From 5d82b695ac8c04868702c459ae0430c014e1ac04 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Mon, 12 Sep 2022 16:31:05 +0200 Subject: [PATCH] s3:auth: Flush the GETPWSID in memory cache for NTLM auth Example valgrind output: ==22502== 22,747,002 bytes in 21,049 blocks are possibly lost in loss record 1,075 of 1,075 ==22502== at 0x4C29F73: malloc (vg_replace_malloc.c:309) ==22502== by 0x11D7089C: _talloc_pooled_object (in /usr/lib64/libtalloc.so.2.1.16) ==22502== by 0x9027834: tcopy_passwd (in /usr/lib64/libsmbconf.so.0) ==22502== by 0x6A1E1A3: pdb_copy_sam_account (in /usr/lib64/libsamba-passdb.so.0.27.2) ==22502== by 0x6A28AB7: pdb_getsampwnam (in /usr/lib64/libsamba-passdb.so.0.27.2) ==22502== by 0x65D0BC4: check_sam_security (in /usr/lib64/samba/libauth-samba4.so) ==22502== by 0x65C70F0: ??? (in /usr/lib64/samba/libauth-samba4.so) ==22502== by 0x65C781A: auth_check_ntlm_password (in /usr/lib64/samba/libauth-samba4.so) ==22502== by 0x14E464: ??? (in /usr/sbin/winbindd) ==22502== by 0x151CED: winbind_dual_SamLogon (in /usr/sbin/winbindd) ==22502== by 0x152072: winbindd_dual_pam_auth_crap (in /usr/sbin/winbindd) ==22502== by 0x167DE0: ??? (in /usr/sbin/winbindd) ==22502== by 0x12F29B12: tevent_common_invoke_fd_handler (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F30086: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x16A243: ??? (in /usr/sbin/winbindd) ==22502== by 0x16AA04: ??? (in /usr/sbin/winbindd) ==22502== by 0x12F29F68: tevent_common_invoke_immediate_handler (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F29F8F: tevent_common_loop_immediate (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F2FE3C: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F2E056: ??? (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F2925C: _tevent_loop_once (in /usr/lib64/libtevent.so.0.9.39) ==22502== by 0x12F4C7: main (in /usr/sbin/winbindd) You can find one for each string in pdb_copy_sam_account(), in total this already has 67 MB in total for this valgrind run. pdb_getsampwnam() -> memcache_add_talloc(NULL, PDB_GETPWSID_CACHE, ...) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15169 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Sep 16 20:30:31 UTC 2022 on sn-devel-184 (cherry picked from commit 9ef2f7345f0d387567fca598cc7008af95598903) --- source3/auth/check_samsec.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/source3/auth/check_samsec.c b/source3/auth/check_samsec.c index b9563c958a9..6a1567e92c5 100644 --- a/source3/auth/check_samsec.c +++ b/source3/auth/check_samsec.c @@ -24,6 +24,7 @@ #include "auth.h" #include "../libcli/auth/libcli_auth.h" #include "passdb.h" +#include "lib/util/memcache.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_AUTH @@ -487,8 +488,6 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, nt_status = make_server_info_sam(mem_ctx, sampass, server_info); unbecome_root(); - TALLOC_FREE(sampass); - if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status))); goto done; @@ -507,6 +506,11 @@ NTSTATUS check_sam_security(const DATA_BLOB *challenge, (*server_info)->nss_token |= user_info->was_mapped; done: + /* + * Always flush the getpwsid cache or this will grow indefinetly for + * each NTLM auththentication. + */ + memcache_flush(NULL, PDB_GETPWSID_CACHE); TALLOC_FREE(sampass); data_blob_free(&user_sess_key); data_blob_free(&lm_sess_key); -- 2.34.1