diff options
-rw-r--r-- | lib/replace/wscript | 1 | ||||
-rw-r--r-- | lib/talloc/wscript | 1 | ||||
-rw-r--r-- | lib/util/wscript_build | 4 | ||||
-rw-r--r-- | nsswitch/libwbclient/wscript | 13 | ||||
-rw-r--r-- | nsswitch/wscript_build | 150 | ||||
-rwxr-xr-x | python/samba/tests/test_pam_winbind.sh | 2 | ||||
-rwxr-xr-x | python/samba/tests/test_pam_winbind_chauthtok.sh | 2 | ||||
-rwxr-xr-x | python/samba/tests/test_pam_winbind_warn_pwd_expire.sh | 2 | ||||
-rw-r--r-- | selftest/target/Samba.pm | 2 | ||||
-rwxr-xr-x | source4/selftest/tests.py | 2 |
10 files changed, 110 insertions, 69 deletions
diff --git a/lib/replace/wscript b/lib/replace/wscript index df054797445..53cb5d4fa76 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -909,6 +909,7 @@ def build(bld): # at the moment: # hide_symbols=bld.BUILTIN_LIBRARY('replace'), private_library=True, + provide_builtin_linking=True, deps='dl attr' + extra_libs) replace_test_cflags = '' diff --git a/lib/talloc/wscript b/lib/talloc/wscript index ed38c78b0e9..f0c266a7878 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -114,6 +114,7 @@ def build(bld): bld.SAMBA_LIBRARY('talloc', 'talloc.c', deps='replace', + provide_builtin_linking=True, abi_directory='ABI', abi_match='talloc* _talloc*', hide_symbols=True, diff --git a/lib/util/wscript_build b/lib/util/wscript_build index b8cfddb3f41..2f31e8fa5b1 100644 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -11,12 +11,13 @@ bld.SAMBA_LIBRARY('time-basic', bld.SAMBA_SUBSYSTEM('tini', source='tini.c', - deps='', + provide_builtin_linking=True, local_include=False) bld.SAMBA_SUBSYSTEM('tiniparser', source='tiniparser.c', deps='tini', + provide_builtin_linking=True, local_include=False) bld.SAMBA_SUBSYSTEM('strv', @@ -122,6 +123,7 @@ bld.SAMBA_SUBSYSTEM('samba-util-core', bld.SAMBA_SUBSYSTEM('smb_strtox', source='smb_strtox.c', + provide_builtin_linking=True, local_include=False) diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript index 317c0913a93..ad1d321bb42 100644 --- a/nsswitch/libwbclient/wscript +++ b/nsswitch/libwbclient/wscript @@ -27,6 +27,15 @@ def build(bld): # # Logs.info("\tSelected embedded libwbclient build") + bld.SAMBA_SUBSYSTEM('wbclient-internal', + source='../wb_common.c', + deps='replace', + cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, + hide_symbols=True, + provide_builtin_linking=True, + builtin_cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, + ) + abi_match = 'wbc*' bld.SAMBA_LIBRARY('wbclient', source=''' @@ -38,7 +47,9 @@ def build(bld): wbc_sid.c wbc_util.c''', hide_symbols=True, - deps='winbind-client smb_strtox', + deps='wbclient-internal smb_strtox', + require_builtin_deps=True, + provide_builtin_linking=True, pc_files='wbclient.pc', public_headers='wbclient.h', abi_directory='ABI', diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 867de87ce67..3247b6c2b7c 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -3,14 +3,6 @@ from waflib import Utils import sys host_os = sys.platform -bld.SAMBA_LIBRARY('winbind-client', - source='wb_common.c', - deps='replace', - cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, - private_library=True - ) - - bld.SAMBA_BINARY('nsstest', source='nsstest.c', deps='replace dl', @@ -26,10 +18,10 @@ if bld.CONFIG_SET('HAVE_PTHREAD'): # The nss_wrapper code relies strictly on the linux implementation and # name, so compile but do not install a copy under this name. -bld.SAMBA_LIBRARY('nss_wrapper_winbind', +bld.SAMBA_PLUGIN('nss_wrapper_winbind', cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_', source='winbind_nss_linux.c', - deps='winbind-client', + deps='wbclient', realname='libnss_wrapper_winbind.so.2', install=False, vnum='2') @@ -38,35 +30,33 @@ bld.SAMBA_LIBRARY('nss_wrapper_winbind', # the search for .rfind('gnu') covers gnu* and *-gnu is that too