tevent_abort_nesting crash in idmap_ad

Fri Jun 24 16:22:15 UTC 2016

On Fri, Jun 24, 2016 at 05:56:00PM +0200, Ralph Boehme wrote:
> On Fri, Jun 24, 2016 at 05:48:24PM +0200, Volker Lendecke wrote:
> > On Fri, Jun 24, 2016 at 05:41:41PM +0200, Ralph Boehme wrote:
> > > On Fri, Jun 24, 2016 at 05:15:45PM +0200, Volker Lendecke wrote:
> > > > On Fri, Jun 24, 2016 at 04:33:12PM +0200, Ralph Boehme wrote:
> > > > > Just came across the following while running selftests that involve
> > > > > idmap_ad on a member server testenv:
> > > > > 
> > > > > idmap_ad calls into tldap which calls into gensec where it runs a
> > > > > nested tevent loop, SBT attached.
> > > > > 
> > > > > For now I added a hack to allow nested tevent loops to
> > > > > tldap_gensec_bind(), this fixes the issue.
> > > > 
> > > > Please find a better patch attached. It's a pity, but it's inevitable.
> > > > 
> > > > Review&Push appreciated!
> > > 
> > > I was able to briefly talk to metze and he suggested we wait til
> > > Monday to evaluate our options.
> > 
> > There are no options. gensec has had nested eventloops forever, and
> > it will take many months of metze's full time work to fix this. We
> > can't wait for that, this will never happen. I have tried to convince
> > the gensec masters for years that this is required, but we just have to
> > accept the fact that gensec requires nested event loops by its very core
> > design, and I am not willing to accept nested event loops in code that
> > I feel responsible for. There was one person in the world who was able
> > to debug nested event loop code, and this was Tridge. Tridge left Samba,
> > so we have nobody anymore to debug that code when bad things happen.
> > 
> > Sorry for causing this trouble, I am very disappointed with myself that I
> > let myself be caught in the trap to believe that gensec might be usable.
> > It is not.
> > 
> > Please remove this again. NOW.
> 
> your code, you insist, so be it. Pushed to autobuild.

So thinking about it some more, I'd really like you
to cancel that autobuild pushing the revert please.

I've learned over many years working on Samba that
acting in haste like this is *always* a mistake that
we regret.

The revert may very well be the correct thing to do,
but I'd like to have more than a few hours thought
on this before we make that decision.

Volker, I understand you're upset about this and
with some valid reasons - but forcing Ralph to do
a revert by bullying him like this is *NOT* good
behaviour and not something I'd like to encourage
on the lists.

It makes Samba a very hostile place to work, and
that's not the kind of project we are, or aspire
to be.

Please reconsider the demand for immediate revert.

Reverting next week will probably be fine, and is
certainly soon enough for our needs.

Cheers,

	Jeremy.