BUG: Incompatibility between Samba & Secure kernels (fwd)

David Collier-Brown davecb at canada.sun.com
Thu Jul 5 14:04:26 GMT 2001

Xavier ROCHE <roche at serianet.com> wrote:
> Once security disabled in the SECURITY section, everything seems to work
> fine (no errors in the logs). I didn' have yet found exacly which
> security option is causing this mess, but I can try to compile several
> kernel releases and try to activate each option at time.
> Is there a way to specify an option in smb.conf to disable shared memory,
> or to disable shared memory automatically when secured kernels are being
> used?

	I find this problem puzzling:  I'm more familiar 
	with formal security such as the Orange Book set
	(I run Trusted Solaris on a machine at home), and
	wonder why a security kernel would have to be turned
	entirely off to reenable mmap... The README
	implies taht uoi only need to turn off the

	On the other hand, Samba's behavior on failure
	is a bit frightening (:-)) In tdb_mmap() intdb.c,
	we return NULL to the callers, but the callers
	behave differently...

Functions calling this function: tdb_mmap
  File  Function   Line
1 tdb.c tdb_oob     209 tdb->map_ptr = tdb_mmap(tdb->map_size,
2 tdb.c tdb_expand  465 tdb->map_ptr = tdb_mmap(tdb->map_size, 0,
3 tdb.c tdb_open   1139 tdb.map_ptr = tdb_mmap(st.st_size,

tdb_oob() and tdb_expand() just stuff the null into tdb->map_ptr,
and tdb_open() returns a pointer to the null.  None of the three
check for failure, although they have code to check for other
failures. This is arguably A Bad Thing.

I tentatively reccomend:
--- tdb.c       Thu Apr 19 08:47:24 2001
+++ tdb.c.new   Thu Jul  5 10:01:56 2001
@@ -1136,7 +1136,8 @@
         tdb.locked = calloc(tdb.header.hash_size+1,
         if (!tdb.locked) goto fail;
        if (!(tdb.flags & TDB_NOMMAP)) 
-               tdb.map_ptr = tdb_mmap(st.st_size, tdb.read_only,
+               if ((tdb.map_ptr = tdb_mmap(st.st_size, tdb.read_only,
tdb.fd)) == NULL)
+                       goto fail;
        if (locked) {
                tdb_brlock(&tdb, ACTIVE_LOCK, F_UNLCK, F_SETLK);


> --
> Xavier Roche
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba

David Collier-Brown,           | Always do right. This will gratify 
Performance & Engineering Team | some people and astonish the rest.
Americas Customer Engineering  |                      -- Mark Twain
(905) 415-2849                 | davecb at canada.sun.com

More information about the samba-technical mailing list