The branch, master has been updated
via 9ef2f7345f0 s3:auth: Flush the GETPWSID in memory cache for NTLM
auth
from 3e95c677f24 pytests:s4/dsdb/passwords: avoid unused imports
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9ef2f7345f0d387567fca598cc7008af95598903
Author: Andreas Schneider <a...@samba.org>
Date: Mon Sep 12 16:31:05 2022 +0200
s3:auth: Flush the GETPWSID in memory cache for NTLM auth
Example valgrind output:
==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss
record 1,075 of 1,075
==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309)
==22502== by 0x11D7089C: _talloc_pooled_object (in
/usr/lib64/libtalloc.so.2.1.16)
==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0)
==22502== by 0x6A1E1A3: pdb_copy_sam_account (in
/usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x6A28AB7: pdb_getsampwnam (in
/usr/lib64/libsamba-passdb.so.0.27.2)
==22502== by 0x65D0BC4: check_sam_security (in
/usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so)
==22502== by 0x65C781A: auth_check_ntlm_password (in
/usr/lib64/samba/libauth-samba4.so)
==22502== by 0x14E464: ??? (in /usr/sbin/winbindd)
==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd)
==22502== by 0x152072: winbindd_dual_pam_auth_crap (in
/usr/sbin/winbindd)
==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in
/usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in
/usr/lib64/libtevent.so.0.9.39)
==22502== by 0x16A243: ??? (in /usr/sbin/winbindd)
==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd)
==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in
/usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F29F8F: tevent_common_loop_immediate (in
/usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F2925C: _tevent_loop_once (in
/usr/lib64/libtevent.so.0.9.39)
==22502== by 0x12F4C7: main (in /usr/sbin/winbindd)
You can find one for each string in pdb_copy_sam_account(), in total
this already has 67 MB in total for this valgrind run.
pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169
Signed-off-by: Andreas Schneider <a...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/auth/check_samsec.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c
index 8c64456c582..1b346b43870 100644
--- a/source3/auth/check_samsec.c
+++ b/source3/auth/check_samsec.c
@@ -24,6 +24,7 @@
#include "auth.h"
#include "../libcli/auth/libcli_auth.h"
#include "passdb.h"
+#include "lib/util/memcache.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -568,8 +569,6 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
nt_status = make_server_info_sam(mem_ctx, sampass, server_info);
unbecome_root();
- TALLOC_FREE(sampass);
-
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("check_sam_security: make_server_info_sam() failed
with '%s'\n", nt_errstr(nt_status)));
goto done;
@@ -588,6 +587,11 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge,
(*server_info)->nss_token |= user_info->was_mapped;
done:
+ /*
+ * Always flush the getpwsid cache or this will grow indefinetly for
+ * each NTLM auththentication.
+ */
+ memcache_flush(NULL, PDB_GETPWSID_CACHE);
TALLOC_FREE(sampass);
data_blob_free(&user_sess_key);
data_blob_free(&lm_sess_key);
--
Samba Shared Repository
