The branch, master has been updated via 416c9bbc4f8 util: Ensure debugger is not started until it is allowed to attach via 05a1ca2f4c7 util: Ensure debugger can be attached to process via c5047548727 heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_' via 5172e1b0dd6 lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly via 52950460821 wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_ via 4367eeb7785 selftest: Improve test names in kinit test for improved debugging via 01dac7b97c9 heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba via 6f451e24ea6 heimdal_build: use TO_LIST from wafsamba.samba_utils from 5c3470c0f29 s3: smbd: Prevent fchmod on a symlink.
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 416c9bbc4f8c92fd0951ce6f03228fd22aedd650 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Apr 12 10:23:20 2021 +1200 util: Ensure debugger is not started until it is allowed to attach Use a pipe to ensure that the debugger is not started until after the prctl() call allowing it to attach to the parent, avoiding a potential race condition. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Tue Apr 20 12:33:40 UTC 2021 on sn-devel-184 commit 05a1ca2f4c771d1e249a6d756488cb5e1e3312dd Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Mar 29 15:04:53 2021 +1300 util: Ensure debugger can be attached to process samba_start_debugger() attempts to start a debugger attached to the calling process by calling system() to start a background process. However, if the spawned shell exits before the debugger has had a chance to attach, the debugger process will no longer be a child of the parent process (as it will have been reparented). If the system does not allow tracing by non-child processes, attachment may fail as a result. This commit replaces the system() call and the implicit shell around xterm with an explicit fork()/exec() so that the debugger remains a child of the calling process, ensuring the attachment succeeds unless tracing is disabled completely. Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlet <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit c50475487274cc8f524b28aac9825e35e9407c8d Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 12:06:50 2020 +0200 heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_' SOCKET_WRAPPER_DISABLE is unused for a long time already and _SAMBA_HOSTCC_ is implied by use_hostcc=True now. Signed-off-by: Stefan Metzmacher <me...@samba.org> [abart...@samba.org: Adapted to current master from Metze's wip.git/master/heimdal branch] Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 5172e1b0dd625c8f5593c92b185b4c593514bd89 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 11:50:53 2020 +0200 lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly use_hostcc=True already triggers this. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 52950460821860613eaf375f2fa0ad1fc6f16674 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 11:49:44 2020 +0200 wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_ That's easier for the callers. Signed-off-by: Stefan Metzmacher <me...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 4367eeb77851b9fa49a7c06c4b3cced9e4e18468 Author: Andrew Bartlett <abart...@samba.org> Date: Wed May 20 13:40:13 2015 +0200 selftest: Improve test names in kinit test for improved debugging Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 01dac7b97c9c2f67f0c76332fe7b9491a0d61c71 Author: Andrew Bartlett <abart...@samba.org> Date: Thu Sep 6 14:54:50 2018 +1200 heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 6f451e24ea6991e5d2750fe0d19bf94768910443 Author: Stefan Metzmacher <me...@samba.org> Date: Fri Apr 3 12:01:15 2020 +0200 heimdal_build: use TO_LIST from wafsamba.samba_utils Signed-off-by: Stefan Metzmacher <me...@samba.org> [abart...@samba.org: adapted from patch in Metze's wip.git/master-heimdal to current master without the other patches] Signed-off-by: Andrew Bartlett <abart...