summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/replace/wscript1
-rw-r--r--lib/talloc/wscript1
-rw-r--r--lib/util/wscript_build4
-rw-r--r--nsswitch/libwbclient/wscript13
-rw-r--r--nsswitch/wscript_build150
-rwxr-xr-xpython/samba/tests/test_pam_winbind.sh2
-rwxr-xr-xpython/samba/tests/test_pam_winbind_chauthtok.sh2
-rwxr-xr-xpython/samba/tests/test_pam_winbind_warn_pwd_expire.sh2
-rw-r--r--selftest/target/Samba.pm2
-rwxr-xr-xsource4/selftest/tests.py2
10 files changed, 110 insertions, 69 deletions
diff --git a/lib/replace/wscript b/lib/replace/wscript
index df054797445..53cb5d4fa76 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -909,6 +909,7 @@ def build(bld):
# at the moment:
# hide_symbols=bld.BUILTIN_LIBRARY('replace'),
private_library=True,
+ provide_builtin_linking=True,
deps='dl attr' + extra_libs)
replace_test_cflags = ''
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index ed38c78b0e9..f0c266a7878 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -114,6 +114,7 @@ def build(bld):
bld.SAMBA_LIBRARY('talloc',
'talloc.c',
deps='replace',
+ provide_builtin_linking=True,
abi_directory='ABI',
abi_match='talloc* _talloc*',
hide_symbols=True,
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index b8cfddb3f41..2f31e8fa5b1 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -11,12 +11,13 @@ bld.SAMBA_LIBRARY('time-basic',
bld.SAMBA_SUBSYSTEM('tini',
source='tini.c',
- deps='',
+ provide_builtin_linking=True,
local_include=False)
bld.SAMBA_SUBSYSTEM('tiniparser',
source='tiniparser.c',
deps='tini',
+ provide_builtin_linking=True,
local_include=False)
bld.SAMBA_SUBSYSTEM('strv',
@@ -122,6 +123,7 @@ bld.SAMBA_SUBSYSTEM('samba-util-core',
bld.SAMBA_SUBSYSTEM('smb_strtox',
source='smb_strtox.c',
+ provide_builtin_linking=True,
local_include=False)
diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript
index 317c0913a93..ad1d321bb42 100644
--- a/nsswitch/libwbclient/wscript
+++ b/nsswitch/libwbclient/wscript
@@ -27,6 +27,15 @@ def build(bld):
#
# Logs.info("\tSelected embedded libwbclient build")
+ bld.SAMBA_SUBSYSTEM('wbclient-internal',
+ source='../wb_common.c',
+ deps='replace',
+ cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
+ hide_symbols=True,
+ provide_builtin_linking=True,
+ builtin_cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
+ )
+
abi_match = 'wbc*'
bld.SAMBA_LIBRARY('wbclient',
source='''
@@ -38,7 +47,9 @@ def build(bld):
wbc_sid.c
wbc_util.c''',
hide_symbols=True,
- deps='winbind-client smb_strtox',
+ deps='wbclient-internal smb_strtox',
+ require_builtin_deps=True,
+ provide_builtin_linking=True,
pc_files='wbclient.pc',
public_headers='wbclient.h',
abi_directory='ABI',
diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build
index 867de87ce67..3247b6c2b7c 100644
--- a/nsswitch/wscript_build
+++ b/nsswitch/wscript_build
@@ -3,14 +3,6 @@ from waflib import Utils
import sys
host_os = sys.platform
-bld.SAMBA_LIBRARY('winbind-client',
- source='wb_common.c',
- deps='replace',
- cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR,
- private_library=True
- )
-
-
bld.SAMBA_BINARY('nsstest',
source='nsstest.c',
deps='replace dl',
@@ -26,10 +18,10 @@ if bld.CONFIG_SET('HAVE_PTHREAD'):
