[PATCH] Update nss_wrapper to version 1.1.5

Andreas Schneider asn at samba.org
Wed Oct 31 13:43:30 UTC 2018


Hello,

attached is a patch to update nss_wrapper in Samba to version 1.1.5.

The pipeline is here:
https://gitlab.com/samba-team/devel/samba/pipelines/34961684


Please review and push if OK.


Thanks,


	Andreas

-- 
Andreas Schneider                      asn at samba.org
Samba Team                             www.samba.org
GPG-ID:     8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D
-------------- next part --------------
>From b24190d98049ec1132d1ff9e07db36bd72ec529f Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn at samba.org>
Date: Wed, 31 Oct 2018 08:44:08 +0100
Subject: [PATCH] third_party: Update nss_wrapper to version 1.1.5

Signed-off-by: Andreas Schneider <asn at samba.org>
---
 buildtools/wafsamba/samba_third_party.py |   2 +-
 third_party/nss_wrapper/nss_wrapper.c    | 171 +++++++++++++++--------
 third_party/nss_wrapper/wscript          |   2 +-
 3 files changed, 114 insertions(+), 61 deletions(-)

diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py
index dbecf716bdc..be73dbe4218 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -47,7 +47,7 @@ Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
 
 @conf
 def CHECK_NSS_WRAPPER(conf):
-    return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.3')
+    return conf.CHECK_BUNDLED_SYSTEM_PKG('nss_wrapper', minversion='1.1.5')
 Build.BuildContext.CHECK_NSS_WRAPPER = CHECK_NSS_WRAPPER
 
 @conf
diff --git a/third_party/nss_wrapper/nss_wrapper.c b/third_party/nss_wrapper/nss_wrapper.c
index 566d02ca34b..81d900c3f42 100644
--- a/third_party/nss_wrapper/nss_wrapper.c
+++ b/third_party/nss_wrapper/nss_wrapper.c
@@ -1,8 +1,11 @@
 /*
- * Copyright (C) Stefan Metzmacher 2007 <metze at samba.org>
- * Copyright (C) Guenther Deschner 2009 <gd at samba.org>
- * Copyright (C) Andreas Schneider 2013 <asn at samba.org>
+ * BSD 3-Clause License
  *
+ * Copyright (c) 2007,      Stefan Metzmacher <metze at samba.org>
+ * Copyright (c) 2009,      Guenther Deschner <gd at samba.org>
+ * Copyright (c) 2014-2015, Michael Adam <obnox at samba.org>
+ * Copyright (c) 2015,      Robin Hack <hack.robin at gmail.com>
+ * Copyright (c) 2013-2018, Andreas Schneider <asn at samba.org>
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -142,6 +145,12 @@ typedef nss_status_t NSS_STATUS;
 #define PRINTF_ATTRIBUTE(a,b)
 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
 
+#ifdef HAVE_CONSTRUCTOR_ATTRIBUTE
+#define CONSTRUCTOR_ATTRIBUTE __attribute__ ((constructor))
+#else
+#define CONSTRUCTOR_ATTRIBUTE
+#endif /* HAVE_CONSTRUCTOR_ATTRIBUTE */
+
 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
 #else
@@ -209,8 +218,11 @@ static pthread_mutex_t nwrap_sp_global_mutex = PTHREAD_MUTEX_INITIALIZER;
 	NWRAP_UNLOCK(nwrap_initialized); \
 } while (0);
 
+static void nwrap_init(void);
+
 static void nwrap_thread_prepare(void)
 {
+	nwrap_init();
 	NWRAP_LOCK_ALL;
 }
 