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: buildtools/wafsamba/samba_autoconf.py | 10 ++++-- buildtools/wafsamba/wafsamba.py | 1 + lib/replace/wscript | 1 - lib/util/util.c | 61 +++++++++++++++++++++++++------- source4/heimdal_build/roken.h | 3 ++ source4/heimdal_build/wscript_build | 27 +++++--------- testprogs/blackbox/test_kinit_heimdal.sh | 20 +++++------ 7 files changed, 78 insertions(+), 45 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py index 276b88780b8..4d2aea6c941 100644 --- a/buildtools/wafsamba/samba_autoconf.py +++ b/buildtools/wafsamba/samba_autoconf.py @@ -905,9 +905,15 @@ def ADD_EXTRA_INCLUDES(conf, includes): -def CURRENT_CFLAGS(bld, target, cflags, allow_warnings=False, hide_symbols=False): +def CURRENT_CFLAGS(bld, target, cflags, + allow_warnings=False, + use_hostcc=False, + hide_symbols=False): '''work out the current flags. local flags are added first''' - ret = TO_LIST(cflags) + ret = [] + if use_hostcc: + ret += ['-D_SAMBA_HOSTCC_'] + ret += TO_LIST(cflags) if not 'EXTRA_CFLAGS' in bld.env: list = [] else: diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index d1baa3b4940..9c8aa36d61c 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -635,6 +635,7 @@ def SAMBA_SUBSYSTEM(bld, modname, source, target = modname, samba_cflags = CURRENT_CFLAGS(bld, modname, cflags, allow_warnings=allow_warnings, + use_hostcc=use_hostcc, hide_symbols=hide_symbols), depends_on = depends_on, samba_deps = TO_LIST(deps), diff --git a/lib/replace/wscript b/lib/replace/wscript index 2c856b61a0f..21b29bb9b90 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -881,7 +881,6 @@ def build(bld): REPLACE_HOSTCC_SOURCE, use_hostcc=True, use_global_deps=False, - cflags='-D_SAMBA_HOSTCC_', group='compiler_libraries', deps = extra_libs ) diff --git a/lib/util/util.c b/lib/util/util.c index 7d7fb91e875..7eee60b85cd 100644 --- a/lib/util/util.c +++ b/lib/util/util.c @@ -1166,21 +1166,56 @@ void anonymous_shared_free(void *ptr) */ void samba_start_debugger(void) { - char *cmd = NULL; + int ready_pipe[2]; + char c; + int ret; + pid_t pid; + + ret = pipe(ready_pipe); + SMB_ASSERT(ret == 0); + + pid = fork(); + SMB_ASSERT(pid >= 0); + + if (pid) { + c = 0; + + ret = close(ready_pipe[0]); + SMB_ASSERT(ret == 0); #if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER) - /* - * Make sure all children can attach a debugger. - */ - prctl(PR_SET_PTRACER, getpid(), 0, 0, 0); + /* + * Make sure the child process can attach a debugger. + * + * We don't check the error code as the debugger + * will tell us if it can't attach. + */ + (void)prctl(PR_SET_PTRACER, pid, 0, 0, 0); #endif - if (asprintf(&cmd, "xterm -e \"gdb --pid %u\"&", getpid()) == -1) { - return; - } - if (system(cmd) == -1) { - free(cmd); - return; + ret = write(ready_pipe[1], &c, 1); + SMB_ASSERT(ret == 1); + + ret = close(ready_pipe[1]); + SMB_ASSERT(ret == 0); + + /* Wait for gdb to attach. */ + sleep(2); + } else { + char *cmd = NULL; + + ret = close(ready_pipe[1]); + SMB_ASSERT(ret == 0); + + ret = read(ready_pipe[0], &c, 1); + SMB_ASSERT(ret == 1); + + ret = close(ready_pipe[0]); + SMB_ASSERT(ret == 0); + + ret = asprintf(&cmd, "gdb --pid %u", getppid()); + SMB_ASSERT(ret != -1); + + execlp("xterm", "xterm", "-e", cmd, (char *) NULL); + smb_panic("execlp() failed"); } - free(cmd); - sleep(2); } #endif diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h index 559021c0a0e..56aa6aaed09 100644 --- a/source4/heimdal_build/roken.h +++ b/source4/heimdal_build/roken.h @@ -31,6 +31,9 @@ /* even if we do have dlopen, we don't want heimdal using it */ #undef HAVE_DLOPEN +/* even if we have LMDB, we don't want heimdal using it */ +#undef HAVE_LMDB + /* we need to tell roken about the functions that Samba replaces in lib/replace */ #ifndef HAVE_SETEUID #define HAVE_SETEUID 1 diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build index 09c525c2957..514cc72659f 100644 --- a/source4/heimdal_build/wscript_build +++ b/source4/heimdal_build/wscript_build @@ -4,15 +4,7 @@ import os from waflib import Context from samba_utils import SET_TARGET_TYPE from samba_autoconf import CURRENT_CFLAGS -from samba_utils import LOAD_ENVIRONMENT - -def to_list(str): - '''Split a list, preserving quoted strings and existing lists''' - if str is None: - return [] - if isinstance(str, list): - return str - return str.split(None) +from samba_utils import LOAD_ENVIRONMENT, TO_LIST def heimdal_path(p, absolute=False): hpath = os.path.join("../heimdal", p) @@ -21,7 +13,7 @@ def heimdal_path(p, absolute=False): return os.path.normpath(os.path.join(bld.path.abspath(), hpath)) def heimdal_paths(ps): - return [heimdal_path(p) for p in to_list(ps)] + return [heimdal_path(p) for p in TO_LIST(ps)] # waf build tool for building .et files with compile_et def HEIMDAL_ASN1(name, source, @@ -68,7 +60,7 @@ def HEIMDAL_ASN1(name, source, asn1_rule = cd_rule + no_leak_check + ' "${ASN1_COMPILE}" ${OPTION_FILE} ${ASN1OPTIONS} --one-code-file "${SRC[0].abspath(env)}" ${ASN1NAME}' - source = to_list(source) + source = TO_LIST(source) if option_file is not None: source.append(option_file) @@ -131,7 +123,7 @@ def HEIMDAL_ASN1(name, source, bld.set_group('main') - includes = to_list(includes) + includes = TO_LIST(includes) includes.append(os.path.dirname(out_files[0])) t = bld(features = 'c', @@ -139,7 +131,7 @@ def HEIMDAL_ASN1(name, source, target = name, samba_cflags = CURRENT_CFLAGS(bld, name, ''), depends_on = '', - samba_deps = to_list('roken replace'), + samba_deps = TO_LIST('roken replace'), samba_includes = includes, local_include = True) @@ -238,7 +230,7 @@ def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes=''): return # the library itself will depend on that object target - deps = to_list(deps) + deps = TO_LIST(deps) deps.append(obj_target) ldflags = [] @@ -302,7 +294,7 @@ def HEIMDAL_SUBSYSTEM(modname, source, target = modname, samba_cflags = samba_cflags, depends_on = '', - samba_deps = to_list(deps), + samba_deps = TO_LIST(deps), samba_includes = includes, local_include = True, local_include_first = True, @@ -412,7 +404,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'): use_hostcc=True, use_global_deps=False, includes='../heimdal/lib/roken ../heimdal/include ../heimdal_build/include', - cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_', group='compiler_libraries', deps='LIBREPLACE_HOSTCC', ) @@ -614,7 +605,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"): HEIMDAL_ERRTABLE('HEIMDAL_HEIM_ERR_ET', 'lib/krb5/heim_err.et') - KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list( + KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in TO_LIST( '''acache.c add_et_list.c addr_families.c appdefault.c asn1_glue.c auth_context.c @@ -912,7 +903,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'): 'lib/asn1/asn1parse.c lib/asn1/lex.l lib/asn1/main.c', use_hostcc=True, use_global_deps=False, - cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_', includes='../heimdal/lib/asn1', group='build_compilers', deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC', @@ -928,7 +918,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'): use_global_deps=False, includes='../heimdal/lib/com_err', group='build_compilers', - cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_', deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC', install=False ) diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh index df4b226b668..e0557ce31f9 100755 --- a/testprogs/blackbox/test_kinit_heimdal.sh +++ b/testprogs/blackbox/test_kinit_heimdal.sh @@ -66,7 +66,7 @@ rm -rf $KRB5CCNAME_PATH testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1` echo $PASSWORD > $PREFIX/tmppassfile -testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` +testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1` @@ -108,7 +108,7 @@ KRB5CCNAME="FILE:$KRB5CCNAME_PATH" export KRB5CCNAME rm -f $KRB5CCNAME_PATH -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` @@ -117,7 +117,7 @@ testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $P echo $NEWUSERPASS > $PREFIX/tmpuserpassfile rm -f $KRB5CCNAME_PATH -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` @@ -165,12 +165,12 @@ EOF testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1` rm -f $KRB5CCNAME_PATH -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` NEWUSERPASS=testPaSS@78% echo $NEWUSERPASS > $PREFIX/tmpuserpassfile -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` cat > $PREFIX/tmpkpasswdscript <<EOF expect New password @@ -183,9 +183,9 @@ EOF testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME nettestuser@$REALM || failed=`expr $failed + 1` rm -f $KRB5CCNAME_PATH -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` NEWUSERPASS=testPaSS@910% echo $NEWUSERPASS > $PREFIX/tmpuserpassfile @@ -200,9 +200,9 @@ EOF testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/nettestuser@$REALM || failed=`expr $failed + 1` -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` -test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` +test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" -k yes || failed=`expr $failed + 1` cat > $PREFIX/tmpldbmodify <<EOF dn: cn=nettestuser,cn=users,$BASEDN @@ -233,7 +233,7 @@ testit "kinit with user password for expired password" $texpect $PREFIX/tmppassw test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` echo $NEWUSERPASS > $PREFIX/tmpuserpassfile -testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` +testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1` test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1` -- Samba Shared Repository