Bug 2396621
| Summary: | removal of dlopen (dlz) support breaks samba-dc-bind-dlz | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | junk |
| Component: | samba | Assignee: | Guenther Deschner <gdeschner> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 42 | CC: | abokovoy, anon.amish, anoopcs, asn, dns-sig, gdeschner, mruprich, pemensik, pfilipen, sbose, ssorce, zdohnal |
| Target Milestone: | --- | Keywords: | Reopened |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | samba-4.23.0-14.fc44 samba-4.23.0-13.fc43 | Doc Type: | --- |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-09-23 10:17:22 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
junk
2025-09-19 03:58:22 UTC
The removal should have removed only outdated and AFAIK unused plugins shipped by bind itself. It should have not prevented support for loading other plugins, such as the plugin provided by samba-dc-bind-dlz package. Can you please share error message provided by named? What is the named.conf configuration and what does it print into journalctl -xeu named? please provide named-checkconf -px full output if possible. But at least share what dlz configuration in /etc/named.conf looks like. It should have stopped just providing bind-dlz-mysql, bind-dlz-sqlite3 and similar. Not prevent potentially still useful external plugins. I have tried this snippet:
dlz example {
database "dlopen /usr/lib64/samba/bind9/dlz_bind9_18.so";
search no;
};
That crashes, but at least tries to load the plugin. I am not sure how exactly it should be configured in samba. Is it possible SELinux is blocking permissions perhaps?
In my case, it could not find /var/lib/samba/bind-dns/dns/sam.ldb and crashed when trying to log it. dlz_bind9_state were NULL at that point.
(gdb) bt
#0 0x00007ffff5292f03 in dlz_create (dlzname=<optimized out>, argc=1, argv=0x7ffff007d688, dbdata=0x7ffff007fe08) at ../../source4/dns_server/dlz_bind9.c:730
#1 0x0000555555560fb5 in dlopen_dlz_create (dlzname=0x7ffff0053140 "example", argc=2, argv=0x7ffff007d680, driverarg=<optimized out>, dbdata=<optimized out>) at ../../../bin/named/dlz_dlopen_driver.c:314
#2 0x00007ffff7d315c9 in dns_sdlzcreate (mctx=<optimized out>, dlzname=0x7ffff0053140 "example", argc=2, argv=0x7ffff007d680, driverarg=0x555555645c30, dbdata=0x7ffff007dc68) at ../../../lib/dns/sdlz.c:1627
#3 0x00007ffff7c380cb in dns_dlzcreate (mctx=mctx@entry=0x55555563c860, dlzname=0x7ffff0053140 "example", drivername=drivername@entry=0x7ffff007dbf0 "dlopen", argc=argc@entry=2,
argv=argv@entry=0x7ffff007d680, dbp=dbp@entry=0x7ffff6c4c4a0) at ../../../lib/dns/dlz.c:212
#4 0x0000555555576861 in configure_view (view=0x7ffff000f3b0, viewlist=<optimized out>, config=0x7ffff004e560, vconfig=0x0, cachelist=0x7ffff6c4d550, kasplist=<optimized out>, bindkeys=0x0,
mctx=0x55555563c860, actx=0x7ffff00052f0, need_hints=true) at ../../../bin/named/server.c:4485
#5 0x00005555555848bf in load_configuration (filename=<optimized out>, server=server@entry=0x555555645d10, first_time=first_time@entry=true) at ../../../bin/named/server.c:9569
#6 0x0000555555586ff7 in run_server (task=<optimized out>, event=<optimized out>) at ../../../bin/named/server.c:10306
#7 0x00007ffff7f64120 in task_run (task=0x555555692990) at ../../../lib/isc/task.c:832
#8 isc_task_run (task=0x555555692990) at ../../../lib/isc/task.c:913
#9 0x00007ffff7f237ec in isc__nm_async_task (worker=0x555555644f30, ev0=0x55555569ce70) at ../../../lib/isc/netmgr/netmgr.c:867
#10 0x00007ffff7f2b74d in process_netievent (worker=worker@entry=0x555555644f30, ievent=0x55555569ce70) at ../../../lib/isc/netmgr/netmgr.c:949
#11 0x00007ffff7f2be6f in process_queue (worker=worker@entry=0x555555644f30, type=type@entry=NETIEVENT_TASK) at ../../../lib/isc/netmgr/netmgr.c:1044
#12 0x00007ffff7f2c088 in process_all_queues (worker=0x555555644f30) at ../../../lib/isc/netmgr/netmgr.c:780
#13 async_cb (handle=0x555555645290) at ../../../lib/isc/netmgr/netmgr.c:809
#14 0x00007ffff7bac60e in uv__async_io (loop=0x555555644f40, w=<optimized out>, events=<optimized out>) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/async.c:208
#15 0x00007ffff7bcb71e in uv__io_poll (loop=0x555555644f40, timeout=<optimized out>) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/linux.c:1565
#16 0x00007ffff7bb69e2 in uv_run (loop=loop@entry=0x555555644f40, mode=mode@entry=UV_RUN_DEFAULT) at /usr/src/debug/libuv-1.51.0-2.fc43.x86_64/src/unix/core.c:460
#17 0x00007ffff7f2c57d in nm_thread (worker0=0x555555644f30) at ../../../lib/isc/netmgr/netmgr.c:711
#18 0x00007ffff7f6826c in isc__trampoline_run (arg=0x55555563f620) at ../../../lib/isc/trampoline.c:190
#19 0x00007ffff72f738b in start_thread (arg=<optimized out>) at pthread_create.c:448
#20 0x00007ffff737a46c in __GI___clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
But it proves bind tried to load something from it.
