parent
39290a7be7
commit
8570164cb5
|
@ -1,38 +0,0 @@
|
||||||
From 0f6d676a74818fc1a3d59c2238bd3752470fdc40 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Bj=C3=B6rn=20Baumbach?= <bb@sernet.de>
|
|
||||||
Date: Mon, 4 Dec 2017 10:49:19 +0100
|
|
||||||
Subject: [PATCH] third_party: Link th aesni-intel library with -z noexecstack
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174
|
|
||||||
|
|
||||||
Signed-off-by: Björn Baumbach <bb@sernet.de>
|
|
||||||
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
||||||
---
|
|
||||||
third_party/aesni-intel/wscript | 3 +++
|
|
||||||
1 file changed, 3 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/third_party/aesni-intel/wscript b/third_party/aesni-intel/wscript
|
|
||||||
index eb92d6626fe..f11cf9446a2 100644
|
|
||||||
--- a/third_party/aesni-intel/wscript
|
|
||||||
+++ b/third_party/aesni-intel/wscript
|
|
||||||
@@ -12,6 +12,8 @@ def configure(conf):
|
|
||||||
raise Utils.WafError('--aes-accel=intelaesni selected and non x86_64 CPU')
|
|
||||||
else:
|
|
||||||
raise Utils.WafError('--aes-accel=intelaesni selected and compiler rejects -Wp,-E,-lang-asm')
|
|
||||||
+ if not conf.CHECK_LDFLAGS('-z noexecstack'):
|
|
||||||
+ raise Utils.WafError('--aes-accel=intelaesni selected and linker rejects -z noexecstack')
|
|
||||||
|
|
||||||
def build(bld):
|
|
||||||
if not bld.CONFIG_SET('HAVE_AESNI_INTEL'):
|
|
||||||
@@ -20,4 +22,5 @@ def build(bld):
|
|
||||||
bld.SAMBA_LIBRARY('aesni-intel',
|
|
||||||
source='aesni-intel_asm.c',
|
|
||||||
cflags='-Wp,-E,-lang-asm',
|
|
||||||
+ ldflags='-z noexecstack',
|
|
||||||
private_library=True)
|
|
||||||
--
|
|
||||||
2.15.0
|
|
||||||
|
|
|
@ -1,313 +0,0 @@
|
||||||
From e696afd2d810fef403c6e5d35a44cc0f22128310 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Gary Lockyer <gary@catalyst.net.nz>
|
|
||||||
Date: Mon, 21 Aug 2017 15:12:04 +1200
|
|
||||||
Subject: [PATCH 1/4] s4/smbd: set the process group.
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Set the process group in the samba daemon, the --no-process-group option
|
|
||||||
allows this to be disabled. The no-process-group option needs to be
|
|
||||||
disabled in self test.
|
|
||||||
|
|
||||||
Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
Reviewed-by: Ralph Boehme <slow@samba.org>
|
|
||||||
|
|
||||||
Autobuild-User(master): Ralph Böhme <slow@samba.org>
|
|
||||||
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144
|
|
||||||
---
|
|
||||||
selftest/target/Samba4.pm | 2 +-
|
|
||||||
source4/smbd/server.c | 18 +++++++++++++++++-
|
|
||||||
2 files changed, 18 insertions(+), 2 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
|
|
||||||
index 772f982cb9d..6a1856ef642 100755
|
|
||||||
--- a/selftest/target/Samba4.pm
|
|
||||||
+++ b/selftest/target/Samba4.pm
|
|
||||||
@@ -158,7 +158,7 @@ sub check_or_start($$$)
|
|
||||||
close($env_vars->{STDIN_PIPE});
|
|
||||||
open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER to STDIN: $!";
|
|
||||||
|
|
||||||
- exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
|
|
||||||
+ exec(@preargs, Samba::bindir_path($self, "samba"), "-M", $process_model, "-i", "--no-process-group", "--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
|
|
||||||
}
|
|
||||||
$env_vars->{SAMBA_PID} = $pid;
|
|
||||||
print "DONE ($pid)\n";
|
|
||||||
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
|
|
||||||
index a8bad06bed3..ba520e0a8f5 100644
|
|
||||||
--- a/source4/smbd/server.c
|
|
||||||
+++ b/source4/smbd/server.c
|
|
||||||
@@ -341,6 +341,7 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
{
|
|
||||||
bool opt_daemon = false;
