[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Tue Apr 20 12:34:01 UTC 2021
The branch, master has been updated
via 416c9bbc4f8 util: Ensure debugger is not started until it is allowed to attach
via 05a1ca2f4c7 util: Ensure debugger can be attached to process
via c5047548727 heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_'
via 5172e1b0dd6 lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly
via 52950460821 wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_
via 4367eeb7785 selftest: Improve test names in kinit test for improved debugging
via 01dac7b97c9 heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba
via 6f451e24ea6 heimdal_build: use TO_LIST from wafsamba.samba_utils
from 5c3470c0f29 s3: smbd: Prevent fchmod on a symlink.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 416c9bbc4f8c92fd0951ce6f03228fd22aedd650
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Apr 12 10:23:20 2021 +1200
util: Ensure debugger is not started until it is allowed to attach
Use a pipe to ensure that the debugger is not started until after the
prctl() call allowing it to attach to the parent, avoiding a potential
race condition.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 20 12:33:40 UTC 2021 on sn-devel-184
commit 05a1ca2f4c771d1e249a6d756488cb5e1e3312dd
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Mar 29 15:04:53 2021 +1300
util: Ensure debugger can be attached to process
samba_start_debugger() attempts to start a debugger attached to the
calling process by calling system() to start a background process.
However, if the spawned shell exits before the debugger has had a chance
to attach, the debugger process will no longer be a child of the parent
process (as it will have been reparented).
If the system does not allow tracing by non-child processes, attachment
may fail as a result.
This commit replaces the system() call and the implicit shell around
xterm with an explicit fork()/exec() so that the debugger remains a
child of the calling process, ensuring the attachment succeeds unless
tracing is disabled completely.
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c50475487274cc8f524b28aac9825e35e9407c8d
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 12:06:50 2020 +0200
heimdal_build: avoid cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_'
SOCKET_WRAPPER_DISABLE is unused for a long time already
and _SAMBA_HOSTCC_ is implied by use_hostcc=True now.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[abartlet at samba.org: Adapted to current master from Metze's wip.git/master/heimdal
branch]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 5172e1b0dd625c8f5593c92b185b4c593514bd89
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 11:50:53 2020 +0200
lib/replace: don't set -D_SAMBA_HOSTCC_ explicitly
use_hostcc=True already triggers this.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 52950460821860613eaf375f2fa0ad1fc6f16674
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 11:49:44 2020 +0200
wafsamba: let 'use_hostcc=True' result in -D_SAMBA_HOSTCC_
That's easier for the callers.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 4367eeb77851b9fa49a7c06c4b3cced9e4e18468
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed May 20 13:40:13 2015 +0200
selftest: Improve test names in kinit test for improved debugging
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 01dac7b97c9c2f67f0c76332fe7b9491a0d61c71
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Sep 6 14:54:50 2018 +1200
heimdal_build: Do not use LMDB in Heimdal even if we have it in Samba
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 6f451e24ea6991e5d2750fe0d19bf94768910443
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Apr 3 12:01:15 2020 +0200