Please share what named logs. It it does not, please try running named as root from gdb. Using sudo gdb --args -g -u named start the debugger, enable debuginfod and type run. If it crashes, type bt and paste it here. Type quit to exit debugger. From my short test, it seems DLZ it still possible, just not shipped in bind component anymore. (gdb) p state->lp $12 = (struct loadparm_context *) 0x7ffff00dd980 (gdb) p dlz_bind9_state->log Cannot access memory at address 0x60 (gdb) p state->log $13 = (log_t *) 0x5555555609c0 <dlopen_log> It seems the plugin is trying wrong state->log function and crashes. But that is not problem on bind side, but samba. Moving back to samba for fixing the load on not fully prepared samba system. It attempted to load with versions: bind-9.18.39-3.fc44.x86_64 samba-4.23.0-13.fc44.x86_64 Removal of bind-dlz-* subpackages should not affect ability to load samba plugin. I think it should also stop building DLZ plugins for versions long gone in Fedora. /usr/lib64/samba/bind9/dlz_bind9_10.so /usr/lib64/samba/bind9/dlz_bind9_11.so /usr/lib64/samba/bind9/dlz_bind9_12.so /usr/lib64/samba/bind9/dlz_bind9_14.so /usr/lib64/samba/bind9/dlz_bind9_16.so /usr/lib64/samba/bind9/dlz_bind9_18.so Only 9.18 is supported in any Fedora releases. 9.16 is still present in CentOS 9, but anything older should not be built anymore. Especially anything for 9.10. Would it make sense to maybe symlink older versions to the latest one, unless they differ in something specific. I think there were no important changes on bind side in these interfaces in couple of major releases. Tested also bind9-next alternative 9.21, that still loads the DLZ plugin and crashes the same way. Debugging information here: https://wiki.samba.org/index.php/BIND9_DLZ_DNS_Back_End Tell Samba to use the Bind backend: # samba_upgradedns --dns-backend=BIND9_DLZ I believe I have solved this non-issue. I added my include directive at the start of named.conf and it had no effect - no log, no loading dlz modules, no debug info, nothing. Moving the include directive within a view causes the module to load and I ahve forward progress. Thanks for taking a look! Reverting the bug to ASSIGNED. We fixed this issue upstream to prevent a crash, even with incorrect config file, I'll do a backport. FEDORA-2025-90533b236f (samba-4.23.0-14.fc44) has been submitted as an update to Fedora 44. https://bodhi.fedoraproject.org/updates/FEDORA-2025-90533b236f FEDORA-2025-1b1f27e000 (samba-4.23.0-0.7.rc3.fc43) has been submitted as an update to Fedora 43. https://bodhi.fedoraproject.org/updates/FEDORA-2025-1b1f27e000 FEDORA-2025-90533b236f (samba-4.23.0-14.fc44) has been pushed to the Fedora 44 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2025-1b1f27e000 has been pushed to the Fedora 43 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-1b1f27e000` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-1b1f27e000 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-2025-1b1f27e000 (samba-4.23.0-13.fc43) has been pushed to the Fedora 43 stable repository. If problem still persists, please make note of it in this bug report. |