@@ -292,11 +304,13 @@ struct nwrap_libc_fns {
 	int (*_libc_getpwuid_r)(uid_t uid, struct passwd *pwd, char *buf, size_t buflen, struct passwd **result);
 	void (*_libc_setpwent)(void);
 	struct passwd *(*_libc_getpwent)(void);
-#ifdef HAVE_SOLARIS_GETPWENT_R
+#ifdef HAVE_GETPWENT_R
+#  ifdef HAVE_SOLARIS_GETPWENT_R
 	struct passwd *(*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen);
-#else
+#  else /* HAVE_SOLARIS_GETPWENT_R */
 	int (*_libc_getpwent_r)(struct passwd *pwbuf, char *buf, size_t buflen, struct passwd **pwbufp);
-#endif
+#  endif /* HAVE_SOLARIS_GETPWENT_R */
+#endif /* HAVE_GETPWENT_R */
 	void (*_libc_endpwent)(void);
 	int (*_libc_initgroups)(const char *user, gid_t gid);
 	struct group *(*_libc_getgrnam)(const char *name);
@@ -305,11 +319,13 @@ struct nwrap_libc_fns {
 	int (*_libc_getgrgid_r)(gid_t gid, struct group *grp, char *buf, size_t buflen, struct group **result);
 	void (*_libc_setgrent)(void);
 	struct group *(*_libc_getgrent)(void);
-#ifdef HAVE_SOLARIS_GETGRENT_R
+#ifdef HAVE_GETGRENT_R
+#  ifdef HAVE_SOLARIS_GETGRENT_R
 	struct group *(*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen);
-#else
+#  else /* HAVE_SOLARIS_GETGRENT_R */
 	int (*_libc_getgrent_r)(struct group *group, char *buf, size_t buflen, struct group **result);
-#endif
+#  endif /* HAVE_SOLARIS_GETGRENT_R */
+#endif /* HAVE_GETGRENT_R */
 	void (*_libc_endgrent)(void);
 	int (*_libc_getgrouplist)(const char *user, gid_t group, gid_t *groups, int *ngroups);
 
@@ -793,9 +809,9 @@ static struct nwrap_he nwrap_he_global;
  * NWRAP PROTOTYPES
  *********************************************************/
 
-static void nwrap_init(void);
 static bool nwrap_gr_parse_line(struct nwrap_cache *nwrap, char *line);
 static void nwrap_gr_unload(struct nwrap_cache *nwrap);
+void nwrap_constructor(void) CONSTRUCTOR_ATTRIBUTE;
 void nwrap_destructor(void) DESTRUCTOR_ATTRIBUTE;
 
 /*********************************************************
@@ -832,7 +848,15 @@ static void *nwrap_load_lib_handle(enum nwrap_lib lib)
 	int i;
 
 #ifdef RTLD_DEEPBIND
-	flags |= RTLD_DEEPBIND;
+	const char *env = getenv("LD_PRELOAD");
+
+	/* Don't do a deepbind if we run with libasan */
+	if (env != NULL && strlen(env) < 1024) {
+		const char *p = strstr(env, "libasan.so");
+		if (p == NULL) {
+			flags |= RTLD_DEEPBIND;
+		}
+	}
 #endif
 
 	switch (lib) {
@@ -1066,7 +1090,8 @@ static struct passwd *libc_getpwent(void)
 	return nwrap_main_global->libc->fns->_libc_getpwent();
 }
 
-#ifdef HAVE_SOLARIS_GETPWENT_R
+#ifdef HAVE_GETPWENT_R
+#  ifdef HAVE_SOLARIS_GETPWENT_R
 static struct passwd *libc_getpwent_r(struct passwd *pwdst,
 				      char *buf,
 				      int buflen)
@@ -1077,7 +1102,7 @@ static struct passwd *libc_getpwent_r(struct passwd *pwdst,
 							      buf,
 							      buflen);
 }
-#else /* HAVE_SOLARIS_GETPWENT_R */
+#  else /* HAVE_SOLARIS_GETPWENT_R */
 static int libc_getpwent_r(struct passwd *pwdst,
 			   char *buf,
 			   size_t buflen,
@@ -1090,7 +1115,8 @@ static int libc_getpwent_r(struct passwd *pwdst,
 							      buflen,
 							      pwdstp);
 }
-#endif /* HAVE_SOLARIS_GETPWENT_R */
+#  endif /* HAVE_SOLARIS_GETPWENT_R */
+#endif /* HAVE_GETPWENT_R */
 
 static void libc_endpwent(void)
 {
@@ -1183,7 +1209,7 @@ static struct group *libc_getgrent(void)
 }
 