heimdal_build: use TO_LIST from wafsamba.samba_utils
Signed-off-by: Stefan Metzmacher <metze at samba.org>
[abartlet at samba.org: adapted from patch in Metze's
wip.git/master-heimdal to current master
without the other patches]
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_autoconf.py | 10 ++++--
buildtools/wafsamba/wafsamba.py | 1 +
lib/replace/wscript | 1 -
lib/util/util.c | 61 +++++++++++++++++++++++++-------
source4/heimdal_build/roken.h | 3 ++
source4/heimdal_build/wscript_build | 27 +++++---------
testprogs/blackbox/test_kinit_heimdal.sh | 20 +++++------
7 files changed, 78 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_autoconf.py b/buildtools/wafsamba/samba_autoconf.py
index 276b88780b8..4d2aea6c941 100644
--- a/buildtools/wafsamba/samba_autoconf.py
+++ b/buildtools/wafsamba/samba_autoconf.py
@@ -905,9 +905,15 @@ def ADD_EXTRA_INCLUDES(conf, includes):
-def CURRENT_CFLAGS(bld, target, cflags, allow_warnings=False, hide_symbols=False):
+def CURRENT_CFLAGS(bld, target, cflags,
+ allow_warnings=False,
+ use_hostcc=False,
+ hide_symbols=False):
'''work out the current flags. local flags are added first'''
- ret = TO_LIST(cflags)
+ ret = []
+ if use_hostcc:
+ ret += ['-D_SAMBA_HOSTCC_']
+ ret += TO_LIST(cflags)
if not 'EXTRA_CFLAGS' in bld.env:
list = []
else:
diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py
index d1baa3b4940..9c8aa36d61c 100644
--- a/buildtools/wafsamba/wafsamba.py
+++ b/buildtools/wafsamba/wafsamba.py
@@ -635,6 +635,7 @@ def SAMBA_SUBSYSTEM(bld, modname, source,
target = modname,
samba_cflags = CURRENT_CFLAGS(bld, modname, cflags,
allow_warnings=allow_warnings,
+ use_hostcc=use_hostcc,
hide_symbols=hide_symbols),
depends_on = depends_on,
samba_deps = TO_LIST(deps),
diff --git a/lib/replace/wscript b/lib/replace/wscript
index 2c856b61a0f..21b29bb9b90 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -881,7 +881,6 @@ def build(bld):
REPLACE_HOSTCC_SOURCE,
use_hostcc=True,
use_global_deps=False,
- cflags='-D_SAMBA_HOSTCC_',
group='compiler_libraries',
deps = extra_libs
)
diff --git a/lib/util/util.c b/lib/util/util.c
index 7d7fb91e875..7eee60b85cd 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -1166,21 +1166,56 @@ void anonymous_shared_free(void *ptr)
*/
void samba_start_debugger(void)
{
- char *cmd = NULL;
+ int ready_pipe[2];
+ char c;
+ int ret;
+ pid_t pid;
+
+ ret = pipe(ready_pipe);
+ SMB_ASSERT(ret == 0);
+
+ pid = fork();
+ SMB_ASSERT(pid >= 0);
+
+ if (pid) {
+ c = 0;
+
+ ret = close(ready_pipe[0]);
+ SMB_ASSERT(ret == 0);
#if defined(HAVE_PRCTL) && defined(PR_SET_PTRACER)
- /*
- * Make sure all children can attach a debugger.
- */
- prctl(PR_SET_PTRACER, getpid(), 0, 0, 0);
+ /*
+ * Make sure the child process can attach a debugger.
+ *
+ * We don't check the error code as the debugger
+ * will tell us if it can't attach.
+ */
+ (void)prctl(PR_SET_PTRACER, pid, 0, 0, 0);
#endif
- if (asprintf(&cmd, "xterm -e \"gdb --pid %u\"&", getpid()) == -1) {
- return;
- }
- if (system(cmd) == -1) {
- free(cmd);
- return;
+ ret = write(ready_pipe[1], &c, 1);
+ SMB_ASSERT(ret == 1);
+
+ ret = close(ready_pipe[1]);
+ SMB_ASSERT(ret == 0);
+
+ /* Wait for gdb to attach. */
+ sleep(2);
+ } else {
+ char *cmd = NULL;
+
+ ret = close(ready_pipe[1]);
+ SMB_ASSERT(ret == 0);
+
+ ret = read(ready_pipe[0], &c, 1);
+ SMB_ASSERT(ret == 1);
+
+ ret = close(ready_pipe[0]);
+ SMB_ASSERT(ret == 0);
+
+ ret = asprintf(&cmd, "gdb --pid %u", getppid());
+ SMB_ASSERT(ret != -1);
+
+ execlp("xterm", "xterm", "-e", cmd, (char *) NULL);
+ smb_panic("execlp() failed");
}
- free(cmd);
- sleep(2);
}
#endif
diff --git a/source4/heimdal_build/roken.h b/source4/heimdal_build/roken.h
index 559021c0a0e..56aa6aaed09 100644
--- a/source4/heimdal_build/roken.h
+++ b/source4/heimdal_build/roken.h
@@ -31,6 +31,9 @@