broad? if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)): - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', keep_underscore=True, cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_', source='winbind_nss_linux.c', - deps='winbind-client', - public_headers=[], - public_headers_install=False, - pc_files=[], + deps='wbclient', + realname='libnss_winbind.so.2', + soname='libnss_winbind.so.2', vnum='2') - bld.SAMBA3_LIBRARY('nss_wins', - keep_underscore=True, - cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_', - source='wins.c', - deps='wbclient replace', - public_headers=[], - public_headers_install=False, - pc_files=[], - vnum='2') + bld.SAMBA3_PLUGIN('nss_wins', + keep_underscore=True, + cflags='-D_PUBLIC_ON_LINUX_=_PUBLIC_', + source='wins.c', + deps='wbclient replace', + realname='libnss_wins.so.2', + soname='libnss_wins.so.2', + vnum='2') elif (host_os.rfind('freebsd') > -1): # FreeBSD winbind client is implemented as a wrapper around # the Linux version. - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', source='winbind_nss_linux.c winbind_nss_freebsd.c', - deps='winbind-client', + deps='wbclient', realname='nss_winbind.so.1', vnum='1') - bld.SAMBA3_LIBRARY('nss_wins', + bld.SAMBA3_PLUGIN('nss_wins', source='wins.c wins_freebsd.c', deps='''wbclient''', realname='nss_wins.so.1', @@ -78,66 +68,102 @@ elif (host_os.rfind('netbsd') > -1): # indicate libc's use of the correct nsdispatch API. if bld.CONFIG_SET("HAVE_GETPWENT_R"): - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', source='winbind_nss_linux.c winbind_nss_netbsd.c', - deps='winbind-client', + deps='wbclient', realname='libnss_winbind.so') elif Utils.unversioned_sys_platform() == 'sunos': - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', source='winbind_nss_solaris.c winbind_nss_linux.c', - deps='winbind-client', + deps='wbclient', realname='nss_winbind.so.1', vnum='1') elif (host_os.rfind('hpux') > -1): - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', source='winbind_nss_linux.c', - deps='winbind-client', + deps='wbclient', realname='libnss_winbind.so') elif (host_os.rfind('aix') > -1): - bld.SAMBA_LIBRARY('nss_winbind', + bld.SAMBA_PLUGIN('nss_winbind', source='winbind_nss_aix.c', - deps='winbind-client', + deps='wbclient', realname='WINBIND') if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): - bld.SAMBA_LIBRARY('pamwinbind', + bld.SAMBA_PLUGIN('pamwinbind', source='pam_winbind.c', - deps='talloc wbclient winbind-client tiniparser pam samba_intl', + deps='talloc wbclient tiniparser pam samba_intl', cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, realname='pam_winbind.so', install_path='${PAMMODULESDIR}' ) +if bld.CONFIG_GET("USING_SYSTEM_KRB5"): + # If we build locator plugins for a + # system library we should use builtin + # linking of our own subsystems, + # while we may link to the system + # krb5 libraries. + winbind_krb5_require_builtin_deps = True +else: + # If we build locator plugins for our own heimdal + # version we don't want to do builtin linking. + # As we're already using private libraries + # it's not a problem... + winbind_krb5_require_builtin_deps = False + if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): - bld.SAMBA_LIBRARY('winbind_krb5_locator', - source='krb5_plugin/winbind_krb5_locator.c', - deps='wbclient krb5 com_err', - realname='winbind_krb5_locator.so', - install_path='${MODULESDIR}/krb5') + bld.SAMBA_PLUGIN('winbind_krb5_locator', + source='krb5_plugin/winbind_krb5_locator.c', + deps='wbclient krb5 com_err', + require_builtin_deps=winbind_krb5_require_builtin_deps, + realname='winbind_krb5_locator.so', + install_path='${MODULESDIR}/krb5') if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): - bld.SAMBA_LIBRARY('async_dns_krb5_locator', - source='krb5_plugin/async_dns_krb5_locator.c', - deps=''' - talloc - addns - samba_intl - libsmb - smbconf - KRBCLIENT - smbd_base - krb5 - com_err - ''', - realname='async_dns_krb5_locator.so', - install_path='${MODULESDIR}/krb5') + # libkrb5.so scans it's plugin directories for files + # and calls dlopen()/dlsym() on them. The actual path + # depends on MIT vs. Heimdal. + # + # The async_dns_krb5_locator don't use winbind, + # instead it uses almost all of samba directly, + # which