 #ifdef HAVE_GETGRENT_R
-#ifdef HAVE_SOLARIS_GETGRENT_R
+#  ifdef HAVE_SOLARIS_GETGRENT_R
 static struct group *libc_getgrent_r(struct group *group,
 				     char *buf,
 				     size_t buflen)
@@ -1194,7 +1220,7 @@ static struct group *libc_getgrent_r(struct group *group,
 							      buf,
 							      buflen);
 }
-#else /* !HAVE_SOLARIS_GETGRENT_R */
+#  else /* HAVE_SOLARIS_GETGRENT_R */
 static int libc_getgrent_r(struct group *group,
 			   char *buf,
 			   size_t buflen,
@@ -1207,7 +1233,7 @@ static int libc_getgrent_r(struct group *group,
 							      buflen,
 							      result);
 }
-#endif /* HAVE_SOLARIS_GETGRENT_R */
+#  endif /* HAVE_SOLARIS_GETGRENT_R */
 #endif /* HAVE_GETGRENT_R */
 
 static void libc_endgrent(void)
@@ -1488,19 +1514,17 @@ static bool nwrap_module_init(const char *name,
 
 static void nwrap_libc_init(struct nwrap_main *r)
 {
-	r->libc = malloc(sizeof(struct nwrap_libc));
+	r->libc = calloc(1, sizeof(struct nwrap_libc));
 	if (r->libc == NULL) {
 		printf("Failed to allocate memory for libc");
 		exit(-1);
 	}
-	ZERO_STRUCTP(r->libc);
 
-	r->libc->fns = malloc(sizeof(struct nwrap_libc_fns));
+	r->libc->fns = calloc(1, sizeof(struct nwrap_libc_fns));
 	if (r->libc->fns == NULL) {
 		printf("Failed to allocate memory for libc functions");
 		exit(-1);
 	}
-	ZERO_STRUCTP(r->libc->fns);
 }
 
 static void nwrap_backend_init(struct nwrap_main *r)
@@ -1541,6 +1565,7 @@ static void nwrap_init(void)
 	const char *env;
 	char *endptr;
 	size_t max_hostents_tmp;
+	int ok;
 
 	NWRAP_LOCK(nwrap_initialized);
 	if (nwrap_initialized) {
@@ -1561,10 +1586,6 @@ static void nwrap_init(void)
 
 	nwrap_initialized = true;
 
-	/* Initialize pthread_atfork handlers */
-	pthread_atfork(&nwrap_thread_prepare, &nwrap_thread_parent,
-		       &nwrap_thread_child);
-
 	env = getenv("NSS_WRAPPER_MAX_HOSTENTS");
 	if (env != NULL) {
 		max_hostents_tmp = (size_t)strtoul(env, &endptr, 10);
@@ -1584,10 +1605,11 @@ static void nwrap_init(void)
 	NWRAP_LOG(NWRAP_LOG_DEBUG,
 		  "Initializing hash table of size %lu items.",
 		  (unsigned long)max_hostents);
-	if (hcreate(max_hostents) == 0) {
+	ok = hcreate(max_hostents);
+	if (!ok) {
 		NWRAP_LOG(NWRAP_LOG_ERROR,
 			  "Failed to initialize hash table");
-		goto done;
+		exit(-1);
 	}
 
 	nwrap_main_global = &__nwrap_main_global;
@@ -1638,7 +1660,6 @@ static void nwrap_init(void)
 	nwrap_he_global.cache->parse_line = nwrap_he_parse_line;
 	nwrap_he_global.cache->unload = nwrap_he_unload;
 
-done:
 	/* We hold all locks here so we can use NWRAP_UNLOCK_ALL. */
 	NWRAP_UNLOCK_ALL;
 }
@@ -2624,7 +2645,9 @@ static bool nwrap_ed_inventarize_add_new(char *const h_name,
 
 	p = hsearch(e, ENTER);
 	if (p == NULL) {
-		NWRAP_LOG(NWRAP_LOG_ERROR, "Hash table is full!");
+		NWRAP_LOG(NWRAP_LOG_ERROR,
+			  "Hash table is full (%s)!",
+			  strerror(errno));
 		return false;
 	}
 
