1;
>-
> my $socket_wrapper_dir;
> if ($opt_socket_wrapper) {
> 	$socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap);
>diff --git a/selftest/wscript b/selftest/wscript
>index b8faf6dbc84..dfafe31c868 100644
>--- a/selftest/wscript
>+++ b/selftest/wscript
>@@ -329,9 +329,8 @@ def cmd_testonly(opt):
>         asan_options += ":suppressions=${srcdir}/selftest/sanitizer/asan.supp"
>         asan_options += " "
> 
>-        # And we need to disable RTLD_DEEPBIND in ldb and socket wrapper
>-        no_leak_check = "LDB_MODULES_DISABLE_DEEPBIND=1 "
>-        no_leak_check += "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
>+        # We need to disable RTLD_DEEPBIND in socket wrapper
>+        no_leak_check = "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
>         no_leak_check += " "
>         env.CORE_COMMAND = asan_options + no_leak_check + env.CORE_COMMAND
> 
>-- 
>2.46.1
>
>
>From 6b82f9392e66e2fef9c1aaa57649097a0d663edc Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Sep 2024 09:40:23 +0200
>Subject: [PATCH 3/4] lib:ldb: Remove trailing spaces from ldb.3.xml
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>(cherry picked from commit d6ff05cb5708fb6746176821bee5f713195efa54)
>---
> lib/ldb/man/ldb.3.xml | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/lib/ldb/man/ldb.3.xml b/lib/ldb/man/ldb.3.xml
>index 1c0a2ece552..1dd8b2462d4 100644
>--- a/lib/ldb/man/ldb.3.xml
>+++ b/lib/ldb/man/ldb.3.xml
>@@ -247,7 +247,7 @@ ldb_search(3) manual pages.
> 	<title>Author</title>
> 
> 	<para>
>-		ldb was written by 
>+		ldb was written by
> 		 <ulink url="https://www.samba.org/~tridge/">Andrew Tridgell</ulink>.
> 	</para>
> 
>-- 
>2.46.1
>
>
>From 52402df72cd29744653e2cfe802f8e2aaa3c4e36 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Wed, 25 Sep 2024 09:22:08 +0200
>Subject: [PATCH 4/4] lib:ldb: Document environment variables in ldb manpage
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>Reviewed-by: Stefan Metzmacher <metze@samba.org>
>
>Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
>Autobuild-Date(master): Fri Sep 27 09:06:43 UTC 2024 on atb-devel-224
>
>(cherry picked from commit 20a3a94e06a2294206ec233ccc7f873d6ef2aca0)
>---
> lib/ldb/man/ldb.3.xml | 21 +++++++++++++++++++++
> 1 file changed, 21 insertions(+)
>
>diff --git a/lib/ldb/man/ldb.3.xml b/lib/ldb/man/ldb.3.xml
>index 1dd8b2462d4..f8d3cb50446 100644
>--- a/lib/ldb/man/ldb.3.xml
>+++ b/lib/ldb/man/ldb.3.xml
>@@ -243,6 +243,27 @@ ldb_search(3) manual pages.
> 	</itemizedlist>
> </refsect1>
> 
>+<refsect1>
>+	<title>ENVIRONMENT VARIABLES</title>
>+
>+	<itemizedlist>
>+		<listitem><para>
>+			<envar>LDB_URL</envar>
>+			 - connect to the provided URL (cmdline tools only)
>+		</para></listitem>
>+
>+		<listitem><para>
>+			<envar>LDB_MODULES_PATH</envar>
>+			 - path where to load ldb modules from
>+		</para></listitem>
>+
>+		<listitem><para>
>+			<envar>LDB_MODULES_ENABLE_DEEPBIND</envar>
>+			 - enable RTLD_DEEPBIND when loading ldb modules
>+		</para></listitem>
>+	</itemizedlist>
>+</refsect1>
>+
> <refsect1>
> 	<title>Author</title>
> 
>-- 
>2.46.1
>

Actions: View

Attachments on bug 15643: 18300 | 18448 | 18449