sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00
Code

lib:ldb: Don't use RTLD_DEEPBIND by default

Browse Source 
It should be off by default, as this is not needed by default. It
crashes named on startup, if bind is built with jemalloc support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit dc6927fdca2ad77dbcf212ef4d3ba0d118ec7bdf)
This commit is contained in:
Andreas Schneider 2024-09-25 09:19:44 +02:00 committed by Jule Anger
parent a4cc81cc2f
commit c9463d6dc9
3 changed files with 8 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/ldb/common/ldb_modules.c
View File

@ -945,7 +945,7 @@ static int ldb_modules_load_path(const char *path, const char *version)
int dlopen_flags; int dlopen_flags;
#ifdef RTLD_DEEPBIND #ifdef RTLD_DEEPBIND
bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL); bool deepbind_enabled = (getenv("LDB_MODULES_ENABLE_DEEPBIND") != NULL);
#endif #endif
ret = stat(path, &st); ret = stat(path, &st);
@ -981,20 +981,11 @@ static int ldb_modules_load_path(const char *path, const char *version)
dlopen_flags = RTLD_NOW; dlopen_flags = RTLD_NOW;
#ifdef RTLD_DEEPBIND #ifdef RTLD_DEEPBIND
/* /*
* use deepbind if possible, to avoid issues with different * On systems where e.g. different kerberos libraries are used, like a
* system library variants, for example ldb modules may be linked * mix of Heimdal and MIT Kerberos, LDB_MODULES_ENABLE_DEEPBIND should
* against Heimdal while the application may use MIT kerberos. * be set to avoid issues.
* *
* See the dlopen manpage for details. * By default Linux distributions only have one Kerberos library.
*
* One typical user is the bind_dlz module of Samba,
* but symbol versioning might be enough...
*
* We need a way to disable this in order to allow the
* ldb_*ldap modules to work with a preloaded socket wrapper.
*
* So in future we may remove this completely
* or at least invert the default behavior.
*/ */
if (deepbind_enabled) { if (deepbind_enabled) {
dlopen_flags |= RTLD_DEEPBIND; dlopen_flags |= RTLD_DEEPBIND;

6
selftest/selftest.pl
View File

@ -433,12 +433,6 @@ $ENV{UID_WRAPPER} = 1;
# We are already hitting the limit, so double it. # We are already hitting the limit, so double it.
$ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200; $ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200;
# Disable RTLD_DEEPBIND hack for Samba bind dlz module
#
# This is needed in order to allow the ldb_*ldap module
# to work with a preloaded socket wrapper.
$ENV{LDB_MODULES_DISABLE_DEEPBIND} = 1;
my $socket_wrapper_dir; my $socket_wrapper_dir;
if ($opt_socket_wrapper) { if ($opt_socket_wrapper) {
$socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap); $socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap);

5
selftest/wscript
View File

@ -333,9 +333,8 @@ def cmd_testonly(opt):
asan_options += ":suppressions=${srcdir}/selftest/sanitizer/asan.supp" asan_options += ":suppressions=${srcdir}/selftest/sanitizer/asan.supp"
asan_options += " " asan_options += " "
# And we need to disable RTLD_DEEPBIND in ldb and socket wrapper # We need to disable RTLD_DEEPBIND in socket wrapper
no_leak_check = "LDB_MODULES_DISABLE_DEEPBIND=1 " no_leak_check = "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
no_leak_check += "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
no_leak_check += " " no_leak_check += " "
env.CORE_COMMAND = asan_options + no_leak_check + env.CORE_COMMAND env.CORE_COMMAND = asan_options + no_leak_check + env.CORE_COMMAND