/* even if we do have dlopen, we don't want heimdal using it */
#undef HAVE_DLOPEN
+/* even if we have LMDB, we don't want heimdal using it */
+#undef HAVE_LMDB
+
/* we need to tell roken about the functions that Samba replaces in lib/replace */
#ifndef HAVE_SETEUID
#define HAVE_SETEUID 1
diff --git a/source4/heimdal_build/wscript_build b/source4/heimdal_build/wscript_build
index 09c525c2957..514cc72659f 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -4,15 +4,7 @@ import os
from waflib import Context
from samba_utils import SET_TARGET_TYPE
from samba_autoconf import CURRENT_CFLAGS
-from samba_utils import LOAD_ENVIRONMENT
-
-def to_list(str):
- '''Split a list, preserving quoted strings and existing lists'''
- if str is None:
- return []
- if isinstance(str, list):
- return str
- return str.split(None)
+from samba_utils import LOAD_ENVIRONMENT, TO_LIST
def heimdal_path(p, absolute=False):
hpath = os.path.join("../heimdal", p)
@@ -21,7 +13,7 @@ def heimdal_path(p, absolute=False):
return os.path.normpath(os.path.join(bld.path.abspath(), hpath))
def heimdal_paths(ps):
- return [heimdal_path(p) for p in to_list(ps)]
+ return [heimdal_path(p) for p in TO_LIST(ps)]
# waf build tool for building .et files with compile_et
def HEIMDAL_ASN1(name, source,
@@ -68,7 +60,7 @@ def HEIMDAL_ASN1(name, source,
asn1_rule = cd_rule + no_leak_check + ' "${ASN1_COMPILE}" ${OPTION_FILE} ${ASN1OPTIONS} --one-code-file "${SRC[0].abspath(env)}" ${ASN1NAME}'
- source = to_list(source)
+ source = TO_LIST(source)
if option_file is not None:
source.append(option_file)
@@ -131,7 +123,7 @@ def HEIMDAL_ASN1(name, source,
bld.set_group('main')
- includes = to_list(includes)
+ includes = TO_LIST(includes)
includes.append(os.path.dirname(out_files[0]))
t = bld(features = 'c',
@@ -139,7 +131,7 @@ def HEIMDAL_ASN1(name, source,
target = name,
samba_cflags = CURRENT_CFLAGS(bld, name, ''),
depends_on = '',
- samba_deps = to_list('roken replace'),
+ samba_deps = TO_LIST('roken replace'),
samba_includes = includes,
local_include = True)
@@ -238,7 +230,7 @@ def HEIMDAL_LIBRARY(libname, source, deps, vnum, version_script, includes=''):
return
# the library itself will depend on that object target
- deps = to_list(deps)
+ deps = TO_LIST(deps)
deps.append(obj_target)
ldflags = []
@@ -302,7 +294,7 @@ def HEIMDAL_SUBSYSTEM(modname, source,
target = modname,
samba_cflags = samba_cflags,
depends_on = '',
- samba_deps = to_list(deps),
+ samba_deps = TO_LIST(deps),
samba_includes = includes,
local_include = True,
local_include_first = True,
@@ -412,7 +404,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
use_hostcc=True,
use_global_deps=False,
includes='../heimdal/lib/roken ../heimdal/include ../heimdal_build/include',
- cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_',
group='compiler_libraries',
deps='LIBREPLACE_HOSTCC',
)
@@ -614,7 +605,7 @@ if not bld.CONFIG_SET("USING_SYSTEM_KRB5"):
HEIMDAL_ERRTABLE('HEIMDAL_HEIM_ERR_ET', 'lib/krb5/heim_err.et')
- KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in to_list(
+ KRB5_SOURCE = [os.path.join('lib/krb5/', x) for x in TO_LIST(
'''acache.c add_et_list.c
addr_families.c appdefault.c
asn1_glue.c auth_context.c
@@ -912,7 +903,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_ASN1_COMPILE'):
'lib/asn1/asn1parse.c lib/asn1/lex.l lib/asn1/main.c',
use_hostcc=True,
use_global_deps=False,
- cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_',
includes='../heimdal/lib/asn1',
group='build_compilers',
deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC',
@@ -928,7 +918,6 @@ if not bld.CONFIG_SET('USING_SYSTEM_COMPILE_ET'):
use_global_deps=False,
includes='../heimdal/lib/com_err',
group='build_compilers',
- cflags='-DSOCKET_WRAPPER_DISABLE=1 -D_SAMBA_HOSTCC_',
