Trying to build statically linked nss-winbind & pam-winbind
Louis Bouchard
louis.bouchard at ubuntu.com
Tue Oct 11 10:01:30 UTC 2016
Hello,
Le 10/10/2016 18:48, Andreas Schneider a écrit :
> On Monday, 10 October 2016 17:56:23 CEST Louis Bouchard wrote:
>> Hello,
>>
>> I am working in fixing Ubuntu[1] and Debian[2] bugs occuring when upgrading
>> the libnss-winbind and libpam-winbind packages.
>>
>> One option is to provide those libraries as statically linked to avoid ABI
>> breakage when upgrading. This has happened when commands were expecting the
>> old library while the new one is in place.
>
> This will not work. There is a protocol used between libwbclient and winbind.
> These packages NEED to be the same version. If you link pam_winbind and
> nss_winbind statically and winbind gets updated it is likely that your module
> it not able to talk to winbind anymore!
>
> The PAM and NSS module and libwbclient need to be updated together with
> winbind.
>
> When upgrading PAM and NSS module, the machine probably needs a reboot so that
> changes are applied.
>
>
> To make it clear this is not a Samba issue! It is how PAM and NSS works ...
>
>
> Cheers,
>
>
> -- andreas
>
First of all, thanks Andreas for your quick reply. While I agree with your
statement, maybe I wasn't clear enough on explaining the problem : The issue
occurs when UPGRADING the libnss-winbind and/or libpam-winbind along with
winbind and libwbclient (they all depend on each other from a packaging point of
view).
If the following configuration exists in /etc/nsswitch.conf :
passwd: winbind compat
there is a window of "opportunity" where commands issued by the packaging
scripts may do dlopen on the new winbind libraries while the *new* shared
libraries part of the samba-lib packages are not yet available. This can lead to
SEGV from those commands, which is exactly what happened during a samba package
upgrade (see LP: #1584485 [1]).
Being able to statically link libnss-winbind and libpam-winbind especially
against the libraries that are part of the samba-lib packages would alleviate
this situation and allow a safe upgrade path for their package.
Kind regards,
..Louis
[1] https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1584485
--
Louis Bouchard
Software engineer,
Ubuntu Developer / Debian Maintainer
GPG : 429D 7A3B DD05 B6F8 AF63 B9C4 8B3D 867C 823E 7A61
More information about the samba-technical
mailing list