Bug 11195 - Socket leak after calling smbc_free_context() when connected to a DFS target
Summary: Socket leak after calling smbc_free_context() when connected to a DFS target
Status: RESOLVED DUPLICATE of bug 11624
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: libsmbclient (show other bugs)
Version: unspecified
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Jeremy Allison
QA Contact: Samba QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-05 10:12 UTC by Chris
Modified: 2015-12-16 19:16 UTC (History)
1 user (show)

See Also:

Attachments
Makes use of code from cli_shutdown to ensure that all sockets are closed when calling smbc_free_context for a DFS connection. Note that this patch is merely a demonstration. (4.11 KB, patch)
2015-04-13 13:26 UTC, Chris 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris 2015-04-05 10:12:47 UTC 
When connecting to a DFS target libsmbclient leaves four sockets open even after calling smbc_free_context(). Running...

lsof | grep microsoft

...shows four connections labelled "microsoft-ds (ESTABLISHED)" to the target server.

The connections only close once the parent process is terminated. This is not an issue in small, short run binaries but with longer running processes such as php-libsmbclient these connections can keep increasing and in extreme cases crash the server.

This does not occur with non-DFS connections. In these cases the connections are all closed when calling smbc_free_context().
Comment 1 Chris 2015-04-13 13:26:38 UTC 
Created attachment 10946 [details]
Makes use of code from cli_shutdown to ensure that all sockets are closed when calling smbc_free_context for a DFS connection. Note that this patch is merely a demonstration.

The problem seems to be with the cli_shutdown function in clientgen.c. I've added in debug statements to both cli_shutdown and _cli_shutdown but they never display - in fact the function doesn't seem to execute at all. In the attached "patch" (I use the term loosely) I've taken the code from both cli_shutdown and _cli_shutdown and dropped it into smbc_free_context. With the patch applied there are no more leaking sockets.

I'll keep investigating.

Notes:-

In libsmb_context I've had to comment out:-

if (smbc_getFunctionPurgeCachedServers(context)(context)) {

...to get things to work. I assume that this is because SMBC_remove_unused_server also makes use of the cli_shutdown function.

From cli_shutdown in clientgen.c I've had to comment out:-

if (cli_head == s->cli)

...since this doesn't ever seem to be true even when using DFS.

From cli_shutdown in clientgen.c I've had to change:-

for (p = cli_head->next; p; p = next) {

...to...

for (p = cli_head; p; p = next) {

...otherwise two sockets would remain open.

(All of the above is shown in the attachment.)
Comment 2 Jeremy Allison 2015-04-13 23:58:14 UTC 
How are you calling smbc_free_context() ? What is the value you are passing into int shutdown_ctx ?
Comment 3 Chris 2015-04-14 07:42:18 UTC 
Sorry, should have added that previously. To get this working I'm passing 1 since that's the condition to get cli_shutdown() called from inside smbc_free_context().
Comment 4 Jeremy Allison 2015-12-15 05:02:16 UTC 
Can you post me a simple libsmbclient program I can use to reproduce this ? That would help a lot in tracking this down.
Comment 5 Jeremy Allison 2015-12-16 19:16:06 UTC 
Pretty sure this is a duplicate of:

https://bugzilla.samba.org/show_bug.cgi?id=11624

I just posted a fix to that bug report. Can you test it and let me know if it fixes the problem ?

Jeremy.

*** This bug has been marked as a duplicate of bug 11624 ***