|
|
||||||
bool opt_interactive = false;
|
|
||||||
+ bool opt_no_process_group = false;
|
|
||||||
int opt;
|
|
||||||
poptContext pc;
|
|
||||||
#define _MODULE_PROTO(init) extern NTSTATUS init(TALLOC_CTX *);
|
|
||||||
@@ -356,7 +357,8 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
OPT_DAEMON = 1000,
|
|
||||||
OPT_INTERACTIVE,
|
|
||||||
OPT_PROCESS_MODEL,
|
|
||||||
- OPT_SHOW_BUILD
|
|
||||||
+ OPT_SHOW_BUILD,
|
|
||||||
+ OPT_NO_PROCESS_GROUP,
|
|
||||||
};
|
|
||||||
struct poptOption long_options[] = {
|
|
||||||
POPT_AUTOHELP
|
|
||||||
@@ -371,6 +373,8 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
"till autotermination", "seconds"},
|
|
||||||
{"show-build", 'b', POPT_ARG_NONE, NULL, OPT_SHOW_BUILD,
|
|
||||||
"show build info", NULL },
|
|
||||||
+ {"no-process-group", '\0', POPT_ARG_NONE, NULL,
|
|
||||||
+ OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
|
|
||||||
POPT_COMMON_SAMBA
|
|
||||||
POPT_COMMON_VERSION
|
|
||||||
{ NULL }
|
|
||||||
@@ -393,6 +397,9 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
case OPT_SHOW_BUILD:
|
|
||||||
show_build();
|
|
||||||
break;
|
|
||||||
+ case OPT_NO_PROCESS_GROUP:
|
|
||||||
+ opt_no_process_group = true;
|
|
||||||
+ break;
|
|
||||||
default:
|
|
||||||
fprintf(stderr, "\nInvalid option %s: %s\n\n",
|
|
||||||
poptBadOption(pc, 0), poptStrerror(opt));
|
|
||||||
@@ -508,6 +515,15 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
stdin_event_flags = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
+#if HAVE_SETPGID
|
|
||||||
+ /*
|
|
||||||
+ * If we're interactive we want to set our own process group for
|
|
||||||
+ * signal management, unless --no-process-group specified.
|
|
||||||
+ */
|
|
||||||
+ if (opt_interactive && !opt_no_process_group)
|
|
||||||
+ setpgid((pid_t)0, (pid_t)0);
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
/* catch EOF on stdin */
|
|
||||||
#ifdef SIGTTIN
|
|
||||||
signal(SIGTTIN, SIG_IGN);
|
|
||||||
--
|
|
||||||
2.15.0
|
|
||||||
|
|
||||||
|
|
||||||
From 1e3f38e58d52c7424831855c8db63c391e0b4b75 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Wed, 15 Nov 2017 10:00:52 +0100
|
|
||||||
Subject: [PATCH 2/4] s4:samba: Do not segfault if we run into issues
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)
|
|
||||||
---
|
|
||||||
source4/smbd/server.c | 8 ++++++++
|
|
||||||
1 file changed, 8 insertions(+)
|
|
||||||
|
|
||||||
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
|
|
||||||
index ba520e0a8f5..406f79593b9 100644
|
|
||||||
--- a/source4/smbd/server.c
|
|
||||||
+++ b/source4/smbd/server.c
|
|
||||||
@@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context *lp_ctx)
|
|
||||||
{
|
|
||||||
char *path;
|
|
||||||
TALLOC_CTX *mem_ctx = talloc_new(NULL);
|
|
||||||
+ if (mem_ctx == NULL) {
|
|
||||||
+ exit_daemon("Failed to create memory context",
|
|
||||||
+ ENOMEM);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
|
|
||||||
+ if (path == NULL) {
|
|
||||||
+ exit_daemon("Failed to cleanup temporary files",
|
|
||||||
+ EINVAL);
|
|
||||||
+ }
|
|
||||||
|
|
||||||
recursive_delete(path);
|
|
||||||
talloc_free(mem_ctx);
|
|
||||||
--
|
|
||||||
2.15.0
|
|
||||||
|
|
||||||
|
|
||||||
From b7d08eda158ba540dc7ca8755a6a8fdf34e52501 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Fri, 10 Nov 2017 09:18:18 +0100
|
|
||||||
Subject: [PATCH 3/4] s4:samba: Allow samba daemon to run in foreground
|
|
||||||
|
|
||||||
We are passing the no_process_group to become_daemon() that setsid() is
|
|
||||||
not called. In case we are double forking, we run in SysV daemon mode,
|
|
||||||
setsid() should be called!
