Releases, locking and ldb

Andrew Bartlett abartlet at samba.org
Tue Jun 27 10:06:47 UTC 2017 

On Tue, 2017-06-27 at 21:46 +1200, Andrew Bartlett via samba-technical
wrote:
> On Tue, 2017-06-27 at 08:24 +0200, Stefan Metzmacher via samba-
> technical wrote:
> > 
> > The good thing is that due to LDB_MODULE_CHECK_VERSION()
> > Samba and sssd are only runtime compatible with the version
> > they're build against.
> > 
> > Would "ldb:tdb: Ensure we correctly decrement ltdb->read_lock_count"
> > affect any old caller in any bad way?
> 
> I presume you mean some other hypothetical application beyond Samba and
> SSSD?
> 
> The primary change is that during the ldb callbacks, the DB is locked,
> rather than unlocked.  It is no longer possible to start a transaction
> (write operation) during an ldb callback.  Instead, as good practice
> would already dictate, you must start the transaction before the
> search. 
> 
> > And what about "tdb: Remove locking from tdb_traverse_read()"?
> 
> I'm not sure about this one.  As we can't have one without the other I
> don't know (and haven't studied) exactly what else it might impact. 
> 
> I don't think this without the ldb patches is actively harmful however.
> 
> > Whould something like this on the samba_dsdb module
> > in 4.6 work around the problems (and keep it only as broken as it
> > already is):
> > - always call ldb_handle_use_global_event_context()
> 
> I don't think this case is worth worrying about.  It is rootdse
> modified over LDAP in the single process model (only). 
> 
> > - overwrite read_lock/read_unlock() to be a no-op
> 
> No, this gets us to the point I was at during SambaXP, with random
> LDB_ERR_BUSY / 'failed to upgrade hash locks', as we won't have a
> global lock order.
> 
> I don't think it makes any difference to actually to have it pass the
> read_lock()/read_unlock() down to sam.ldb.
> 
> I personally think we should just declare the incomparability, ideally
> at build time, and move on.  (I tried to create an #ifdef hack to
> detect this at build time, but wasn't able to build a reliable one
> yet). 
> 
> I realise that everything that can happen will happen, but still: how
> likely are they to be mixed in the real world?

I guess more likely than I care to admit.  Try the attached for a
compile-time way to prevent this.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
-------------- next part --------------
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index 3d56e68..7140e18 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -33,6 +33,13 @@
 #ifndef _LDB_MODULE_H_
 #define _LDB_MODULE_H_
 
+#if !defined(SAMBA_PATCHED_FOR_LDB_LOCKING) && \
+	defined(_SAMBA_BUILD_)
+#if (_SAMBA_BUILD_ == 4)
+#error "Samba < 4.7 is not compatible with this version of ldb due to assumptions around read locks"
+#endif
+#endif
+
 #include <ldb.h>
 
 struct ldb_context;
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 1fce3b3..dfdaba4 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -105,6 +105,8 @@ def configure(conf):
 
     conf.DEFINE('HAVE_CONFIG_H', 1, add_to_cflags=True)
 
+    conf.DEFINE('SAMBA_PATCHED_FOR_LDB_LOCKING', 1, add_to_cflags=True)
+    
     conf.SAMBA_CONFIG_H()
 
     conf.SAMBA_CHECK_UNDEFINED_SYMBOL_FLAGS()

More information about the samba-technical mailing list