TNG "no locking available" error, HP/UX

nazard at dragoninc.on.ca nazard at dragoninc.on.ca
Sun Apr 2 05:51:04 GMT 2000 

On  2 Apr, Peter Samuelson wrote:
> [nazard at dragoninc.on.ca]
>> But this should be a runtime test.
> 
> Have you tried it?  Try it.  It's not just one test.  There are many
> locking schemes in use on Unix and the Samba configure tries several.
> Some might not even link.  Some might link but not work correctly due
> to NFS or whatnot.  Samba tries to find one that will actually work.
> 
> This is not easy stuff to do at runtime.

I know. I've done it. The issue I had was that the test wasn't really
worth anything. It was testing if locking worked in the local
directory. It wasn't testing for locking functions available in the OS.
There wasn't an option to disable or redirect the test.

If the test was meant to prevent running samba without locking, it
wasn't doing it's job. It was preventing people from compiling samba
without locking <g>
 
>> This isn't going to help joe user who installs an RPM, and points it
>> to /nfs_share.
> 
> So now you're suggesting not only doing this at runtime, but repeating
> it in every directory you access?  Perhaps you want to maintain a cache
> of (*lock_file)() pointers, one for each unique mount point?  Once
> again.  If you think it's feasible, try it.  *I*'m not writing such a
> beast, and I'm guessing neither are any of the Samba maintainers.

The directories we were interesting in were samba specific (i.e.
private/ & var/locks).

>> I also seem to remember something about an OS which when doing
>> locking of NFS, only locked the file locally. It'll pass the test,
>> but fail the run <g>.
> 
> Yeah, and in that case there is very little you could do to detect much
> less prevent the situation.  Either at compile time or at runtime.  So
> you put out a BFW and let the users, who aren't stupid[*], make sure it
> doesn't bite them.

That's why I suggested allowing the user to specify the directory to
test, a security document, and if someone was feeling bored, possibly a
program to check the implementation, possibly an extension to testparm.

> 
> [*] Some are.  I know.  I work in a training center.  Possibly most
>     users are stupid.  But there's no excuse for stupid administrators.
>     Anyone who puts software to important uses deserves anything he
>     gets for not reading the release notes.

Which isn't going to stop some stupid media article from pointing out
all the many samba "security" flaws. You know, I know, but the clients
I work with haven't a clue <g>

-- 
Doug Nazar
Dragon Computer Consultants Inc.
Tel: (416) 708-1578     Fax: (416) 708-8081

More information about the samba-ntdom mailing list