From 956de78015d036df074720c215efc988b440587a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 12:08:11 +0200 Subject: [PATCH 1/6] wafsamba: fix '--private-libraries' option when using 'ALL,!something' --- buildtools/wafsamba/samba_bundled.py | 9 +++++++-- buildtools/wafsamba/wscript | 2 +- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index 5f080dd8a7a6..d17514d830c9 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -107,8 +107,13 @@ def LIB_MUST_BE_BUNDLED(conf, libname): @conf def LIB_MUST_BE_PRIVATE(conf, libname): - return ('ALL' in conf.env.PRIVATE_LIBS or - libname in conf.env.PRIVATE_LIBS) + if libname in conf.env.PRIVATE_LIBS: + return True + if '!%s' % libname in conf.env.PRIVATE_LIBS: + return False + if 'ALL' in conf.env.PRIVATE_LIBS: + return True + return False @conf def CHECK_BUNDLED_SYSTEM_PKG(conf, libname, minversion='0.0.0', diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index 1aadb9570e1b..ed093da459f7 100644 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -34,7 +34,7 @@ def options(opt): action="store", dest='BUNDLED_LIBS', default='') gr.add_option('--private-libraries', - help=("comma separated list of normally public libraries to build instead as private libraries. May include !LIBNAME to disable making a library private. Can be 'NONE' or 'ALL' [auto]"), + help=("comma separated list of normally public libraries to build instead as private libraries. May include !LIBNAME to disable making a library private in order to limit the effect of 'ALL'"), action="store", dest='PRIVATE_LIBS', default='') extension_default = default_value('PRIVATE_EXTENSION_DEFAULT') -- 2.27.0 From 3f30ce1bd7ce4942d8640b5ec11cb3a25d0f0b39 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 12:08:16 +0200 Subject: [PATCH 2/6] global plugins static --- lib/replace/wscript | 5 +++++ lib/talloc/wscript | 5 +++++ lib/util/wscript_build | 9 +++++++++ nsswitch/libwbclient/wscript | 11 +++++++++++ nsswitch/pam_winbind.c | 12 ++++++------ nsswitch/winbind_nss_linux.c | 24 ++++++++++++------------ nsswitch/wscript_build | 24 ++++++++++++++++++------ 7 files changed, 66 insertions(+), 24 deletions(-) diff --git a/lib/replace/wscript b/lib/replace/wscript index 12f995f31985..70408f6d2913 100644 --- a/lib/replace/wscript +++ b/lib/replace/wscript @@ -914,6 +914,11 @@ def build(bld): # hide_symbols=bld.BUILTIN_LIBRARY('replace'), private_library=True, deps='dl attr' + extra_libs) + bld.SAMBA_SUBSYSTEM('replace-hidden', + source=REPLACE_SOURCE, + group='base_libraries', + hide_symbols=True, + deps='dl attr' + extra_libs) replace_test_cflags = '' if bld.CONFIG_SET('HAVE_WNO_FORMAT_TRUNCATION'): diff --git a/lib/talloc/wscript b/lib/talloc/wscript index ed38c78b0e93..04af581a8fe2 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -123,6 +123,11 @@ def build(bld): public_headers_install=not private_library, private_library=private_library, manpages='man/talloc.3') + bld.SAMBA_SUBSYSTEM('talloc-hidden', + 'talloc.c', + cflags='-D_PUBLIC_=_PRIVATE_', + deps='replace-hidden', + hide_symbols=True) if not bld.CONFIG_SET('USING_SYSTEM_PYTALLOC_UTIL'): name = bld.pyembed_libname('pytalloc-util') diff --git a/lib/util/wscript_build b/lib/util/wscript_build index b8cfddb3f41c..19ada7b68e5d 100644 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -19,6 +19,11 @@ bld.SAMBA_SUBSYSTEM('tiniparser', deps='tini', local_include=False) +bld.SAMBA_SUBSYSTEM('tiniparser-hidden', + source='tini.c tiniparser.c', + hide_symbols=True, + local_include=False) + bld.SAMBA_SUBSYSTEM('strv', source='strv.c', deps='talloc', @@ -123,6 +128,10 @@ bld.SAMBA_SUBSYSTEM('samba-util-core', bld.SAMBA_SUBSYSTEM('smb_strtox', source='smb_strtox.c', local_include=False) +bld.SAMBA_SUBSYSTEM('smb_strtox-hidden', + source='smb_strtox.c', + local_include=False, + hide_symbols=True) bld.SAMBA_LIBRARY('iov_buf', diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript index 17150a2036bb..26747a458697 100644 --- a/nsswitch/libwbclient/wscript +++ b/nsswitch/libwbclient/wscript @@ -43,3 +43,14 @@ def build(bld): abi_directory='ABI', abi_match=abi_match, vnum=VERSION) + bld.SAMBA_SUBSYSTEM('wbclient-hidden', + source=''' + wbc_guid.c + wbc_idmap.c + wbclient.c + wbc_pam.c + wbc_pwd.c + wbc_sid.c + wbc_util.c''', + deps='winbind-client-hidden smb_strtox-hidden', + hide_symbols=True) diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 720a4b90d85e..5d168e2715e0 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -2738,7 +2738,7 @@ static int openpam_convert_error_code(struct pwb_context *ctx, #define pam_error_code(a, b, c) (c) #endif -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -2897,7 +2897,7 @@ out: return retval; } -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_setcred(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -2949,7 +2949,7 @@ int pam_sm_setcred(pam_handle_t *pamh, int flags, * Account management. We want to verify that the account exists * before returning PAM_SUCCESS */ -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -3048,7 +3048,7 @@ int pam_sm_acct_mgmt(pam_handle_t *pamh, int flags, return pam_error_code(ctx, PAM_WINBIND_ACCT_MGMT, ret); } -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_open_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -3075,7 +3075,7 @@ int pam_sm_open_session(pam_handle_t *pamh, int flags, return pam_error_code(ctx, PAM_WINBIND_OPEN_SESSION, ret); } -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_close_session(pam_handle_t *pamh, int flags, int argc, const char **argv) { @@ -3147,7 +3147,7 @@ static bool _pam_require_krb5_auth_after_chauthtok(struct pwb_context *ctx, } -PAM_EXTERN +_PUBLIC_ PAM_EXTERN int pam_sm_chauthtok(pam_handle_t * pamh, int flags, int argc, const char **argv) { diff --git a/nsswitch/winbind_nss_linux.c b/nsswitch/winbind_nss_linux.c index 89750a7b1793..ce9d174beaf6 100644 --- a/nsswitch/winbind_nss_linux.c +++ b/nsswitch/winbind_nss_linux.c @@ -361,7 +361,7 @@ static int num_pw_cache; /* Current size of pwd cache */ /* Rewind "file pointer" to start of ntdom password database */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_setpwent(void) { NSS_STATUS ret; @@ -393,7 +393,7 @@ _nss_winbind_setpwent(void) /* Close ntdom password database "file pointer" */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_endpwent(void) { NSS_STATUS ret; @@ -426,7 +426,7 @@ _nss_winbind_endpwent(void) /* Fetch the next password entry from ntdom password database */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getpwent_r(struct passwd *result, char *buffer, size_t buflen, int *errnop) { @@ -522,7 +522,7 @@ _nss_winbind_getpwent_r(struct passwd *result, char *buffer, /* Return passwd struct from uid */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, size_t buflen, int *errnop) { @@ -600,7 +600,7 @@ _nss_winbind_getpwuid_r(uid_t uid, struct passwd *result, char *buffer, } /* Return passwd struct from username */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getpwnam_r(const char *name, struct passwd *result, char *buffer, size_t buflen, int *errnop) { @@ -690,7 +690,7 @@ static int num_gr_cache; /* Current size of grp cache */ /* Rewind "file pointer" to