Bug 11149 - libwbclient uses global variables and is not thread safe
Summary: libwbclient uses global variables and is not thread safe
Status: RESOLVED FIXED
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.2.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Karolin Seeger
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-03-10 23:37 UTC by Matthew Newton
Modified: 2015-04-09 19:19 UTC (History)
3 users (show)

See Also:


Attachments
git-am backport from master. (144.43 KB, patch)
2015-03-11 18:11 UTC, Jeremy Allison
vl: review+
Details
always initialise winbind context correctly (948 bytes, patch)
2015-03-17 01:15 UTC, Matthew Newton
vl: review+
jra: review+
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Newton 2015-03-10 23:37:36 UTC
Summary
-------

Applications making use of the libwbclient library for, e.g. authentication or password changes, may be threaded. libwbclient is not currently thread-safe, so data is corrupted spectacularly when multiple threads try to authenticate at the same time, often crashing the calling application.


Present use case / background
-----------------------------

A common installation for wireless networks is to use a combination of FreeRADIUS and Samba for MSCHAP authentication. The standard for many years has been to  call ntlm_auth to authenticate users and this configuration is used at a large number of sites.

In recent months, several universities in particular have noticed that authentications top out at around 30-40 per second, which is becoming limiting due to the large wireless device uptake. In trying to improve the efficiency of the authentication code I have been calling wbcAuthenticateUserEx directly - using the wbclient library seems far cleaner and is also slightly faster than using the helper mode of ntlm_auth which was the other method available.

However, as FreeRADIUS is threaded, this does not work without solving the libwbclient thread-safe problem. Putting a mutex around the calling code will stop the crashes, but then does not give the required performance increase.


Patches
-------

The following patches kindly accepted into master recently will apply cleanly to 4.2, and add additional functions to libwbclient that enable context to be passed, eliminating the global variables which were the cause of the problem:

* c6cb2d6 Update libwbclient version to 0.12
* 2664d90 Move wbc global variables into global context instead
* 063c56d Add context versions of wbclient functions
* 348f93f Add wbcContext to wbcRequestResponse
* bc75e72 Add wbcContext struct, create and free functions
* 83cfb84 Use global context for winbindd_request_response
* 60c7571 Make winbind client library thread-safe by adding context

There is no change to the existing API (only new functions are added).

The following patch also helps by stopping extra_data from being non-NULL and then erroneously free()'d. This can easily happen when multiple threads are calling the same function (though this is technically only an issue because libwbclient is not thread-safe at present, so should not be being used in that way).

* 764cfda Make sure response->extra_data.data is always cleared out


Sites with issues
-----------------

I do not believe that this issue currently affects anything inside Samba, and it looks quite likely that I may be the first to use the library from outside Samba. Therefore, from the project perspective, this may be a minor issue, though it would be really useful for the library to be thread safe for a growing number of sites with authentication problems. See, for example

http://lists.freeradius.org/pipermail/freeradius-users/2013-October/068580.html
http://lists.freeradius.org/pipermail/freeradius-users/2015-January/075435.html
http://lists.freeradius.org/pipermail/freeradius-users/2014-September/073929.html
http://lists.freeradius.org/pipermail/freeradius-users/2014-October/074517.html
http://lists.freeradius.org/pipermail/freeradius-devel/2015-February/010570.html
http://lists.freeradius.org/pipermail/freeradius-users/2014-December/075027.html

Thanks for taking the time to consider this!

Matthew
Comment 1 Jeremy Allison 2015-03-11 18:11:55 UTC
Created attachment 10862 [details]
git-am backport from master.
Comment 2 Jeremy Allison 2015-03-12 13:09:22 UTC
Re-assigning to Karolin for inclusion in 4.2.next.
Comment 3 Karolin Seeger 2015-03-15 21:14:21 UTC
Pushed to autobuild-v4-2-test.
Comment 4 Matthew Newton 2015-03-17 01:15:24 UTC
Created attachment 10875 [details]
always initialise winbind context correctly

Small fix-up that I missed in the first set of patches. This won't affect internal Samba code which always has NULL context at present, but when called with non-null context the wb_ctx pointer doesn't get initialised correctly.
Comment 5 Jeremy Allison 2015-03-17 16:53:44 UTC
Comment on attachment 10875 [details]
always initialise winbind context correctly

LGTM.
Comment 6 Jeremy Allison 2015-03-17 16:54:06 UTC
Karolin, please push the additional patch to 4.2.next.

Thanks !

Jeremy.
Comment 7 Karolin Seeger 2015-03-27 20:11:20 UTC
(In reply to Jeremy Allison from comment #6)
Pushed additional patch to autobuild-v4-2-test.
Comment 8 Karolin Seeger 2015-04-09 19:19:28 UTC
(In reply to Karolin Seeger from comment #7)
Pushed to v4-2-test.
Closing out bug report.

Thanks!