lib:ldb: Don't use RTLD_DEEPBIND by default

It should be off by default, as this is not needed by default. It
crashes named on startup, if bind is built with jemalloc support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15643

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/lib/ldb/common/ldb_modules.c b/lib/ldb/common/ldb_modules.c
index 5c97062620689fc6569df78eaf160e265e5ce5b8..08d251f9bdd62f41b3d15ef00fa953971c70fcad 100644 (file)
--- a/lib/ldb/common/ldb_modules.c
+++ b/lib/ldb/common/ldb_modules.c
@@ -945,7 +945,7 @@ static int ldb_modules_load_path(const char *path, const char *version)
        int dlopen_flags;
 
 #ifdef RTLD_DEEPBIND
-       bool deepbind_enabled = (getenv("LDB_MODULES_DISABLE_DEEPBIND") == NULL);
+       bool deepbind_enabled = (getenv("LDB_MODULES_ENABLE_DEEPBIND") != NULL);
 #endif
 
        ret = stat(path, &st);
@@ -981,21 +981,12 @@ static int ldb_modules_load_path(const char *path, const char *version)
        dlopen_flags = RTLD_NOW;
 #ifdef RTLD_DEEPBIND
        /*
-        * use deepbind if possible, to avoid issues with different
-        * system library variants, for example ldb modules may be linked
-        * against Heimdal while the application may use MIT kerberos.
+        * On systems where e.g. different kerberos libraries are used, like a
+        * mix of Heimdal and MIT Kerberos, LDB_MODULES_ENABLE_DEEPBIND should
+        * be set to avoid issues.
         *
-        * See the dlopen manpage for details.
-        *
-        * One typical user is the bind_dlz module of Samba,
-        * but symbol versioning might be enough...
-        *
-        * We need a way to disable this in order to allow the
-        * ldb_*ldap modules to work with a preloaded socket wrapper.
-        *
-        * So in future we may remove this completely
-        * or at least invert the default behavior.
-       */
+        * By default Linux distributions only have one Kerberos library.
+        */
        if (deepbind_enabled) {
                dlopen_flags |= RTLD_DEEPBIND;
        }

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 26b1663b5b689e70d56dcc03c2af7321fed24339..a0c4ec80f59939753b11ff95de8583926f31913a 100755 (executable)
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -433,12 +433,6 @@ $ENV{UID_WRAPPER} = 1;
 # We are already hitting the limit, so double it.
 $ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200;
 
-# Disable RTLD_DEEPBIND hack for Samba bind dlz module
-#
-# This is needed in order to allow the ldb_*ldap module
-# to work with a preloaded socket wrapper.
-$ENV{LDB_MODULES_DISABLE_DEEPBIND} = 1;
-
 my $socket_wrapper_dir;
 if ($opt_socket_wrapper) {
        $socket_wrapper_dir = SocketWrapper::setup_dir("$prefix_abs/w", $opt_socket_wrapper_pcap);

diff --git a/selftest/wscript b/selftest/wscript
index 52c34dcb88d21d7c1bef2a6156d666474937ee26..95e70706e63c8047b08cca780c05f45029841665 100644 (file)
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -333,9 +333,8 @@ def cmd_testonly(opt):
         asan_options += ":suppressions=${srcdir}/selftest/sanitizer/asan.supp"
         asan_options += " "
 
-        # And we need to disable RTLD_DEEPBIND in ldb and socket wrapper
-        no_leak_check = "LDB_MODULES_DISABLE_DEEPBIND=1 "
-        no_leak_check += "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
+        # We need to disable RTLD_DEEPBIND in socket wrapper
+        no_leak_check = "SOCKET_WRAPPER_DISABLE_DEEP_BIND=1"
         no_leak_check += " "
         env.CORE_COMMAND = asan_options + no_leak_check + env.CORE_COMMAND