From e2d3bf09d6d75c7dc009aff36119e51ea59371fc Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 25 Sep 2024 09:19:17 +0200 Subject: [PATCH 1/4] lib:ldb: Remove trailing spaces from ldb_modules.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit 8d6b5183770895fef002b6cce84902d1874fa502) --- lib/ldb/common/ldb_modules.c | 34 +++++++++++++++++----------------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c index b5627b0d04f..5c970626206 100644 --- a/lib/ldb/common/ldb_modules.c +++ b/lib/ldb/common/ldb_modules.c @@ -631,9 +631,9 @@ int ldb_next_start_trans(struct ldb_module *module) /* Set a default error string, to place the blame somewhere */ ldb_asprintf_errstring(module->ldb, "start_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret); } - if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_start_trans error: %s", - ldb_errstring(module->ldb)); + if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_start_trans error: %s", + ldb_errstring(module->ldb)); } return ret; } @@ -650,9 +650,9 @@ int ldb_next_end_trans(struct ldb_module *module) /* Set a default error string, to place the blame somewhere */ ldb_asprintf_errstring(module->ldb, "end_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret); } - if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_end_trans error: %s", - ldb_errstring(module->ldb)); + if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_end_trans error: %s", + ldb_errstring(module->ldb)); } return ret; } @@ -720,9 +720,9 @@ int ldb_next_prepare_commit(struct ldb_module *module) /* Set a default error string, to place the blame somewhere */ ldb_asprintf_errstring(module->ldb, "prepare_commit error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret); } - if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_prepare_commit error: %s", - ldb_errstring(module->ldb)); + if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_prepare_commit error: %s", + ldb_errstring(module->ldb)); } return ret; } @@ -739,9 +739,9 @@ int ldb_next_del_trans(struct ldb_module *module) /* Set a default error string, to place the blame somewhere */ ldb_asprintf_errstring(module->ldb, "del_trans error in module %s: %s (%d)", module->ops->name, ldb_strerror(ret), ret); } - if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { - ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_del_trans error: %s", - ldb_errstring(module->ldb)); + if ((module && module->ldb->flags & LDB_FLG_ENABLE_TRACING)) { + ldb_debug(module->ldb, LDB_DEBUG_TRACE, "ldb_next_del_trans error: %s", + ldb_errstring(module->ldb)); } return ret; } @@ -777,17 +777,17 @@ int ldb_module_send_entry(struct ldb_request *req, req->handle->nesting == 0) { char *s; struct ldb_ldif ldif; - + ldif.changetype = LDB_CHANGETYPE_NONE; ldif.msg = discard_const_p(struct ldb_message, msg); ldb_debug_add(req->handle->ldb, "ldb_trace_response: ENTRY\n"); - /* + /* * The choice to call * ldb_ldif_write_redacted_trace_string() is CRITICAL * for security. It ensures that we do not output - * passwords into debug logs + * passwords into debug logs */ s = ldb_ldif_write_redacted_trace_string(req->handle->ldb, msg, &ldif); @@ -1104,8 +1104,8 @@ static int ldb_modules_load_dir(const char *modules_dir, const char *version) return LDB_SUCCESS; } -/* - load any additional modules from the given directory +/* + load any additional modules from the given directory */ void ldb_set_modules_dir(struct ldb_context *ldb, const char *path) { -- 2.46.1 From d0ec464cfced2654d74672846d83c19f69af622b Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 25 Sep 2024 09:19:44 +0200 Subject: [PATCH 2/4] lib:ldb: Don't use RTLD_DEEPBIND by default It should be off by default, as this is not needed by default. It crashes named on startup, if bind is built with jemalloc support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit dc6927fdca2ad77dbcf212ef4d3ba0d118ec7bdf) --- lib/ldb/common/ldb_modules.c | 21 ++++++--------------- selftest/selftest.pl | 6 ------ selftest/wscript | 5 ++--- 3 files changed, 8 insertions(+), 24 deletions(-) diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c index 5c970626206..08d251f9bdd 100644 --- a/lib/ldb/common/ldb_modules.c +++ b/lib/ldb/common/ldb_modules.c @@ -945,7 +945,7 @@ static int ldb_modules_load_path(const char *path, const char *version) int dlopen_flags; #ifdef RTLD_DEEPBIND - bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL); + bool deepbind_enabled = (getenv("LDB_MODULES_ENABLE_DEEPBIND") != NULL); #endif ret = stat(path, &st); @@ -981,21 +981,12 @@ static int ldb_modules_load_path(const char *path, const char *version) dlopen_flags = RTLD_NOW; #ifdef RTLD_DEEPBIND /* - * use deepbind if possible, to avoid issues with different - * system library variants, for example ldb modules may be linked - * against Heimdal while the application may use MIT kerberos. + * On systems where e.g. different kerberos libraries are used, like a + * mix of Heimdal and MIT Kerberos, LDB_MODULES_ENABLE_DEEPBIND should + * be set to avoid issues. * - * See the dlopen manpage for details. - * - * One typical user is the bind_dlz module of Samba, - * but symbol versioning might be enough... - * - * We need a way to disable this in order to allow the - * ldb_*ldap modules to work with a preloaded socket wrapper. - * - * So in future we may remove this completely - * or at least invert the default behavior. - */ + * By default Linux distributions only have one Kerberos library. + */ if (deepbind_enabled) { dlopen_flags |= RTLD_DEEPBIND; } diff --git a/selftest/selftest.pl b/selftest/selftest.pl index 26b1663b5b6..a0c4ec80f59 100755 --- a/selftest/selftest.pl +++ b/selftest/selftest.pl @@ -433,12 +433,6 @@ $ENV{UID_WRAPPER} = 1; # We are already hitting the limit, so double it. $ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200; -# Disable RTLD_DEEPBIND hack for Samba bind dlz module -# -# This is needed in order to allow the ldb_*ldap module -# to work with a preloaded socket wrapper. -$ENV{LDB_MODULES_DISABLE_DEEPBIND} = 1; - my $socket_wrapper_dir; if ($opt_socket_wrapper) { $socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap); diff --git a/selftest/wscript b/selftest/wscript index 52c34dcb88d..95e70706e63 100644 --- a/selftest/wscript +++ b/selftest/wscript @@ -333,9 +333,8 @@ def cmd_testonly(opt): asan_options += ":suppressions=${srcdir}/selftest/sanitizer/asan.supp" asan_options += " " - # And we need to disable RTLD_DEEPBIND in ldb and socket wrapper - no_leak_check = "LDB_MODULES_DISABLE_DEEPBIND=1 " - no_leak_check += "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1" + # We need to disable RTLD_DEEPBIND in socket wrapper + no_leak_check = "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1" no_leak_check += " " env.CORE_COMMAND = asan_options + no_leak_check + env.CORE_COMMAND -- 2.46.1 From e6745b1444b28904258710dff1dddd18a8b9f662 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 25 Sep 2024 09:40:23 +0200 Subject: [PATCH 3/4] lib:ldb: Remove trailing spaces from ldb.3.xml BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit d6ff05cb5708fb6746176821bee5f713195efa54) --- lib/ldb/man/ldb.3.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ldb/man/ldb.3.xml b/lib/ldb/man/ldb.3.xml index 1c0a2ece552..1dd8b2462d4 100644 --- a/lib/ldb/man/ldb.3.xml +++ b/lib/ldb/man/ldb.3.xml @@ -247,7 +247,7 @@ ldb_search(3) manual pages. Author - ldb was written by + ldb was written by Andrew Tridgell. -- 2.46.1 From ba9918d45820fbdb864b5a1e058136eeb0cf1ce7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Wed, 25 Sep 2024 09:22:08 +0200 Subject: [PATCH 4/4] lib:ldb: Document environment variables in ldb manpage BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Sep 27 09:06:43 UTC 2024 on atb-devel-224 (cherry picked from commit 20a3a94e06a2294206ec233ccc7f873d6ef2aca0) --- lib/ldb/man/ldb.3.xml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/lib/ldb/man/ldb.3.xml b/lib/ldb/man/ldb.3.xml index 1dd8b2462d4..f8d3cb50446 100644 --- a/lib/ldb/man/ldb.3.xml +++ b/lib/ldb/man/ldb.3.xml @@ -243,6 +243,27 @@ ldb_search(3) manual pages. + + ENVIRONMENT VARIABLES + + + + LDB_URL + - connect to the provided URL (cmdline tools only) + + + + LDB_MODULES_PATH + - path where to load ldb modules from + + + + LDB_MODULES_ENABLE_DEEPBIND + - enable RTLD_DEEPBIND when loading ldb modules + + + + Author -- 2.46.1