means everything will be injected + # into all processes using the libkrb5.so. + # + # See https://bugzilla.samba.org/show_bug.cgi?id=14780 + # why this is a bad idea. + # + # We install this plugin (and also the other krb5 plugins) + # under Samba's MODULESDIR, it's not available to + # libkrb5.so by default. + # + # Packagers should leave it that way and allow admins + # to create symlinks for the plugins they actually want + # to be used. + bld.SAMBA_PLUGIN('async_dns_krb5_locator', + source='krb5_plugin/async_dns_krb5_locator.c', + deps=''' + talloc + addns + samba_intl + libsmb + smbconf + KRBCLIENT + smbd_base + krb5 + com_err + ''', + require_builtin_deps=False, + realname='async_dns_krb5_locator.so', + install_path='${MODULESDIR}/krb5') if bld.CONFIG_SET('HAVE_KRB5_LOCALAUTH_PLUGIN_H'): - bld.SAMBA_LIBRARY('winbind_krb5_localauth', - source='krb5_plugin/winbind_krb5_localauth.c', - deps='wbclient krb5 com_err', - realname='winbind_krb5_localauth.so', - install_path='${MODULESDIR}/krb5') + bld.SAMBA_PLUGIN('winbind_krb5_localauth', + source='krb5_plugin/winbind_krb5_localauth.c', + deps='wbclient krb5 com_err', + require_builtin_deps=winbind_krb5_require_builtin_deps, + realname='winbind_krb5_localauth.so', + install_path='${MODULESDIR}/krb5') bld.SAMBA_SUBSYSTEM('WB_REQTRANS', source='wb_reqtrans.c', diff --git a/python/samba/tests/test_pam_winbind.sh b/python/samba/tests/test_pam_winbind.sh index 755e67280fa..5d427415310 100755 --- a/python/samba/tests/test_pam_winbind.sh +++ b/python/samba/tests/test_pam_winbind.sh @@ -18,7 +18,7 @@ shift 1 PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper" -pam_winbind="$BINDIR/shared/pam_winbind.so" +pam_winbind="$BINDIR/plugins/pam_winbind.so" service_dir="$SELFTEST_TMPDIR/pam_services" service_file="$service_dir/samba" diff --git a/python/samba/tests/test_pam_winbind_chauthtok.sh b/python/samba/tests/test_pam_winbind_chauthtok.sh index 48adc81859d..12bb00afd09 100755 --- a/python/samba/tests/test_pam_winbind_chauthtok.sh +++ b/python/samba/tests/test_pam_winbind_chauthtok.sh @@ -33,7 +33,7 @@ fi PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper" -pam_winbind="$BINDIR/shared/pam_winbind.so" +pam_winbind="$BINDIR/plugins/pam_winbind.so" service_dir="$SELFTEST_TMPDIR/pam_services" service_file="$service_dir/samba" diff --git a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh index 348d2ae8387..d2452d12511 100755 --- a/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh +++ b/python/samba/tests/test_pam_winbind_warn_pwd_expire.sh @@ -18,7 +18,7 @@ shift 1 PAM_WRAPPER_PATH="$BINDIR/default/third_party/pam_wrapper" -pam_winbind="$BINDIR/shared/pam_winbind.so" +pam_winbind="$BINDIR/plugins/pam_winbind.so" service_dir="$SELFTEST_TMPDIR/pam_services" service_file="$service_dir/samba" diff --git a/selftest/target/Samba.pm b/selftest/target/Samba.pm index ab6d8edc2cc..9709d900680 100644 --- a/selftest/target/Samba.pm +++ b/selftest/target/Samba.pm @@ -167,7 +167,7 @@ sub nss_wrapper_winbind_so_path($) { my ($object) = @_; my $ret = $ENV{NSS_WRAPPER_WINBIND_SO_PATH}; if (not defined($ret)) { - $ret = bindir_path($object, "shared/libnss_wrapper_winbind.so.2"); + $ret = bindir_path($object, "plugins/libnss_wrapper_winbind.so.2"); $ret = abs_path($ret); } return $ret; diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py index 9e09bd17707..1823699cdab 100755 --- a/source4/selftest/tests.py +++ b/source4/selftest/tests.py @@ -783,7 +783,7 @@ for env in ["s4member_dflt_domain", "s4member"]: nsstest4 = binpath("nsstest") for env in ["ad_dc:local", "s4member:local", "nt4_dc:local", "ad_member:local", "nt4_member:local"]: if os.path.exists(nsstest4): - plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "shared/libnss_wrapper_winbind.so.2")]) + plantestsuite("samba.nss.test using winbind(%s)" % env, env, [os.path.join(bbdir, "nsstest.sh"), nsstest4, os.path.join(samba4bindir, "plugins/libnss_wrapper_winbind.so.2")]) else: skiptestsuite("samba.nss.test using winbind(%s)" % env, "nsstest not available") |