# The nss_wrapper code relies strictly on the linux implementation and
# name, so compile but do not install a copy under this name.
-bld.SAMBA_LIBRARY('nss_wrapper_winbind',
+bld.SAMBA_PLUGIN('nss_wrapper_winbind',
cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_',
source='winbind_nss_linux.c',
- deps='winbind-client',
+ deps='wbclient',
realname='libnss_wrapper_winbind.so.2',
install=False,
vnum='2')
@@ -38,35 +30,33 @@ bld.SAMBA_LIBRARY('nss_wrapper_winbind',
# the search for .rfind('gnu') covers gnu* and *-gnu is that too broad?
if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)):
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
keep_underscore=True,
cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_',
source='winbind_nss_linux.c',
- deps='winbind-client',
- public_headers=[],
- public_headers_install=False,
- pc_files=[],
+ deps='wbclient',
+ realname='libnss_winbind.so.2',
+ soname='libnss_winbind.so.2',
vnum='2')
- bld.SAMBA3_LIBRARY('nss_wins',
- keep_underscore=True,
- cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_',
- source='wins.c',
- deps='wbclient replace',
- public_headers=[],
- public_headers_install=False,
- pc_files=[],
- vnum='2')
+ bld.SAMBA3_PLUGIN('nss_wins',
+ keep_underscore=True,
+ cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_',
+ source='wins.c',
+ deps='wbclient replace',
+ realname='libnss_wins.so.2',
+ soname='libnss_wins.so.2',
+ vnum='2')
elif (host_os.rfind('freebsd') > -1):
# FreeBSD winbind client is implemented as a wrapper around
# the Linux version.
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
source='winbind_nss_linux.c winbind_nss_freebsd.c',
- deps='winbind-client',
+ deps='wbclient',
realname='nss_winbind.so.1',
vnum='1')
- bld.SAMBA3_LIBRARY('nss_wins',
+ bld.SAMBA3_PLUGIN('nss_wins',
source='wins.c wins_freebsd.c',
deps='''wbclient''',
realname='nss_wins.so.1',
@@ -78,66 +68,102 @@ elif (host_os.rfind('netbsd') > -1):
# indicate libc's use of the correct nsdispatch API.
if bld.CONFIG_SET("HAVE_GETPWENT_R"):
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
source='winbind_nss_linux.c winbind_nss_netbsd.c',
- deps='winbind-client',
+ deps='wbclient',
realname='libnss_winbind.so')
elif Utils.unversioned_sys_platform() == 'sunos':
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
source='winbind_nss_solaris.c winbind_nss_linux.c',
- deps='winbind-client',
+ deps='wbclient',
realname='nss_winbind.so.1',
vnum='1')
elif (host_os.rfind('hpux') > -1):
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
source='winbind_nss_linux.c',
- deps='winbind-client',
+ deps='wbclient',
realname='libnss_winbind.so')
elif (host_os.rfind('aix') > -1):
- bld.SAMBA_LIBRARY('nss_winbind',
+ bld.SAMBA_PLUGIN('nss_winbind',
source='winbind_nss_aix.c',
- deps='winbind-client',
+ deps='wbclient',
realname='WINBIND')
if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'):
- bld.SAMBA_LIBRARY('pamwinbind',
+ bld.SAMBA_PLUGIN('pamwinbind',
source='pam_winbind.c',
- deps='talloc wbclient winbind-client tiniparser pam samba_intl',
+ deps='talloc wbclient tiniparser pam samba_intl',
cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR,
realname='pam_winbind.so',
install_path='${PAMMODULESDIR}'
)
+if bld.CONFIG_GET("USING_SYSTEM_KRB5"):
+ # If we build locator plugins for a
+ # system library we should use builtin
+ # linking of our own subsystems,
+ # while we may link to the system
+ # krb5 libraries.
+ winbind_krb5_require_builtin_deps = True
+else:
+ # If we build locator plugins for our own heimdal
+ # version we don't want to do builtin linking.
+ # As we're already using private libraries
+ # it's not a problem...
+ winbind_krb5_require_builtin_deps = False
+
if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
- bld.SAMBA_LIBRARY('winbind_krb5_locator',
- source='krb5_plugin/winbind_krb5_locator.c',
- deps='wbclient krb5 com_err',
- realname='winbind_krb5_locator.so',
- install_path='${MODULESDIR}/krb5')
+ bld.SAMBA_PLUGIN('winbind_krb5_locator',
+ source='krb5_plugin/winbind_krb5_locator.c',
+ deps='wbclient krb5 com_err',
+ require_builtin_deps=winbind_krb5_require_builtin_deps,
+ realname='winbind_krb5_locator.so',
+ install_path='${MODULESDIR}/krb5')
if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'):
- bld.SAMBA_LIBRARY('async_dns_krb5_locator',
- source='krb5_plugin/async_dns_krb5_locator.c',
- deps='''
- talloc
- addns
- samba_intl
- libsmb
- smbconf
- KRBCLIENT
- smbd_base
- krb5
- com_err
- ''',
- realname='async_dns_krb5_locator.so',
- install_path='${MODULESDIR}/krb5')
+ # libkrb5.so scans it's plugin directories for files
+ # and calls dlopen()/dlsym() on them. The actual path
+ # depends on MIT vs. Heimdal.
