pam_winbind: Create and use a wbclient context

PAM sessions are long running. If we create a pam session a connection to winbind is established and only closed by the destructor of the libwbclient library. If we create a wbcContext, we will free it in the end of the PAM function being called and the socket will be closed. This decreases the amount of allocated 'winbindd_cli_state' structures in winbind for every logged in user. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
author: Andreas Schneider <asn@samba.org> 2016-03-24 09:38:56 +0100
committer: Andreas Schneider <asn@cryptomilk.org> 2016-03-25 17:45:24 +0100
commit: 94464ed82c93094a972984ac1828f0bcc256f13c (patch)
tree: ed8af137c03ad4038322a730781c32ceca7436df /nsswitch
parent: 4c139e23e918c7a378953a3f9fc6ec7c927cf6f5 (diff)
download: samba-94464ed82c93094a972984ac1828f0bcc256f13c.tar.gz
2 files changed, 29 insertions, 8 deletions
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 745735fcd2d..b2e1778c69d 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -540,6 +540,8 @@ static int _pam_winbind_free_context(struct pwb_context *ctx)
 		tiniparser_freedict(ctx->dict);
 	}
 
+	wbcCtxFree(ctx->wbc_ctx);
+
 	return 0;
 }
 
@@ -575,6 +577,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh,
 	}
 	r->ctrl = ctrl_code;
 
+	r->wbc_ctx = wbcCtxCreate();
+	if (r->wbc_ctx == NULL) {
+		TALLOC_FREE(r);
+		return PAM_SYSTEM_ERR;
+	}
+
 	*ctx_p = r;
 
 	return PAM_SUCCESS;
@@ -1102,7 +1110,11 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx,
 		_pam_log_debug(ctx, LOG_DEBUG,
 			       "no sid given, looking up: %s\n", name);
 
-		wbc_status = wbcLookupName("", name, &sid, &type);
+		wbc_status = wbcCtxLookupName(ctx->wbc_ctx,
+					      "",
+					      name,
+					      &sid,
+					      &type);
 		if (!WBC_ERROR_IS_OK(wbc_status)) {
 			_pam_log(ctx, LOG_INFO,
 				 "could not lookup name: %s\n", name);
@@ -1822,7 +1834,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
 		}
 	}
 
-	wbc_status = wbcLogonUser(&logon, &info, &error, &policy);
+	wbc_status = wbcCtxLogonUser(ctx->wbc_ctx,
+				     &logon,
+				     &info,
+				     &error,
+				     &policy);
 	ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
 					  user, "wbcLogonUser");
 	wbcFreeMemory(logon.blobs);
@@ -1969,7 +1985,11 @@ static int winbind_chauthtok_request(struct pwb_context *ctx,
 	params.new_password.plaintext	= newpass;
 	params.flags			= flags;
 
-	wbc_status = wbcChangeUserPasswordEx(&params, &error, &reject_reason, &policy);
+	wbc_status = wbcCtxChangeUserPasswordEx(ctx->wbc_ctx,
+						&params,
+						&error,
+						&reject_reason,
+						&policy);
 	ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
 					  user, "wbcChangeUserPasswordEx");
 
@@ -2073,7 +2093,7 @@ static int valid_user(struct pwb_context *ctx,
 		return 1;
 	}
 
-	wbc_status = wbcGetpwnam(user, &wb_pwd);
+	wbc_status = wbcCtxGetpwnam(ctx->wbc_ctx, user, &wb_pwd);
 	wbcFreeMemory(wb_pwd);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		_pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n",
@@ -2403,7 +2423,7 @@ static char winbind_get_separator(struct pwb_context *ctx)
 	wbcErr wbc_status;
 	static struct wbcInterfaceDetails *details = NULL;
 
-	wbc_status = wbcInterfaceDetails(&details);
+	wbc_status = wbcCtxInterfaceDetails(ctx->wbc_ctx, &details);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		_pam_log(ctx, LOG_ERR,
 			 "Could not retrieve winbind interface details: %s",
@@ -2458,14 +2478,14 @@ static char* winbind_upn_to_username(struct pwb_context *ctx,
 
 	/* Convert the UPN to a SID */
 
-	wbc_status = wbcLookupName(domain, name, &sid, &type);
+	wbc_status = wbcCtxLookupName(ctx->wbc_ctx, domain, name, &sid, &type);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return NULL;
 	}
 
 	/* Convert the the SID back to the sAMAccountName */
 
-	wbc_status = wbcLookupSid(&sid, &domain, &name, &type);
+	wbc_status = wbcCtxLookupSid(ctx->wbc_ctx, &sid, &domain, &name, &type);
 	if (!WBC_ERROR_IS_OK(wbc_status)) {
 		return NULL;
 	}
@@ -2570,7 +2590,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
 			goto out;
 		}
 
-		wbc_status = wbcLogoffUserEx(&logoff, &error);
+		wbc_status = wbcCtxLogoffUserEx(ctx->wbc_ctx, &logoff, &error);
 		retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
 						     user, "wbcLogoffUser");
 		wbcFreeMemory(error);
diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h
index 13542b2968f..6b65c462eaa 100644
--- a/nsswitch/pam_winbind.h
+++ b/nsswitch/pam_winbind.h
@@ -213,6 +213,7 @@ struct pwb_context {
 	const char **argv;
 	struct tiniparser_dictionary *dict;
 	uint32_t ctrl;
+	struct wbcContext *wbc_ctx;
 };
 
 #ifndef TALLOC_FREE
author	Andreas Schneider <asn@samba.org>	2016-03-24 09:38:56 +0100
committer	Andreas Schneider <asn@cryptomilk.org>	2016-03-25 17:45:24 +0100
commit	94464ed82c93094a972984ac1828f0bcc256f13c (patch)
tree	ed8af137c03ad4038322a730781c32ceca7436df /nsswitch
parent	4c139e23e918c7a378953a3f9fc6ec7c927cf6f5 (diff)
download	samba-94464ed82c93094a972984ac1828f0bcc256f13c.tar.gz