Debian Bug report logs - #606350
Possible file descriptor leak in pam_winbind

version graph

Package: winbind; Maintainer for winbind is Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>; Source for winbind is src:samba.

Reported by: dteed <donald.teed@gmail.com>

Date: Wed, 8 Dec 2010 16:27:02 UTC

Severity: important

Tags: fixed-upstream, patch

Merged with 574468

Fixed in versions samba/2:3.5.6~dfsg-4, samba/2:3.5.6~dfsg-3squeeze1, samba/2:3.5.6~dfsg-3squeeze2

Done: Christian Perrier <bubulle@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://bugzilla.samba.org/show_bug.cgi?id=7265, merged-upstream: https://bugzilla.samba.org/show_bug.cgi?id=7684

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Wed, 08 Dec 2010 16:27:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to dteed <donald.teed@gmail.com>:
New Bug report received and forwarded. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Wed, 08 Dec 2010 16:27:05 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: dteed <donald.teed@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 08 Dec 2010 09:20:13 -0400
Package: sasl2-bin
Version: 2.1.23.dfsg1-6
Severity: critical
Justification: breaks unrelated software


Using saslauthd in support of secure SMTP with postfix.
saslauthd is configured to use pam.

/etc/pam.d/smtp looks like this:

account     required    pam_permit.so
auth        sufficient    pam_winbind.so debug
auth        required      pam_deny.so

This is working fine - users can authenticate against Active Directory
when sending email over secure ports 465 and 587 on Postfix.

Once every two weeks or so, saslauthd requires a restart to fix
a failure to authenticate.  Nothing else needs to be touched
to remedy the failure.

When the failure appears, this is observed in the auth.log:

Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: Too many open files Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_winbind.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot open shared object file: Too many open files
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_deny.so
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-auth
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error loading (null)
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: error reading /etc/pam.d/other
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: [Critical error - immediate abort]
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error reading PAM configuration file
Dec 5 15:45:22 myhostname saslauthd[32586]: PAM pam_start: failed to initialize handlers
Dec 5 15:45:22 myhostname saslauthd[32586]: DEBUG: auth_pam: pam_start failed: Critical error - immediate abort
Dec 5 15:45:22 myhostname saslauthd[32586]: do_auth : auth failure: [user=dteed] [service=smtp] [realm=] [mech=pam] [reason=PAM start error]
Dec 5 15:45:32 myhostname saslauthd[32586]: server_exit : master exited: 32586
Dec 5 15:45:32 myhostname saslauthd[1696]: detach_tty : master pid is: 1696
Dec 5 15:45:32 myhostname saslauthd[1696]: ipc_init : listening on socket: /var/run/saslauthd/mux


saslauthd was used on a Redhat Enterprise 5.5 system in an identical configuration prior to this
without a problem.  The package on Redhat is cyrus-sasl-2.1.22-5.el5_4.3


-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sasl2-bin depends on:
ii  db4.8-util                4.8.30-2       Berkeley v4.8 Database Utilities
ii  debconf [debconf-2.0]     1.5.36         Debian configuration management sy
ii  libc6                     2.11.2-7       Embedded GNU C Library: Shared lib
ii  libcomerr2                1.41.12-2      common error description library
ii  libdb4.8                  4.8.30-2       Berkeley v4.8 Database Libraries [
ii  libgssapi-krb5-2          1.8.3+dfsg-2   MIT Kerberos runtime libraries - k
ii  libk5crypto3              1.8.3+dfsg-2   MIT Kerberos runtime libraries - C
ii  libkrb5-3                 1.8.3+dfsg-2   MIT Kerberos runtime libraries
ii  libkrb5support0           1.8.3+dfsg-2   MIT Kerberos runtime libraries - S
ii  libldap-2.4-2             2.4.23-7       OpenLDAP libraries
ii  libpam0g                  1.1.1-6.1      Pluggable Authentication Modules l
ii  libsasl2-2                2.1.23.dfsg1-6 Cyrus SASL - authentication abstra
ii  libssl0.9.8               0.9.8o-3       SSL shared libraries
ii  lsb-base                  3.2-23.1       Linux Standard Base 3.2 init scrip

sasl2-bin recommends no packages.

sasl2-bin suggests no packages.