deps='ROKEN_HOSTCC LIBREPLACE_HOSTCC HEIMDAL_VERS_HOSTCC',
install=False
)
diff --git a/testprogs/blackbox/test_kinit_heimdal.sh b/testprogs/blackbox/test_kinit_heimdal.sh
index df4b226b668..e0557ce31f9 100755
--- a/testprogs/blackbox/test_kinit_heimdal.sh
+++ b/testprogs/blackbox/test_kinit_heimdal.sh
@@ -66,7 +66,7 @@ rm -rf $KRB5CCNAME_PATH
testit "reset password policies beside of minimum password age of 0 days" $VALGRIND $PYTHON $samba_tool domain passwordsettings set $ADMIN_LDBMODIFY_CONFIG --complexity=default --history-length=default --min-pwd-length=default --min-pwd-age=0 --max-pwd-age=default || failed=`expr $failed + 1`
echo $PASSWORD > $PREFIX/tmppassfile
-testit "kinit with password" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
+testit "kinit with password (initial)" $samba4kinit $enctype --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
testit "kinit with password (enterprise style)" $samba4kinit $enctype --enterprise --password-file=$PREFIX/tmppassfile --request-pac $USERNAME@$REALM || failed=`expr $failed + 1`
@@ -108,7 +108,7 @@ KRB5CCNAME="FILE:$KRB5CCNAME_PATH"
export KRB5CCNAME
rm -f $KRB5CCNAME_PATH
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after enable of user and password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
@@ -117,7 +117,7 @@ testit "change user password with 'samba-tool user password' (rpc)" $VALGRIND $P
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
rm -f $KRB5CCNAME_PATH
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after rpc password change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
@@ -165,12 +165,12 @@ EOF
testit "change user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd nettestuser@$REALM || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after kpasswd change)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS at 78%
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after kpasswd change)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
cat > $PREFIX/tmpkpasswdscript <<EOF
expect New password
@@ -183,9 +183,9 @@ EOF
testit "set user password with kpasswd" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$ADMIN_KRB5CCNAME nettestuser@$REALM || failed=`expr $failed + 1`
rm -f $KRB5CCNAME_PATH
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after kpasswd set)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after kpasswd set)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS at 910%
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
@@ -200,9 +200,9 @@ EOF
testit "set user password with kpasswd and servicePrincipalName" $texpect $PREFIX/tmpkpasswdscript $samba4kpasswd --cache=$PREFIX/tmpccache host/nettestuser@$REALM || failed=`expr $failed + 1`
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after set with kpasswd and spn)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
-test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
+test_smbclient "Test login with user kerberos ccache (after set with kpasswd and spn)" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
cat > $PREFIX/tmpldbmodify <<EOF
dn: cn=nettestuser,cn=users,$BASEDN
@@ -233,7 +233,7 @@ testit "kinit with user password for expired password" $texpect $PREFIX/tmppassw
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
echo $NEWUSERPASS > $PREFIX/tmpuserpassfile
-testit "kinit with user password" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
+testit "kinit with user password (after password change forced by expiration)" $samba4kinit $enctype --password-file=$PREFIX/tmpuserpassfile --request-pac nettestuser@$REALM || failed=`expr $failed + 1`
test_smbclient "Test login with user kerberos ccache" 'ls' "$unc" -k yes || failed=`expr $failed + 1`
--
Samba Shared Repository
More information about the samba-cvs
mailing list