start of ntdom group database */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_setgrent(void) { NSS_STATUS ret; @@ -723,7 +723,7 @@ _nss_winbind_setgrent(void) /* Close "file pointer" for ntdom group database */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_endgrent(void) { NSS_STATUS ret; @@ -863,14 +863,14 @@ winbind_getgrent(enum winbindd_cmd cmd, } -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getgrent_r(struct group *result, char *buffer, size_t buflen, int *errnop) { return winbind_getgrent(WINBINDD_GETGRENT, result, buffer, buflen, errnop); } -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getgrlst_r(struct group *result, char *buffer, size_t buflen, int *errnop) { @@ -879,7 +879,7 @@ _nss_winbind_getgrlst_r(struct group *result, /* Return group struct from group name */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getgrnam_r(const char *name, struct group *result, char *buffer, size_t buflen, int *errnop) @@ -966,7 +966,7 @@ _nss_winbind_getgrnam_r(const char *name, /* Return group struct from gid */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_getgrgid_r(gid_t gid, struct group *result, char *buffer, size_t buflen, int *errnop) @@ -1051,7 +1051,7 @@ _nss_winbind_getgrgid_r(gid_t gid, /* Initialise supplementary groups */ -NSS_STATUS +_PUBLIC_ NSS_STATUS _nss_winbind_initgroups_dyn(const char *user, gid_t group, long int *start, long int *size, gid_t **groups, long int limit, int *errnop) diff --git a/nsswitch/wscript_build b/nsswitch/wscript_build index 612655bbaae0..978ed56b61b7 100644 --- a/nsswitch/wscript_build +++ b/nsswitch/wscript_build @@ -10,6 +10,12 @@ bld.SAMBA_LIBRARY('winbind-client', private_library=True ) +bld.SAMBA_SUBSYSTEM('winbind-client-hidden', + source='wb_common.c', + deps='replace-hidden', + cflags='-DWINBINDD_SOCKET_DIR=\"%s\"' % bld.env.WINBINDD_SOCKET_DIR, + hide_symbols=True + ) bld.SAMBA_BINARY('nsstest', source='nsstest.c', @@ -40,7 +46,8 @@ if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)): bld.SAMBA_LIBRARY('nss_winbind', keep_underscore=True, source='winbind_nss_linux.c', - deps='winbind-client', + deps='winbind-client-hidden', + hide_symbols=True, public_headers=[], public_headers_install=False, pc_files=[], @@ -49,7 +56,8 @@ if (Utils.unversioned_sys_platform() == 'linux' or (host_os.rfind('gnu') > -1)): bld.SAMBA3_LIBRARY('nss_wins', keep_underscore=True, source='wins.c', - deps='wbclient replace', + deps='wbclient-hidden replace-hidden', + hide_symbols=True, public_headers=[], public_headers_install=False, pc_files=[], @@ -99,7 +107,8 @@ elif (host_os.rfind('aix') > -1): if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): bld.SAMBA_LIBRARY('pamwinbind', source='pam_winbind.c', - deps='talloc wbclient winbind-client tiniparser pam samba_intl', + deps='talloc-hidden wbclient-hidden tiniparser-hidden pam samba_intl', + hide_symbols=True, cflags='-DLOCALEDIR=\"%s/locale\"' % bld.env.DATADIR, realname='pam_gpfs-winbind.so', install_path='${PAMMODULESDIR}' @@ -108,7 +117,8 @@ if bld.CONFIG_SET('WITH_PAM_MODULES') and bld.CONFIG_SET('HAVE_PAM_START'): if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): bld.SAMBA_LIBRARY('winbind_krb5_locator', source='krb5_plugin/winbind_krb5_locator.c', - deps='wbclient krb5 com_err', + deps='wbclient-hidden krb5 com_err', + hide_symbols=True, realname='winbind_krb5_locator.so', install_path='${MODULESDIR}/krb5') @@ -127,12 +137,14 @@ if bld.CONFIG_SET('HAVE_KRB5_LOCATE_PLUGIN_H'): com_err ''', realname='async_dns_krb5_locator.so', - install_path='${MODULESDIR}/krb5') + install_path='${MODULESDIR}/krb5', + enabled=False) if