@@ -3832,9 +3855,7 @@ static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) b; /* unused */
-	(void) pwdst; /* unused */
-	(void) pwdstp; /* unused */
+	*pwdstp = NULL;
 
 	if (!b->fns->_nss_getpwnam_r) {
 		return NSS_STATUS_NOTFOUND;
@@ -3843,6 +3864,7 @@ static int nwrap_module_getpwnam_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getpwnam_r(name, pwdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*pwdstp = pwdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -3889,7 +3911,7 @@ static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) pwdstp; /* unused */
+	*pwdstp = NULL;
 
 	if (!b->fns->_nss_getpwuid_r) {
 		return ENOENT;
@@ -3898,6 +3920,7 @@ static int nwrap_module_getpwuid_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getpwuid_r(uid, pwdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*pwdstp = pwdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -3952,7 +3975,7 @@ static int nwrap_module_getpwent_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) pwdstp; /* unused */
+	*pwdstp = NULL;
 
 	if (!b->fns->_nss_getpwent_r) {
 		return ENOENT;
@@ -3961,6 +3984,7 @@ static int nwrap_module_getpwent_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getpwent_r(pwdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*pwdstp = pwdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -4045,7 +4069,7 @@ static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) grdstp; /* unused */
+	*grdstp = NULL;
 
 	if (!b->fns->_nss_getgrnam_r) {
 		return ENOENT;
@@ -4054,6 +4078,7 @@ static int nwrap_module_getgrnam_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getgrnam_r(name, grdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*grdstp = grdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -4116,7 +4141,7 @@ static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) grdstp; /* unused */
+	*grdstp = NULL;
 
 	if (!b->fns->_nss_getgrgid_r) {
 		return ENOENT;
@@ -4125,6 +4150,7 @@ static int nwrap_module_getgrgid_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getgrgid_r(gid, grdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*grdstp = grdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -4195,7 +4221,7 @@ static int nwrap_module_getgrent_r(struct nwrap_backend *b,
 {
 	int ret;
 
-	(void) grdstp; /* unused */
+	*grdstp = NULL;
 
 	if (!b->fns->_nss_getgrent_r) {
 		return ENOENT;
@@ -4204,6 +4230,7 @@ static int nwrap_module_getgrent_r(struct nwrap_backend *b,
 	ret = b->fns->_nss_getgrent_r(grdst, buf, buflen, &errno);
 	switch (ret) {
 	case NSS_STATUS_SUCCESS:
+		*grdstp = grdst;
 		return 0;
 	case NSS_STATUS_NOTFOUND:
 		if (errno != 0) {
@@ -4421,6 +4448,7 @@ struct passwd *getpwent(void)
  *   GETPWENT_R
  ***************************************************************************/
 
+#ifdef HAVE_GETPWENT_R
 static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
 			    size_t buflen, struct passwd **pwdstp)
 {
@@ -4438,7 +4466,7 @@ static int nwrap_getpwent_r(struct passwd *pwdst, char *buf,
 	return ENOENT;
 }
 
-#ifdef HAVE_SOLARIS_GETPWENT_R
+#  ifdef HAVE_SOLARIS_GETPWENT_R
 struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
 {
 	struct passwd *pwdstp = NULL;
@@ -4454,7 +4482,7 @@ struct passwd *getpwent_r(struct passwd *pwdst, char *buf, int buflen)
 
 	return pwdstp;
 }
-#else /* HAVE_SOLARIS_GETPWENT_R */
+#  else /* HAVE_SOLARIS_GETPWENT_R */
 int getpwent_r(struct passwd *pwdst, char *buf,
 	       size_t buflen, struct passwd **pwdstp)
 {
@@ -4464,7 +4492,8 @@ int getpwent_r(struct passwd *pwdst, char *buf,
 
 	return nwrap_getpwent_r(pwdst, buf, buflen, pwdstp);
 }
-#endif /* HAVE_SOLARIS_GETPWENT_R */
+#  endif /* HAVE_SOLARIS_GETPWENT_R */
+#endif /* HAVE_GETPWENT_R */
 
 /****************************************************************************
  *   ENDPWENT
@@ -4727,6 +4756,7 @@ struct group *getgrent(void)
  *   GETGRENT_R
  ***************************************************************************/
 
+#ifdef HAVE_GETGRENT_R
 static int nwrap_getgrent_r(struct group *grdst, char *buf,
 			    size_t buflen, struct group **grdstp)
 {
@@ -4744,7 +4774,7 @@ static int nwrap_getgrent_r(struct group *grdst, char *buf,
 	return ENOENT;
 }
 
