tevent_abort_nesting crash in idmap_ad

Volker Lendecke vl at samba.org
Fri Jun 24 15:48:24 UTC 2016

On Fri, Jun 24, 2016 at 05:41:41PM +0200, Ralph Boehme wrote:
> On Fri, Jun 24, 2016 at 05:15:45PM +0200, Volker Lendecke wrote:
> > On Fri, Jun 24, 2016 at 04:33:12PM +0200, Ralph Boehme wrote:
> > > Just came across the following while running selftests that involve
> > > idmap_ad on a member server testenv:
> > > 
> > > idmap_ad calls into tldap which calls into gensec where it runs a
> > > nested tevent loop, SBT attached.
> > > 
> > > For now I added a hack to allow nested tevent loops to
> > > tldap_gensec_bind(), this fixes the issue.
> > 
> > Please find a better patch attached. It's a pity, but it's inevitable.
> > 
> > Review&Push appreciated!
> I was able to briefly talk to metze and he suggested we wait til
> Monday to evaluate our options.

There are no options. gensec has had nested eventloops forever, and
it will take many months of metze's full time work to fix this. We
can't wait for that, this will never happen. I have tried to convince
the gensec masters for years that this is required, but we just have to
accept the fact that gensec requires nested event loops by its very core
design, and I am not willing to accept nested event loops in code that
I feel responsible for. There was one person in the world who was able
to debug nested event loop code, and this was Tridge. Tridge left Samba,
so we have nobody anymore to debug that code when bad things happen.

Sorry for causing this trouble, I am very disappointed with myself that I
let myself be caught in the trap to believe that gensec might be usable.
It is not.

Please remove this again. NOW.


More information about the samba-technical mailing list