+ #
+ # The async_dns_krb5_locator don't use winbind,
+ # instead it uses almost all of samba directly,
+ # which means everything will be injected
+ # into all processes using the libkrb5.so.
+ #
+ # See https://bugzilla.samba.org/show_bug.cgi?id=14780
+ # why this is a bad idea.
+ #
+ # We install this plugin (and also the other krb5 plugins)
+ # under Samba's MODULESDIR, it's not available to
+ # libkrb5.so by default.
+ #
+ # Packagers should leave it that way and allow admins
+ # to create symlinks for the plugins they actually want
+ # to be used.
+ bld.SAMBA_PLUGIN('async_dns_krb5_locator',
+ source='krb5_plugin/async_dns_krb5_locator.c',
+ deps='''
+ talloc
+ addns
+ samba_intl
+ libsmb
+ smbconf
+ KRBCLIENT
+ smbd_base
+ krb5
+ com_err
+ ''',
+ require_builtin_deps=False,
+ realname='async_dns_krb5_locator.so',
+ install_path='${MODULESDIR}/krb5')
if bld.CONFIG_SET('HAVE_KRB5_LOCALAUTH_PLUGIN_H'):
- bld.SAMBA_LIBRARY('winbind_krb5_localauth',
- source='krb5_plugin/winbind_krb5_localauth.c',
- deps='wbclient krb5 com_err',
- realname='winbind_krb5_localauth.so',
- install_path='${MODULESDIR}/krb5')
+ bld.SAMBA_PLUGIN('winbind_krb5_localauth',
+ source='krb5_plugin/winbind_krb5_localauth.c',
+ deps='wbclient krb5 com_err',
+ require_builtin_deps=winbind_krb5_require_builtin_deps,
+ realname='winbind_krb5_localauth.so',
+ install_path='${MODULESDIR}/krb5')
bld.SAMBA_SUBSYSTEM('WB_REQTRANS',
source='wb_reqtrans.c',
diff --git a/python/samba/tests/test_pam_winbind.sh b/python/samba/tests/test_pam_winbind.sh
index 755e67280fa..5d427415310 100755
--- a/python/samba/tests/test_pam_winbind.sh
+++ b/python/samba/tests/test_pam_winbind.sh
@@ -18,7 +18,7 @@ shift 1
PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
-pam_winbind="$BINDIR/shared/pam_winbind.so"
+pam_winbind="$BINDIR/plugins/pam_winbind.so"
service_dir="$SELFTEST_TMPDIR/pam_services"
service_file="$service_dir/samba"
diff --git a/python/samba/tests/test_pam_winbind_chauthtok.sh b/python/samba/tests/test_pam_winbind_chauthtok.sh
index 48adc81859d..12bb00afd09 100755
--- a/python/samba/tests/test_pam_winbind_chauthtok.sh
+++ b/python/samba/tests/test_pam_winbind_chauthtok.sh
@@ -33,7 +33,7 @@ fi
PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
-pam_winbind="$BINDIR/shared/pam_winbind.so"
+pam_winbind="$BINDIR/plugins/pam_winbind.so"
service_dir="$SELFTEST_TMPDIR/pam_services"
service_file="$service_dir/samba"
diff --git a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
index 348d2ae8387..d2452d12511 100755
--- a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
+++ b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh
@@ -18,7 +18,7 @@ shift 1
PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper"
-pam_winbind="$BINDIR/shared/pam_winbind.so"
+pam_winbind="$BINDIR/plugins/pam_winbind.so"
service_dir="$SELFTEST_TMPDIR/pam_services"
service_file="$service_dir/samba"
diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm
index ab6d8edc2cc..9709d900680 100644
--- a/selftest/target/Samba.pm
+++ b/selftest/target/Samba.pm
@@ -167,7 +167,7 @@ sub nss_wrapper_winbind_so_path($) {
my ($object) = @_;
my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH};
if (not defined($ret)) {
- $ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2");
+ $ret = bindir_path($object, "plugins/libnss_wrapper_winbind.so.2");
$ret = abs_path($ret);
}
return $ret;
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index 9e09bd17707..1823699cdab 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -783,7 +783,7 @@ for env in ["s4member_dflt_domain", "s4member"]:
nsstest4 = binpath("nsstest")
for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]:
if os.path.exists(nsstest4):
- plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "shared/libnss_wrapper_winbind.so.2")])
+ plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")])
else:
skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available")
View Lorry Controller Status