-#ifdef HAVE_SOLARIS_GETGRENT_R
+#  ifdef HAVE_SOLARIS_GETGRENT_R
 struct group *getgrent_r(struct group *src, char *buf, int buflen)
 {
 	struct group *grdstp = NULL;
@@ -4761,7 +4791,7 @@ struct group *getgrent_r(struct group *src, char *buf, int buflen)
 
 	return grdstp;
 }
-#else /* HAVE_SOLARIS_GETGRENT_R */
+#  else /* HAVE_SOLARIS_GETGRENT_R */
 int getgrent_r(struct group *src, char *buf,
 	       size_t buflen, struct group **grdstp)
 {
@@ -4771,7 +4801,8 @@ int getgrent_r(struct group *src, char *buf,
 
 	return nwrap_getgrent_r(src, buf, buflen, grdstp);
 }
-#endif /* HAVE_SOLARIS_GETGRENT_R */
+#  endif /* HAVE_SOLARIS_GETGRENT_R */
+#endif /* HAVE_GETGRENT_R */
 
 /****************************************************************************
  *   ENDGRENT
@@ -5530,6 +5561,24 @@ int gethostname(char *name, size_t len)
 	return nwrap_gethostname(name, len);
 }
 
+/****************************
+ * CONSTRUCTOR
+ ***************************/
+void nwrap_constructor(void)
+{
+	/*
+	 * If we hold a lock and the application forks, then the child
+	 * is not able to unlock the mutex and we are in a deadlock.
+	 *
+	 * Setting these handlers should prevent such deadlocks.
+	 */
+	pthread_atfork(&nwrap_thread_prepare,
+		       &nwrap_thread_parent,
+		       &nwrap_thread_child);
+
+	/* Do not call nwrap_init() here. */
+}
+
 /****************************
  * DESTRUCTOR
  ***************************/
@@ -5547,28 +5596,32 @@ void nwrap_destructor(void)
 		struct nwrap_main *m = nwrap_main_global;
 
 		/* libc */
-		SAFE_FREE(m->libc->fns);
-		if (m->libc->handle != NULL) {
-			dlclose(m->libc->handle);
-		}
-		if (m->libc->nsl_handle != NULL) {
-			dlclose(m->libc->nsl_handle);
-		}
-		if (m->libc->sock_handle != NULL) {
-			dlclose(m->libc->sock_handle);
+		if (m->libc != NULL) {
+			SAFE_FREE(m->libc->fns);
+			if (m->libc->handle != NULL) {
+				dlclose(m->libc->handle);
+			}
+			if (m->libc->nsl_handle != NULL) {
+				dlclose(m->libc->nsl_handle);
+			}
+			if (m->libc->sock_handle != NULL) {
+				dlclose(m->libc->sock_handle);
+			}
+			SAFE_FREE(m->libc);
 		}
-		SAFE_FREE(m->libc);
 
 		/* backends */
-		for (i = 0; i < m->num_backends; i++) {
-			struct nwrap_backend *b = &(m->backends[i]);
+		if (m->backends != NULL) {
+			for (i = 0; i < m->num_backends; i++) {
+				struct nwrap_backend *b = &(m->backends[i]);
 
-			if (b->so_handle != NULL) {
-				dlclose(b->so_handle);
+				if (b->so_handle != NULL) {
+					dlclose(b->so_handle);
+				}
+				SAFE_FREE(b->fns);
 			}
-			SAFE_FREE(b->fns);
+			SAFE_FREE(m->backends);
 		}
-		SAFE_FREE(m->backends);
 	}
 
 	if (nwrap_pw_global.cache != NULL) {
diff --git a/third_party/nss_wrapper/wscript b/third_party/nss_wrapper/wscript
index 83fa23f47ee..2e9d1db13b1 100644
--- a/third_party/nss_wrapper/wscript
+++ b/third_party/nss_wrapper/wscript
@@ -2,7 +2,7 @@
 
 import os
 
-VERSION="1.1.3"
+VERSION="1.1.5"
 
 def configure(conf):
     if conf.CHECK_NSS_WRAPPER():
-- 
2.19.1



More information about the samba-technical mailing list