|
|
||||||
|
|
||||||
See:
|
|
||||||
https://www.freedesktop.org/software/systemd/man/daemon.html
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)
|
|
||||||
---
|
|
||||||
source3/smbd/server.c | 2 +-
|
|
||||||
source4/smbd/server.c | 13 ++++++++++---
|
|
||||||
2 files changed, 11 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
|
|
||||||
index 181bcd1e123..252b43190d7 100644
|
|
||||||
--- a/source3/smbd/server.c
|
|
||||||
+++ b/source3/smbd/server.c
|
|
||||||
@@ -1592,7 +1592,7 @@ extern void build_options(bool screen);
|
|
||||||
struct poptOption long_options[] = {
|
|
||||||
POPT_AUTOHELP
|
|
||||||
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon (default)" },
|
|
||||||
- {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon)"},
|
|
||||||
+ {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run interactive (not a daemon) and log to stdout"},
|
|
||||||
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in foreground (for daemontools, etc.)" },
|
|
||||||
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, "Don't create a new process group" },
|
|
||||||
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to stdout" },
|
|
||||||
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
|
|
||||||
index 406f79593b9..2349d5c7fa0 100644
|
|
||||||
--- a/source4/smbd/server.c
|
|
||||||
+++ b/source4/smbd/server.c
|
|
||||||
@@ -348,6 +348,7 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
const char *argv[])
|
|
||||||
{
|
|
||||||
bool opt_daemon = false;
|
|
||||||
+ bool opt_fork = true;
|
|
||||||
bool opt_interactive = false;
|
|
||||||
bool opt_no_process_group = false;
|
|
||||||
int opt;
|
|
||||||
@@ -363,6 +364,7 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
struct stat st;
|
|
||||||
enum {
|
|
||||||
OPT_DAEMON = 1000,
|
|
||||||
+ OPT_FOREGROUND,
|
|
||||||
OPT_INTERACTIVE,
|
|
||||||
OPT_PROCESS_MODEL,
|
|
||||||
OPT_SHOW_BUILD,
|
|
||||||
@@ -372,6 +374,8 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
POPT_AUTOHELP
|
|
||||||
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON,
|
|
||||||
"Become a daemon (default)", NULL },
|
|
||||||
+ {"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FOREGROUND,
|
|
||||||
+ "Run the daemon in foreground", NULL },
|
|
||||||
{"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE,
|
|
||||||
"Run interactive (not a daemon)", NULL},
|
|
||||||
{"model", 'M', POPT_ARG_STRING, NULL, OPT_PROCESS_MODEL,
|
|
||||||
@@ -396,6 +400,9 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
case OPT_DAEMON:
|
|
||||||
opt_daemon = true;
|
|
||||||
break;
|
|
||||||
+ case OPT_FOREGROUND:
|
|
||||||
+ opt_fork = false;
|
|
||||||
+ break;
|
|
||||||
case OPT_INTERACTIVE:
|
|
||||||
opt_interactive = true;
|
|
||||||
break;
|
|
||||||
@@ -422,7 +429,7 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
"not allowed together with -D|--daemon\n\n");
|
|
||||||
poptPrintUsage(pc, stderr, 0);
|
|
||||||
return 1;
|
|
||||||
- } else if (!opt_interactive) {
|
|
||||||
+ } else if (!opt_interactive && !opt_fork) {
|
|
||||||
/* default is --daemon */
|
|
||||||
opt_daemon = true;
|
|
||||||
}
|
|
||||||
@@ -458,8 +465,8 @@ static int binary_smbd_main(const char *binary_name,
|
|
||||||
}
|
|
||||||
|
|
||||||
if (opt_daemon) {
|
|
||||||
- DEBUG(3,("Becoming a daemon.\n"));
|
|
||||||
- become_daemon(true, false, false);
|
|
||||||
+ DBG_NOTICE("Becoming a daemon.\n");
|
|
||||||
+ become_daemon(opt_fork, opt_no_process_group, false);
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Create the memory context to hang everything off. */
|
|
||||||
--
|
|
||||||
2.15.0
|
|
||||||
|
|
||||||
|
|
||||||
From 90588e8d08dcf38d97249eb39d87c5eb36f1fcd3 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Andreas Schneider <asn@samba.org>
|
|
||||||
Date: Fri, 10 Nov 2017 09:32:27 +0100
|
|
||||||
Subject: [PATCH 4/4] systemd: Start processes in forground and without a
|
|
||||||
process group
|
|
||||||
|
|
||||||
We should not double fork in notify mode or systemd think something
|
|
||||||
during startup will be wrong and send SIGTERM to the process. So
|
|
||||||
sometimes the daemon will not start up correctly.
|
|
||||||
|
|
||||||
systemd will also handle the process group.
