diff options
author | Andreas Schneider <asn@samba.org> | 2016-03-24 09:38:56 +0100 |
---|---|---|
committer | Andreas Schneider <asn@cryptomilk.org> | 2016-03-25 17:45:24 +0100 |
commit | 94464ed82c93094a972984ac1828f0bcc256f13c (patch) | |
tree | ed8af137c03ad4038322a730781c32ceca7436df /nsswitch | |
parent | 4c139e23e918c7a378953a3f9fc6ec7c927cf6f5 (diff) | |
download | samba-94464ed82c93094a972984ac1828f0bcc256f13c.tar.gz |
pam_winbind: Create and use a wbclient context
PAM sessions are long running. If we create a pam session a connection
to winbind is established and only closed by the destructor of the
libwbclient library. If we create a wbcContext, we will free it in the
end of the PAM function being called and the socket will be closed. This
decreases the amount of allocated 'winbindd_cli_state' structures in
winbind for every logged in user.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Mar 25 17:45:24 CET 2016 on sn-devel-144
Diffstat (limited to 'nsswitch')
-rw-r--r-- | nsswitch/pam_winbind.c | 36 | ||||
-rw-r--r-- | nsswitch/pam_winbind.h | 1 |
2 files changed, 29 insertions, 8 deletions
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c index 745735fcd2d..b2e1778c69d 100644 --- a/nsswitch/pam_winbind.c +++ b/nsswitch/pam_winbind.c @@ -540,6 +540,8 @@ static int _pam_winbind_free_context(struct pwb_context *ctx) tiniparser_freedict(ctx->dict); } + wbcCtxFree(ctx->wbc_ctx); + return 0; } @@ -575,6 +577,12 @@ static int _pam_winbind_init_context(pam_handle_t *pamh, } r->ctrl = ctrl_code; + r->wbc_ctx = wbcCtxCreate(); + if (r->wbc_ctx == NULL) { + TALLOC_FREE(r); + return PAM_SYSTEM_ERR; + } + *ctx_p = r; return PAM_SUCCESS; @@ -1102,7 +1110,11 @@ static bool winbind_name_to_sid_string(struct pwb_context *ctx, _pam_log_debug(ctx, LOG_DEBUG, "no sid given, looking up: %s\n", name); - wbc_status = wbcLookupName("", name, &sid, &type); + wbc_status = wbcCtxLookupName(ctx->wbc_ctx, + "", + name, + &sid, + &type); if (!WBC_ERROR_IS_OK(wbc_status)) { _pam_log(ctx, LOG_INFO, "could not lookup name: %s\n", name); @@ -1822,7 +1834,11 @@ static int winbind_auth_request(struct pwb_context *ctx, } } - wbc_status = wbcLogonUser(&logon, &info, &error, &policy); + wbc_status = wbcCtxLogonUser(ctx->wbc_ctx, + &logon, + &info, + &error, + &policy); ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status, user, "wbcLogonUser"); wbcFreeMemory(logon.blobs); @@ -1969,7 +1985,11 @@ static int winbind_chauthtok_request(struct pwb_context *ctx, params.new_password.plaintext = newpass; params.flags = flags; - wbc_status = wbcChangeUserPasswordEx(¶ms, &error, &reject_reason, &policy); + wbc_status = wbcCtxChangeUserPasswordEx(ctx->wbc_ctx, + ¶ms, + &error, + &reject_reason, + &policy); ret = wbc_auth_error_to_pam_error(ctx, error, wbc_status, user, "wbcChangeUserPasswordEx"); @@ -2073,7 +2093,7 @@ static int valid_user(struct pwb_context *ctx, return 1; } - wbc_status = wbcGetpwnam(user, &wb_pwd); + wbc_status = wbcCtxGetpwnam(ctx->wbc_ctx, user, &wb_pwd); wbcFreeMemory(wb_pwd); if (!WBC_ERROR_IS_OK(wbc_status)) { _pam_log(ctx, LOG_DEBUG, "valid_user: wbcGetpwnam gave %s\n", @@ -2403,7 +2423,7 @@ static char winbind_get_separator(struct pwb_context *ctx) wbcErr wbc_status; static struct wbcInterfaceDetails *details = NULL; - wbc_status = wbcInterfaceDetails(&details); + wbc_status = wbcCtxInterfaceDetails(ctx->wbc_ctx, &details); if (!WBC_ERROR_IS_OK(wbc_status)) { _pam_log(ctx, LOG_ERR, "Could not retrieve winbind interface details: %s", @@ -2458,14 +2478,14 @@ static char* winbind_upn_to_username(struct pwb_context *ctx, /* Convert the UPN to a SID */ - wbc_status = wbcLookupName(domain, name, &sid, &type); + wbc_status = wbcCtxLookupName(ctx->wbc_ctx, domain, name, &sid, &type); if (!WBC_ERROR_IS_OK(wbc_status)) { return NULL; } /* Convert the the SID back to the sAMAccountName */ - wbc_status = wbcLookupSid(&sid, &domain, &name, &type); + wbc_status = wbcCtxLookupSid(ctx->wbc_ctx, &sid, &domain, &name, &type); if (!WBC_ERROR_IS_OK(wbc_status)) { return NULL; } @@ -2570,7 +2590,7 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags, goto out; } - wbc_status = wbcLogoffUserEx(&logoff, &error); + wbc_status = wbcCtxLogoffUserEx(ctx->wbc_ctx, &logoff, &error); retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status, user, "wbcLogoffUser"); wbcFreeMemory(error); diff --git a/nsswitch/pam_winbind.h b/nsswitch/pam_winbind.h index 13542b2968f..6b65c462eaa 100644 --- a/nsswitch/pam_winbind.h +++ b/nsswitch/pam_winbind.h @@ -213,6 +213,7 @@ struct pwb_context { const char **argv; struct tiniparser_dictionary *dict; uint32_t ctrl; + struct wbcContext *wbc_ctx; }; #ifndef TALLOC_FREE |