Re: [Samba] Building rpcclient statically linked?
- Date: Mon, 18 Jun 2018 15:53:21 -0400
- From: pisymbol via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] Building rpcclient statically linked?
On Mon, Jun 18, 2018 at 2:39 PM, Andrew Bartlett <abartlet@xxxxxxxxx> wrote:
> On Mon, 2018-06-18 at 10:35 -0400, pisymbol via samba wrote:
> > Small addendum, I did try:
> > ./configure --nonshared-binary=ALL
> > ERROR: source source3/smbd/notify_msg.c is in more than one subsystem of
> > target 'smbstatus': ['smbd_base.objlist', 'smbstatus.objlist']
> > This is CentOS 7.5.
> > -aps
> Building more than smbd and smbtorture nonshared is simply not tested.
> The configure incantation for those is --nonshared-
This is what I feared!
> You can try --nonshared-binary=rpcclient but I suspect it will fail
> similarly, because so far nobody has done the work to ensure that each
> C file is only in one subsystem.
> Now, you have actually identified a bug, for smbstatus notify_msg.c is
> listed twice in the wscript_build file. Ideally Samba (or at least
> larger parts of Samba) would build as you suggest because it does
> identify real-world issues. While this file has no static data, if a C
> file is linked in twice with static data the results can be un-desired.
Totally understood. I figured it was a bug but I'm not a waf expert to be
confident in that assessment.
> From here however you can only try, and work to break up our dependency
> list into a directed acyclic graph. This is harder than is looks!
> Finally, perhaps you could detail what you are hoping to achieve with a
> static rpcclient? We may have another way to assist you with your
Andrew, very simply, I need a way to dump the raw share ACL.
Currently, I have a modified version of rpcclient that issues an info level
502 request but instead of parsing the share
security descriptor for rpcclient to parse, it copies the SD as a raw
binary buffer that I can print to stdout for another tool
to pickup and store for offline purposes. This is done by modifying the
generated ndr files (ndr_security.c) after they are
converted from their IDL ones (instead of creating an in-core
representation of the SD, I just copy it out as is).
What is happening NOW though is that because the team has split up
different subsystems into their own RPM, the changes I made
are not actually getting incorporated into the final binary because the RPC
stuff is part of the samba-client-libs.
I got fooled initially by all of this because of this screwy thing you guys
do (I say that with a lot of love!) with RPATH whereby the built binaries
tree have RPATHs set to within the tree itself but the final installed
executable have their RPATHs set to /usr/lib or whatever is the default
etc. It drove
me a little batty before looking at the waf install rules (it would work
when executed from within the build tree but then subsequently fail if I
the binary somewhere else etc.).
So here we go, very simply:
Can you tell me a way I can get access to the raw SD of a CIFS share (info
level 502) without modifying rpcclient? If not,
what would be the best approach then?
To unsubscribe from this list go to the following URL and read the