-- Configuration Files:
/etc/default/saslauthd changed:
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="pam"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-c -m /var/run/saslauthd"


-- debconf information:
  cyrus-sasl2/upgrade-sasldb2-failed:
  cyrus-sasl2/backup-sasldb2: /var/backups/sasldb2.bak
  cyrus-sasl2/upgrade-sasldb2-backup-failed:
  cyrus-sasl2/purge-sasldb2: false




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Wed, 08 Dec 2010 17:54:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dan White <dwhite@olp.net>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Wed, 08 Dec 2010 17:54:04 GMT) Full text and rfc822 format available.

Message #10 received at 606350@bugs.debian.org (full text, mbox):

From: Dan White <dwhite@olp.net>
To: dteed <donald.teed@gmail.com>, 606350@bugs.debian.org
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 8 Dec 2010 11:26:07 -0600
On 08/12/10 09:20 -0400, dteed wrote:
>This is working fine - users can authenticate against Active Directory
>when sending email over secure ports 465 and 587 on Postfix.
>
>Once every two weeks or so, saslauthd requires a restart to fix
>a failure to authenticate.  Nothing else needs to be touched
>to remedy the failure.
>
>When the failure appears, this is observed in the auth.log:
>
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_winbind.so): /lib/security/pam_winbind.so: cannot open shared object file: Too many open files Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_winbind.so
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM unable to dlopen(/lib/security/pam_deny.so): /lib/security/pam_deny.so: cannot open shared object file: Too many open files
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM adding faulty module: /lib/security/pam_deny.so
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_load_conf_file: unable to open /etc/pam.d/common-auth
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error loading (null)
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: error reading /etc/pam.d/other
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM _pam_init_handlers: [Critical error - immediate abort]
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM error reading PAM configuration file
>Dec 5 15:45:22 myhostname saslauthd[32586]: PAM pam_start: failed to initialize handlers
>Dec 5 15:45:22 myhostname saslauthd[32586]: DEBUG: auth_pam: pam_start failed: Critical error - immediate abort
>Dec 5 15:45:22 myhostname saslauthd[32586]: do_auth : auth failure: [user=dteed] [service=smtp] [realm=] [mech=pam] [reason=PAM start error]
>Dec 5 15:45:32 myhostname saslauthd[32586]: server_exit : master exited: 32586
>Dec 5 15:45:32 myhostname saslauthd[1696]: detach_tty : master pid is: 1696
>Dec 5 15:45:32 myhostname saslauthd[1696]: ipc_init : listening on socket: /var/run/saslauthd/mux

I'd guess that would be caused by a file descriptor leak, either in
saslauthd itself or in one of your PAM modules.

Can you monitor /proc/<saslauthdpids>/fd/ to see if you can find out what
type of file descriptors are being left open?

-- 
Dan White




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Wed, 08 Dec 2010 20:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Dan White <dwhite@olp.net>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Wed, 08 Dec 2010 20:27:03 GMT) Full text and rfc822 format available.

Message #15 received at 606350@bugs.debian.org (full text, mbox):

From: Dan White <dwhite@olp.net>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 8 Dec 2010 14:23:15 -0600
On 08/12/10 15:33 -0400, D G Teed wrote:
>Here is what one of the directories looked like:
>
>ls -l 15950/fd
>
>total 0
>lrwx------ 1 root root 64 Dec  8 13:52 0 -> /dev/null
>lrwx------ 1 root root 64 Dec  8 13:52 1 -> /dev/null
>lrwx------ 1 root root 64 Dec  7 15:47 10 -> socket:[38109596]
>lrwx------ 1 root root 64 Dec  7 15:47 11 -> socket:[38112677]
>lrwx------ 1 root root 64 Dec  8 13:52 12 -> socket:[38129166]
>lrwx------ 1 root root 64 Dec  8 13:52 13 -> socket:[38177341]
>lrwx------ 1 root root 64 Dec  8 13:52 14 -> socket:[38198508]
>lrwx------ 1 root root 64 Dec  8 13:52 15 -> socket:[38256709]
>lrwx------ 1 root root 64 Dec  8 13:52 16 -> socket:[38307912]
>lrwx------ 1 root root 64 Dec  8 13:52 17 -> socket:[38351349]
>lrwx------ 1 root root 64 Dec  8 13:52 18 -> socket:[38378460]

Try doing a 'netstat -e' and see if you can match some of those sockets up
with a connection, and see if you can determine what it's being used for,
and what connection state it's in.

