1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/lib/replace
Stefan Metzmacher 66e90b7391 nsswitch: reduce dependecies to private libraries and link static/builtin if possible
Over the last month I got more and more reports,
that it's not possible to use a custom Samba version
on systems with sssd being installed, which depends on some
specific samba libraries installed in the system.

One major problem is that the custom libnss_winbind.so.2
depends on the libreplace-samba4.so of the custom build
and also injects an RPATH into the running process.
When sssd uses any nss library call it will get this,
when it then tries to load some of its plugins via dlopen(),
e.g.

ldd /usr/lib64/sssd/libsss_ad.so| grep samba

   libsamba-util.so.0 => /lib64/libsamba-util.so.0
   libreplace-samba4.so => /usr/lib64/samba/libreplace-samba4.so
   libsamba-security-samba4.so => /usr/lib64/samba/libsamba-security-samba4.so
   libsamba-errors.so.1 => /lib64/libsamba-errors.so.1
   libsamba-debug-samba4.so => /usr/lib64/samba/libsamba-debug-samba4.so
   libgenrand-samba4.so => /usr/lib64/samba/libgenrand-samba4.so
   libsocket-blocking-samba4.so => /usr/lib64/samba/libsocket-blocking-samba4.so
   libtime-basic-samba4.so => /usr/lib64/samba/libtime-basic-samba4.so
   libsys-rw-samba4.so => /usr/lib64/samba/libsys-rw-samba4.so
   libiov-buf-samba4.so => /usr/lib64/samba/libiov-buf-samba4.so

When that loads dlopen() will fail as a soname libreplace-samba4.so is
already loaded, but the symbol version within the other one don't match, as the
contain the exact version, e.g. replace_dummy@@SAMBA_4.13.3.

This is just an example and similar things can happen in all situations
where we provide libraries, which are potentially injected into every
process of the running system. These should only depend on libc.so and
related basic system libraries in order to avoid the problem.

We have the following libraries, which are in the that category:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so
- async_dns_krb5_locator.so

The rules of library loading are really complex and symbol versioning
is not enough to solve it, only the combination of unique soname and
unique symbol version suffix seem to solve the problem, but injecting
an RPATH is still a problem.

In order to solve the problem I experimented with adding SAMBA_SUBSYSTEM()
definitions with 'hide_symbols=True' in order to do some static linking
of selected components, e.g.

   bld.SAMBA_SUBSYSTEM('replace-hidden',
                       source=REPLACE_SOURCE,
                       group='base_libraries',
                       hide_symbols=True,
                       deps='dl attr' + extra_libs)

It's relatively simple to get to the point where the following are
completely static:

- libnss_winbind.so.2
- libnss_wins.so.2
- pam_winbind.so
- winbind_krb5_locator.so

But 'async_dns_krb5_locator.so' links in almost everything!
It seems we install the krb5 plugins into our own $MODULESDIR/krb5/,
so it may not be so critical, as long it's the admin who created
the desired symlinks into the location the kerberos libraries search
for plugins. Note the at least the locator plugins are always loaded
without any configuration, every .so in a special path are loaded with dlopen().
This is done by every application using kerberos, so we load a lot of samba libraries
into them.

Packagers should not put async_dns_krb5_locator.so (nor a symlink) into
the path that's reachable by libkrb5.so.

As a longterm solution we may want to change async_dns_krb5_locator.so
to use a helper process with posix_spawn() instead of doing everything
within the process.

Note I added hiden_symbols=True to the nss modules for Linux and
FreeBSD only, because these are the only platforms I'm able to test
on. We most likely should do the same on other platforms, but some
with access to the platform should provide a tested patch.

In order to avoid manual definitions of SAMBA_SUBSYSTEMS() with
'-hidden', I added the 'provide_builtin_linking=True' option,
as the logic is very similar to what we already have with the
'--builtin-libraries=BUILTIN_LIBRARIES' configure option.

SAMBA_PLUGIN() is used in order to use SAMBA_LIBRARY() in order
to make it more strict that these plugins can't be used as
normal depedency by other subsystems and libraries.