bld.CONFIG_SET('HAVE_KRB5_LOCALAUTH_PLUGIN_H'): bld.SAMBA_LIBRARY('winbind_krb5_localauth', source='krb5_plugin/winbind_krb5_localauth.c', - deps='wbclient krb5 com_err', + deps='wbclient-hidden krb5 com_err', + hide_symbols=True, realname='winbind_krb5_localauth.so', install_path='${MODULESDIR}/krb5') -- 2.27.0 From afec5abe0a33450237badc3e07fc6419fa69c9f9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 12:44:07 +0200 Subject: [PATCH 3/6] nsswitch/krb5_plugin: _PUBLIC_ symbols --- nsswitch/krb5_plugin/async_dns_krb5_locator.c | 2 +- nsswitch/krb5_plugin/winbind_krb5_localauth.c | 4 ++-- nsswitch/krb5_plugin/winbind_krb5_locator.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/nsswitch/krb5_plugin/async_dns_krb5_locator.c b/nsswitch/krb5_plugin/async_dns_krb5_locator.c index 959d730a954c..7383b739a83e 100644 --- a/nsswitch/krb5_plugin/async_dns_krb5_locator.c +++ b/nsswitch/krb5_plugin/async_dns_krb5_locator.c @@ -431,7 +431,7 @@ static krb5_error_code smb_krb5_adns_locator_lookup(void *private_data, #define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */ #endif -const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { +_PUBLIC_ const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { .minor_version = 0, .init = smb_krb5_adns_locator_init, .fini = smb_krb5_adns_locator_close, diff --git a/nsswitch/krb5_plugin/winbind_krb5_localauth.c b/nsswitch/krb5_plugin/winbind_krb5_localauth.c index 293f5297ca8c..751dfd1674b4 100644 --- a/nsswitch/krb5_plugin/winbind_krb5_localauth.c +++ b/nsswitch/krb5_plugin/winbind_krb5_localauth.c @@ -248,13 +248,13 @@ static void winbind_free_string(krb5_context context, free(str); } -krb5_error_code +_PUBLIC_ krb5_error_code localauth_winbind_initvt(krb5_context context, int maj_ver, int min_ver, krb5_plugin_vtable vtable); -krb5_error_code +_PUBLIC_ krb5_error_code localauth_winbind_initvt(krb5_context context, int maj_ver, int min_ver, diff --git a/nsswitch/krb5_plugin/winbind_krb5_locator.c b/nsswitch/krb5_plugin/winbind_krb5_locator.c index d08cdf72a599..d65b50eea329 100644 --- a/nsswitch/krb5_plugin/winbind_krb5_locator.c +++ b/nsswitch/krb5_plugin/winbind_krb5_locator.c @@ -408,7 +408,7 @@ static krb5_error_code smb_krb5_locator_lookup(void *private_data, #define SMB_KRB5_LOCATOR_SYMBOL_NAME service_locator /* MIT */ #endif -const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { +_PUBLIC_ const krb5plugin_service_locate_ftable SMB_KRB5_LOCATOR_SYMBOL_NAME = { .minor_version = 0, .init = smb_krb5_locator_init, .fini = smb_krb5_locator_close, -- 2.27.0 From 18d6fedfdcdfaf1e0b4f6fb2b20a1c4e86f3c45d Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 15:15:49 +0200 Subject: [PATCH 4/6] PRIVATE_NAME force private_extension = False --- buildtools/wafsamba/samba_bundled.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/buildtools/wafsamba/samba_bundled.py b/buildtools/wafsamba/samba_bundled.py index d17514d830c9..ba72da3aafbc 100644 --- a/buildtools/wafsamba/samba_bundled.py +++ b/buildtools/wafsamba/samba_bundled.py @@ -11,6 +11,11 @@ def PRIVATE_NAME(bld, name, private_extension, private_library): if not private_library: return name + # + # The comment below is actually wrong most cases + # for now we just force private_extension=False + private_extension = False + # # we now use the same private name for libraries as the public name. # see http://git.samba.org/?p=tridge/junkcode.git;a=tree;f=shlib for a # demonstration that this is the right thing to do -- 2.27.0 From b51bc89953c68a6699674dd608d84341ca6bd1b9 