Package: samba Version: 2:3.4.7~dfsg-1~bpo50+1 Severity: important Tags: patch
The pam_winbind module leaks file descriptors. wb_common.c keeps its file descriptor in the winbindd_fd global variable and closes that through the winbind_close_sock function, but there's no provision for making sure that winbind_close_sock is called when pam_winbind is closed via dlclose. A symptom of this is that Apache, if set up to use its auth_pam module, is eventually unable to authenticate new users. The attached patch instructs gcc to treat winbind_close_sock as a destructor. This is the simplest fix but maybe not the best; from looking at the docs, specifying a cleanup function to pam_set_data (and doing something else for nss_winbind?) may be more correct. -- System Information: Debian Release: 5.0.4 APT prefers stable APT policy: (900, 'stable'), (750, 'unstable'), (700, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages samba depends on: ii adduser 3.110 add and remove users and groups ii debconf 1.5.24 Debian configuration management sy ii libacl1 2.2.47-2 Access control list shared library ii libattr1 1:2.4.43-2 Extended attribute shared library ii libc6 2.7-18lenny2 GNU C Library: Shared libraries ii libcap2 2.11-2 support for getting/setting POSIX. ii libcomer 1.41.3-1 common error description library ii libcups2 1.3.8-1+lenny8 Common UNIX Printing System(tm) - ii libgnutl 2.4.2-6+lenny2 the GNU TLS library - runtime libr ii libkrb53 1.6.dfsg.4~beta1-5lenny2 MIT Kerberos runtime libraries ii libldap- 2.4.11-1+lenny1 OpenLDAP libraries ii libpam-m 1.0.1-5+lenny1 Pluggable Authentication Modules f ii libpam-r 1.0.1-5+lenny1 Runtime support for the PAM librar ii libpam0g 1.0.1-5+lenny1 Pluggable Authentication Modules l ii libpopt0 1.14-4 lib for parsing cmdline parameters ii libtallo 2.0.1-1~bpo50+1 hierarchical pool based memory all ii libwbcli 2:3.4.7~dfsg-1~bpo50+1 Samba winbind client library ii lsb-base 3.2-20 Linux Standard Base 3.2 init scrip ii procps 1:3.2.7-11 /proc file system utilities ii samba-co 2:3.4.7~dfsg-1~bpo50+1 common files used by both the Samb ii update-i 4.31 inetd configuration file updater ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime Versions of packages samba recommends: ii logrotate 3.7.1-5 Log rotation utility Versions of packages samba suggests: ii ctdb 1.0.99-1~bpo50+1 clustered database to store tempor pn ldb-tools <none> (no description available) ii openbsd-inetd [inet-sup 0.20080125-2 The OpenBSD Internet Superserver pn smbldap-tools <none> (no description available) -- debconf information: samba/run_mode: daemons samba/generate_smbpasswd: true
diff -r samba-3.4.7.orig/nsswitch/winbind_client.h samba-3.4.7/nsswitch/winbind_client.h 28c28 < void winbind_close_sock(void); --- > void winbind_close_sock(void) __attribute__((destructor));