[Pkg-samba-maint] Bug#574468: samba: pam_winbind leaks file descriptors

Josh Kelley joshkel at gmail.com
Thu Mar 18 12:52:43 UTC 2010 

Package: samba
Version: 2:3.4.7~dfsg-1~bpo50+1
Severity: important
Tags: patch


The pam_winbind module leaks file descriptors.  wb_common.c keeps its
file descriptor in the winbindd_fd global variable and closes that
through the winbind_close_sock function, but there's no provision for
making sure that winbind_close_sock is called when pam_winbind is closed
via dlclose.

A symptom of this is that Apache, if set up to use its auth_pam module,
is eventually unable to authenticate new users.

The attached patch instructs gcc to treat winbind_close_sock as a
destructor.  This is the simplest fix but maybe not the best; from
looking at the docs, specifying a cleanup function to pam_set_data (and
doing something else for nss_winbind?) may be more correct.

-- System Information:
Debian Release: 5.0.4
  APT prefers stable
  APT policy: (900, 'stable'), (750, 'unstable'), (700, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages samba depends on:
ii  adduser  3.110                           add and remove users and groups
ii  debconf  1.5.24                          Debian configuration management sy
ii  libacl1  2.2.47-2                        Access control list shared library
ii  libattr1 1:2.4.43-2                      Extended attribute shared library
ii  libc6    2.7-18lenny2                    GNU C Library: Shared libraries
ii  libcap2  2.11-2                          support for getting/setting POSIX.
ii  libcomer 1.41.3-1                        common error description library
ii  libcups2 1.3.8-1+lenny8                  Common UNIX Printing System(tm) - 
ii  libgnutl 2.4.2-6+lenny2                  the GNU TLS library - runtime libr
ii  libkrb53 1.6.dfsg.4~beta1-5lenny2        MIT Kerberos runtime libraries
ii  libldap- 2.4.11-1+lenny1                 OpenLDAP libraries
ii  libpam-m 1.0.1-5+lenny1                  Pluggable Authentication Modules f
ii  libpam-r 1.0.1-5+lenny1                  Runtime support for the PAM librar
ii  libpam0g 1.0.1-5+lenny1                  Pluggable Authentication Modules l
ii  libpopt0 1.14-4                          lib for parsing cmdline parameters
ii  libtallo 2.0.1-1~bpo50+1                 hierarchical pool based memory all
ii  libwbcli 2:3.4.7~dfsg-1~bpo50+1          Samba winbind client library
ii  lsb-base 3.2-20                          Linux Standard Base 3.2 init scrip
ii  procps   1:3.2.7-11                      /proc file system utilities
ii  samba-co 2:3.4.7~dfsg-1~bpo50+1          common files used by both the Samb
ii  update-i 4.31                            inetd configuration file updater
ii  zlib1g   1:1.2.3.3.dfsg-12               compression library - runtime

Versions of packages samba recommends:
ii  logrotate                     3.7.1-5    Log rotation utility

Versions of packages samba suggests:
ii  ctdb                    1.0.99-1~bpo50+1 clustered database to store tempor
pn  ldb-tools               <none>           (no description available)
ii  openbsd-inetd [inet-sup 0.20080125-2     The OpenBSD Internet Superserver
pn  smbldap-tools           <none>           (no description available)

-- debconf information:
  samba/run_mode: daemons
  samba/generate_smbpasswd: true
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winbind-fd-leak.patch
Type: text/x-diff
Size: 193 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20100318/76c97372/attachment.patch>

More information about the Pkg-samba-maint mailing list