|
|
||||||
|
|
||||||
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129
|
|
||||||
|
|
||||||
Signed-off-by: Andreas Schneider <asn@samba.org>
|
|
||||||
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
||||||
|
|
||||||
(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77)
|
|
||||||
---
|
|
||||||
packaging/systemd/nmb.service | 2 +-
|
|
||||||
packaging/systemd/samba.service | 2 +-
|
|
||||||
packaging/systemd/smb.service | 2 +-
|
|
||||||
packaging/systemd/winbind.service | 2 +-
|
|
||||||
4 files changed, 4 insertions(+), 4 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/packaging/systemd/nmb.service b/packaging/systemd/nmb.service
|
|
||||||
index 992c0cd9d2b..71c93d6088b 100644
|
|
||||||
--- a/packaging/systemd/nmb.service
|
|
||||||
+++ b/packaging/systemd/nmb.service
|
|
||||||
@@ -7,7 +7,7 @@ Type=notify
|
|
||||||
NotifyAccess=all
|
|
||||||
PIDFile=/run/nmbd.pid
|
|
||||||
EnvironmentFile=-/etc/sysconfig/samba
|
|
||||||
-ExecStart=/usr/sbin/nmbd $NMBDOPTIONS
|
|
||||||
+ExecStart=/usr/sbin/nmbd --foreground --no-process-group $NMBDOPTIONS
|
|
||||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
|
||||||
LimitCORE=infinity
|
|
||||||
|
|
||||||
diff --git a/packaging/systemd/samba.service b/packaging/systemd/samba.service
|
|
||||||
index 824f89c2030..1b64c3b779d 100644
|
|
||||||
--- a/packaging/systemd/samba.service
|
|
||||||
+++ b/packaging/systemd/samba.service
|
|
||||||
@@ -8,7 +8,7 @@ NotifyAccess=all
|
|
||||||
PIDFile=/run/samba.pid
|
|
||||||
LimitNOFILE=16384
|
|
||||||
EnvironmentFile=-/etc/sysconfig/samba
|
|
||||||
-ExecStart=/usr/sbin/samba $SAMBAOPTIONS
|
|
||||||
+ExecStart=/usr/sbin/samba --foreground --no-process-group $SAMBAOPTIONS
|
|
||||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
diff --git a/packaging/systemd/smb.service b/packaging/systemd/smb.service
|
|
||||||
index 6053a5caaa5..adf6684c7d9 100644
|
|
||||||
--- a/packaging/systemd/smb.service
|
|
||||||
+++ b/packaging/systemd/smb.service
|
|
||||||
@@ -8,7 +8,7 @@ NotifyAccess=all
|
|
||||||
PIDFile=/run/smbd.pid
|
|
||||||
LimitNOFILE=16384
|
|
||||||
EnvironmentFile=-/etc/sysconfig/samba
|
|
||||||
-ExecStart=/usr/sbin/smbd $SMBDOPTIONS
|
|
||||||
+ExecStart=/usr/sbin/smbd --foreground --no-process-group $SMBDOPTIONS
|
|
||||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
|
||||||
LimitCORE=infinity
|
|
||||||
|
|
||||||
diff --git a/packaging/systemd/winbind.service b/packaging/systemd/winbind.service
|
|
||||||
index c511488166e..46b3797251d 100644
|
|
||||||
--- a/packaging/systemd/winbind.service
|
|
||||||
+++ b/packaging/systemd/winbind.service
|
|
||||||
@@ -7,7 +7,7 @@ Type=notify
|
|
||||||
NotifyAccess=all
|
|
||||||
PIDFile=/run/winbindd.pid
|
|
||||||
EnvironmentFile=-/etc/sysconfig/samba
|
|
||||||
-ExecStart=/usr/sbin/winbindd "$WINBINDOPTIONS"
|
|
||||||
+ExecStart=/usr/sbin/winbindd --foreground --no-process-group "$WINBINDOPTIONS"
|
|
||||||
ExecReload=/usr/bin/kill -HUP $MAINPID
|
|
||||||
LimitCORE=infinity
|
|
||||||
|
|
||||||
--
|
|
||||||
2.15.0
|
|
||||||
|
|
|
@ -116,8 +116,6 @@ Source201: README.downgrade
|
||||||
|
|
||||||
Patch0: samba-4.7.0-bind_dlz.patch
|
Patch0: samba-4.7.0-bind_dlz.patch
|
||||||
Patch1: samba-4.7.0-support-krb5-1.16.patch
|
Patch1: samba-4.7.0-support-krb5-1.16.patch
|
||||||
Patch2: samba-4.7-fix_samba_with_systemd.patch
|
|
||||||
Patch3: samba-4.7-fix-linking-aesni-intel.patch
|
|
||||||
|
|
||||||
Requires(pre): /usr/sbin/groupadd
|
Requires(pre): /usr/sbin/groupadd
|
||||||
Requires(post): systemd
|
Requires(post): systemd
|
||||||
|
|
Loading…
Reference in New Issue