[Samba] Re: [PATCH] pam_winbind bug

Hannes Schmidt mail at schmidt-net.via.t-online.de
Wed Aug 7 11:39:02 GMT 2002


I don't know much about PAM, but I think that your code (I had a look at it) is wrong *and* the pam_winbind code is wrong. I think you should only call pam_start()/pam_end() once, that is, outside of your main loop. AFAIK, PAM loads the pam_winbind module in pam_start() and unloads it in pam_end(). Now, pam_windbind remembers the socket handle in a static variable. If the module gets unloaded it forgets about it because the memory for that variable gets released. Next time the module gets loaded, it opens a new socket.

The pam_winbinds code is wrong in that there should definitely be some cleanup code, that gets executed when the module is unloaded and that closes the socket.

Hope, this helps ...

----- Original Message ----- 
From: "Timo Benk" <tik at talicom.de>
To: "Hannes Schmidt" <mail at schmidt-net.via.t-online.de>
Cc: "Timo Benk" <tik at talicom.de>; <samba at lists.samba.org>
Sent: Wednesday, August 07, 2002 5:36 PM
Subject: Re: [Samba] Re: [PATCH] pam_winbind bug


> Hi Hannes,
> 
> On Wed, Aug 07, 2002 at 04:20:02PM +0200, Hannes Schmidt wrote:
> > This issue is currently beeing worked on, but it's not as simple a bug as it 
> > might seem. 
> > The socket is left open intentionally, for performance reasons.
> The problem is that i have written a simple authentication mechanism
> for my application that verifies a given username/password pair against
> pam, especially pam_winbind.so. The authentication happens numerous
> times, and my problem is that each time the authentication takes place
> a new socket is created, so long until there are no more free file
> descriptors available.
> 
> > Although it's generally O.K. to do that, because all open file-handles get 
> > closed at program exit automatically, it might confuse some ill-written 
> > applications (cron, in my case) in rare situations. I would be curious as to what 
> > problems are you having, exactly. 
> Is it then a problem in my implementation of the pam authentification?
> It corresponds to the code i posted previously to this topic.
> 
> > For more info, search the samba and samba-technical mailing list archives for my 
> > postings. Especially the thread "Winbind patch fixes broken client".
> I will do that.
> Thank you for your anwser.
> 
> -timo
> 
> > ----- Original Message ----- 
> > From: "Timo Benk" <tik at talicom.de>
> > To: <samba at samba.org>
> > Cc: "Timo Benk" <tik at talicom.de>
> > Sent: Wednesday, August 07, 2002 10:52 AM
> > Subject: [Samba] Re: [PATCH] pam_winbind bug
> > 
> > 
> > > Since the socket in winbind_nss.c is not closed
> > > too there maybe a similar problem.
> > > 
> > > However i am not deep enough into the code to
> > > say if the socket should be closed in wb_common.c,
> > > but since the socket needs to be closed somewhere,
> > > and since the time when socket is no more needed
> > > is not fixed, i think that the socket should be closed
> > > in pam_winbind.c, resp. winbind_nss.c.
> > > 
> > > Only my 2 cents:-)
> > > 
> > > -timo
> > > 
> > > On Wed, Aug 07, 2002 at 10:35:57AM +0200, Timo Benk wrote:
> > > > Hi,
> > > > 
> > > > The socket which is opened in write_sock() from
> > > > wb_common.c is never closed in pam_winbind.c.
> > > > 
> > > > The attached patch fixes the problem for me in the 
> > > > pam winbind module.
> > > > 
> > > > -timo
> > > -- 
> > > To unsubscribe from this list go to the following URL and read the
> > > instructions:  http://lists.samba.org/mailman/listinfo/samba
> > > 
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  http://lists.samba.org/mailman/listinfo/samba
> 




More information about the samba mailing list