While being there it was easy enough to make libwbclient.so
also standalone without dependecies to other samba libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14780

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2021-11-30 15:53:34 +00:00
..
system lib:replace: Remove NIS support 2021-04-22 17:57:30 +00:00
tests testsuite: Fix build with gcc >= 11.1.1 2021-08-16 17:20:37 +00:00
.checker_innocent
closefrom.c libreplace: Compare a pointer against NULL, not 0 2020-11-04 18:55:39 +00:00
configure build: Move python detection back into waf (instead of in configure and Makefile) 2018-12-14 14:40:19 +01:00
dlfcn.c
getaddrinfo.c
getaddrinfo.h
getifaddrs.c replace: Use #ifdef instead of #if for config.h definitions 2018-11-28 23:19:21 +01:00
hdr_replace.h
inet_aton.c
inet_ntoa.c
inet_ntop.c
inet_pton.c
Makefile build: Move python detection back into waf (instead of in configure and Makefile) 2018-12-14 14:40:19 +01:00
poll.c
README replace: Add memset_s to replacement functions 2018-12-20 12:16:39 +01:00
replace-test.h
replace-testsuite.h
replace.c replace: copy_file_range() 2021-06-30 16:51:29 +00:00
replace.h lib/replace: use dlsym(RTLD_DEFAULT,) for {nss,nss_host,uid,socket}_wrapper_enabled() 2021-11-30 15:53:34 +00:00
snprintf.c lib: replace: snprintf: Whitespace clean up 2019-01-10 06:15:21 +01:00
socket.c
socketpair.c
strptime.c lib:replace: Add FALL_THROUGH statements in strptime.c 2018-03-01 04:37:41 +01:00
timegm.c lib/replace/timegm: use utf-8 2021-11-17 05:27:39 +00:00
win32_replace.h
wscript nsswitch: reduce dependecies to private libraries and link static/builtin if possible 2021-11-30 15:53:34 +00:00
xattr.c lib/replace/xattr.c: typo fixes 2019-10-31 00:43:36 +00:00

This subsystem ensures that we can always use a certain core set of 
functions and types, that are either provided by the OS or by replacement 
functions / definitions in this subsystem. The aim is to try to stick 
to POSIX functions in here as much as possible. Convenience functions 
that are available on no platform at all belong in other subsystems
(such as LIBUTIL).

The following functions are guaranteed:

ftruncate
strlcpy
strlcat
mktime
rename
initgroups
memmove
strdup
setlinebuf
vsyslog
timegm
setenv
unsetenv
strndup
strnlen
waitpid
seteuid
setegid
asprintf
snprintf
vasprintf
vsnprintf
opendir
readdir
telldir
seekdir
clock_gettime
closedir
dlopen
dlclose
dlsym
dlerror
chroot
bzero
strerror
errno
mkdtemp
mkstemp (a secure one!)
pread
pwrite
chown
lchown
readline (the library)
inet_ntoa
inet_ntop
inet_pton
inet_aton
strtoll
strtoull
socketpair
strptime
getaddrinfo
freeaddrinfo
getnameinfo
gai_strerror
getifaddrs
freeifaddrs
utime
utimes
dup2
link
readlink
symlink
realpath
poll
setproctitle
memset_s

Types:
bool
socklen_t
uint{8,16,32,64}_t
int{8,16,32,64}_t
intptr_t
sig_atomic_t
blksize_t
blkcnt_t

Constants:
PATH_NAME_MAX
UINT{16,32,64}_MAX
INT32_MAX
RTLD_LAZY
HOST_NAME_MAX
UINT16_MAX
UINT32_MAX
UINT64_MAX
CHAR_BIT

Macros:
va_copy
__FUNCTION__
__FILE__
__LINE__
__LINESTR__
__location__
__STRING
__STRINGSTRING
MIN
MAX
QSORT_CAST
ZERO_STRUCT
ZERO_STRUCTP
ZERO_STRUCTPN
ZERO_ARRAY
ARRAY_SIZE
PTR_DIFF

Headers:
stdint.h
stdbool.h

Optional C keywords:
volatile

Prerequisites:
memset (for bzero)
syslog (for vsyslog)
mktemp (for mkstemp and mkdtemp)