The branch, master has been updated
via 94464ed pam_winbind: Create and use a wbclient context
via 4c139e2 pam_winbind: Use the correct type to check the pam_parse()
return code
from fca78dd s3: smbd: DFS - Remove the last lp_posix_pathnames() from
the SMB2/3 code paths.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 94464ed82c93094a972984ac1828f0bcc256f13c
Author: Andreas Schneider <[email protected]>
Date: Thu Mar 24 09:38:56 2016 +0100
pam_winbind: Create and use a wbclient context
PAM sessions are long running. If we create a pam session a connection
to winbind is established and only closed by the destructor of the
libwbclient library. If we create a wbcContext, we will free it in the
end of the PAM function being called and the socket will be closed. This
decreases the amount of allocated 'winbindd_cli_state' structures in
winbind for every logged in user.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
commit 4c139e23e918c7a378953a3f9fc6ec7c927cf6f5
Author: Andreas Schneider <[email protected]>
Date: Thu Mar 24 09:23:31 2016 +0100
pam_winbind: Use the correct type to check the pam_parse() return code
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Guenther Deschner <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/pam_winbind.c | 42 ++++++++++++++++++++++++++++++++----------
nsswitch/pam_winbind.h | 1 +
2 files changed, 33 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index b83a276..b2e1778 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -540,6 +540,8 @@ static int _pam_winbind_free_context(struct pwb_context
*ctx)
tiniparser_freedict(ctx->dict);
}
+ wbcCtxFree(ctx->wbc_ctx);
+
return 0;
}
@@ -551,6 +553,7 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
struct pwb_context **ctx_p)
{
struct pwb_context *r = NULL;
+ int ctrl_code;
#ifdef HAVE_GETTEXT
textdomain_init();
@@ -567,8 +570,15 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
r->flags = flags;
r->argc = argc;
r->argv = argv;
- r->ctrl = _pam_parse(pamh, flags, argc, argv, type, &r->dict);
- if (r->ctrl == -1) {
+ ctrl_code = _pam_parse(pamh, flags, argc, argv, type, &r->dict);
+ if (ctrl_code == -1) {
+ TALLOC_FREE(r);
+ return PAM_SYSTEM_ERR;
+ }
+ r->ctrl = ctrl_code;
+
+ r->wbc_ctx = wbcCtxCreate();
+ if (r->wbc_ctx == NULL) {
TALLOC_FREE(r);
return PAM_SYSTEM_ERR;
}
@@ -1100,7 +1110,11 @@ static bool winbind_name_to_sid_string(struct
pwb_context *ctx,
_pam_log_debug(ctx, LOG_DEBUG,
"no sid given, looking up: %s\n", name);
- wbc_status = wbcLookupName("", name, &sid, &type);
+ wbc_status = wbcCtxLookupName(ctx->wbc_ctx,
+ "",
+ name,
+ &sid,
+ &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
_pam_log(ctx, LOG_INFO,
"could not lookup name: %s\n", name);
@@ -1820,7 +1834,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
}
}
- wbc_status = wbcLogonUser(&logon, &info, &error, &policy);
+ wbc_status = wbcCtxLogonUser(ctx->wbc_ctx,
+ &logon,
+ &info,
+ &error,
+ &policy);
ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
user, "wbcLogonUser");
wbcFreeMemory(logon.blobs);
@@ -1967,7 +1985,11 @@ static int winbind_chauthtok_request(struct pwb_context
*ctx,
params.new_password.plaintext = newpass;
params.flags = flags;
- wbc_status = wbcChangeUserPasswordEx(¶ms, &error, &reject_reason,
&policy);
+ wbc_status = wbcCtxChangeUserPasswordEx(ctx->wbc_ctx,
+ ¶ms,
+ &error,
+ &reject_reason,
+ &policy);
ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
user, "wbcChangeUserPasswordEx");
@@ -2071,7 +2093,7 @@ static int valid_user(struct pwb_context *ctx,
return 1;
}
- wbc_status = wbcGetpwnam(user, &wb_pwd);
+ wbc_status = wbcCtxGetpwnam(ctx->wbc_ctx, user, &wb_pwd);
wbcFreeMemory(wb_pwd);
if (!WBC_ERROR_IS_OK(wbc_status)) {
_pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n",
@@ -2401,7 +2423,7 @@ static char winbind_get_separator(struct pwb_context *ctx)
wbcErr wbc_status;
static struct wbcInterfaceDetails *details = NULL;
- wbc_status = wbcInterfaceDetails(&details);
+ wbc_status = wbcCtxInterfaceDetails(ctx->wbc_ctx, &details);
if (!WBC_ERROR_IS_OK(wbc_status)) {
_pam_log(ctx, LOG_ERR,
"Could not retrieve winbind interface details: %s",
@@ -2456,14 +2478,14 @@ static char* winbind_upn_to_username(struct pwb_context
*ctx,
/* Convert the UPN to a SID */
- wbc_status = wbcLookupName(domain, name, &sid, &type);
+ wbc_status = wbcCtxLookupName(ctx->wbc_ctx, domain, name, &sid, &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
return NULL;
}
/* Convert the the SID back to the sAMAccountName */
- wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
+ wbc_status = wbcCtxLookupSid(ctx->wbc_ctx, &sid, &domain, &name, &type);
if (!WBC_ERROR_IS_OK(wbc_status)) {
return NULL;
}
@@ -2568,7 +2590,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
goto out;
}
- wbc_status = wbcLogoffUserEx(&logoff, &error);
+ wbc_status = wbcCtxLogoffUserEx(ctx->wbc_ctx, &logoff, &error);
retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
user, "wbcLogoffUser");
wbcFreeMemory(error);
diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h
index 13542b2..6b65c46 100644
--- a/nsswitch/pam_winbind.h
+++ b/nsswitch/pam_winbind.h
@@ -213,6 +213,7 @@ struct pwb_context {
const char **argv;
struct tiniparser_dictionary *dict;
uint32_t ctrl;
+ struct wbcContext *wbc_ctx;
};
#ifndef TALLOC_FREE
--
Samba Shared Repository