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 15:29:46 +0200 Subject: [PATCH 5/6] conf.env.PRIVATE_VERSION --- buildtools/wafsamba/wafsamba.py | 2 +- buildtools/wafsamba/wscript | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 4fe9daf160e4..0050d3571970 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -262,7 +262,7 @@ def SAMBA_LIBRARY(bld, libname, source, vscript = None if bld.env.HAVE_LD_VERSION_SCRIPT: if private_library: - version = "%s_%s" % (Context.g_module.APPNAME, Context.g_module.VERSION) + version = bld.env.PRIVATE_VERSION #"%s_%s" % (Context.g_module.APPNAME, Context.g_module.VERSION) elif vnum: version = "%s_%s" % (libname, vnum) else: diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript index ed093da459f7..a802523ca1e3 100644 --- a/buildtools/wafsamba/wscript +++ b/buildtools/wafsamba/wscript @@ -272,6 +272,7 @@ def configure(conf): conf.env.PRIVATE_EXTENSION = Options.options.PRIVATE_EXTENSION conf.env.PRIVATE_EXTENSION_EXCEPTION = Options.options.PRIVATE_EXTENSION_EXCEPTION.split(',') + conf.env.PRIVATE_VERSION = "%s_%s" % (Context.g_module.APPNAME, Context.g_module.VERSION) conf.env.CROSS_COMPILE = Options.options.CROSS_COMPILE conf.env.CROSS_EXECUTE = Options.options.CROSS_EXECUTE -- 2.27.0 From f9ed01e810d88b0abefe73185a97504e53ae418f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 1 Jul 2021 16:06:26 +0200 Subject: [PATCH 6/6] private library vscript symbol version --- buildtools/wafsamba/samba_abi.py | 10 ++++++++-- buildtools/wafsamba/wafsamba.py | 2 +- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py index bf82fc5fe1fc..5c05d75dcc7a 100644 --- a/buildtools/wafsamba/samba_abi.py +++ b/buildtools/wafsamba/samba_abi.py @@ -220,6 +220,8 @@ def abi_build_vscript(task): version = basename[len(task.env.LIBNAME)+1:-len(".sigs")] versions.append(version) abi_process_file(fname, version, symmap) + if task.env.PRIVATE_LIBRARY: + versions = [] f = open(tgt, mode='w') try: abi_write_vscript(f, task.env.LIBNAME, task.env.VERSION, versions, @@ -228,7 +230,7 @@ def abi_build_vscript(task): f.close() -def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None): +def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, private_library=False): '''generate a vscript file for our public libraries''' if abi_directory: source = bld.path.ant_glob('%s/%s-[0-9]*.sigs' % (abi_directory, libname), flat=True) @@ -238,6 +240,9 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None): else: source = '' + if private_library is None: + private_library = False + libname = os.path.basename(libname) version = os.path.basename(version) libname = libname.replace("-", "_").replace("+","_").upper() @@ -255,5 +260,6 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None): t.env.ABI_MATCH = abi_match t.env.VERSION = version t.env.LIBNAME = libname - t.vars = ['LIBNAME', 'VERSION', 'ABI_MATCH'] + t.env.PRIVATE_LIBRARY = private_library + t.vars = ['LIBNAME', 'VERSION', 'ABI_MATCH', 'PRIVATE_LIBRARY'] Build.BuildContext.ABI_VSCRIPT = ABI_VSCRIPT diff --git a/buildtools/wafsamba/wafsamba.py b/buildtools/wafsamba/wafsamba.py index 0050d3571970..77c1c4239efc 100644 --- a/buildtools/wafsamba/wafsamba.py +++ b/buildtools/wafsamba/wafsamba.py @@ -270,7 +270,7 @@ def SAMBA_LIBRARY(bld, libname, source, if version: vscript = "%s.vscript" % libname bld.ABI_VSCRIPT(version_libname, abi_directory, version, vscript, - abi_match) + abi_match, private_library) fullname = apply_pattern(bundled_name, bld.env.cshlib_PATTERN) fullpath = bld.path.find_or_declare(fullname) vscriptpath = bld.path.find_or_declare(vscript) -- 2.27.0