I'm hoping you can tie the down to a particular type of connection, say,
your pam_winbind attempts. If that's the case, then the problem might be
due to a bug in that specific pam module, or could be due to a bug in the
way saslauthd uses pam.

-- 
Dan White




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Wed, 08 Dec 2010 20:42:05 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Wed, 08 Dec 2010 20:42:05 GMT) Full text and rfc822 format available.

Message #20 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Dan White <dwhite@olp.net>
Cc: 606350@bugs.debian.org
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 8 Dec 2010 16:39:26 -0400
[Message part 1 (text/plain, inline)]
On Wed, Dec 8, 2010 at 4:23 PM, Dan White <dwhite@olp.net> wrote:

> On 08/12/10 15:33 -0400, D G Teed wrote:
>
>> Here is what one of the directories looked like:
>>
>> ls -l 15950/fd
>>
>> total 0
>> lrwx------ 1 root root 64 Dec  8 13:52 0 -> /dev/null
>> lrwx------ 1 root root 64 Dec  8 13:52 1 -> /dev/null
>> lrwx------ 1 root root 64 Dec  7 15:47 10 -> socket:[38109596]
>> lrwx------ 1 root root 64 Dec  7 15:47 11 -> socket:[38112677]
>> lrwx------ 1 root root 64 Dec  8 13:52 12 -> socket:[38129166]
>> lrwx------ 1 root root 64 Dec  8 13:52 13 -> socket:[38177341]
>> lrwx------ 1 root root 64 Dec  8 13:52 14 -> socket:[38198508]
>> lrwx------ 1 root root 64 Dec  8 13:52 15 -> socket:[38256709]
>> lrwx------ 1 root root 64 Dec  8 13:52 16 -> socket:[38307912]
>> lrwx------ 1 root root 64 Dec  8 13:52 17 -> socket:[38351349]
>> lrwx------ 1 root root 64 Dec  8 13:52 18 -> socket:[38378460]
>>
>
> Try doing a 'netstat -e' and see if you can match some of those sockets up
> with a connection, and see if you can determine what it's being used for,
> and what connection state it's in.
>
> I'm hoping you can tie the down to a particular type of connection, say,
> your pam_winbind attempts. If that's the case, then the problem might be
> due to a bug in that specific pam module, or could be due to a bug in the
> way saslauthd uses pam.
>

OK...

I've checked one process and here is what the matches look like:

/proc/15951/fd# for socket in `ls -l | cut -d' ' -f12 | sed 's/socket:\[// ;
s/\]//'`
> do
> netstat -e | grep $socket
> done
unix  2      [ ]         STREAM     CONNECTED     38129397
unix  3      [ ]         STREAM     CONNECTED     40572411
unix  3      [ ]         STREAM     CONNECTED     40583464
unix  3      [ ]         STREAM     CONNECTED     40602800
unix  3      [ ]         STREAM     CONNECTED     40649673
unix  3      [ ]         STREAM     CONNECTED     40667667
unix  2      [ ]         STREAM     CONNECTED     38134508
unix  2      [ ]         STREAM     CONNECTED     38137874
unix  2      [ ]         STREAM     CONNECTED     38144166
unix  2      [ ]         STREAM     CONNECTED     38145796
unix  2      [ ]         STREAM     CONNECTED     38164643
unix  2      [ ]         STREAM     CONNECTED     38182983
unix  2      [ ]         STREAM     CONNECTED     38198634
unix  2      [ ]         STREAM     CONNECTED     38212091
unix  2      [ ]         STREAM     CONNECTED     38284314
unix  2      [ ]         STREAM     CONNECTED     38310069
unix  2      [ ]         STREAM     CONNECTED     38337364
unix  2      [ ]         STREAM     CONNECTED     38378155
unix  2      [ ]         STREAM     CONNECTED     38401805
unix  2      [ ]         STREAM     CONNECTED     38411640
unix  2      [ ]         STREAM     CONNECTED     38427190
unix  2      [ ]         STREAM     CONNECTED     38437192
unix  2      [ ]         STREAM     CONNECTED     38494440
unix  2      [ ]         STREAM     CONNECTED     38522319
unix  2      [ ]         STREAM     CONNECTED     38548115
unix  2      [ ]         DGRAM                    38091087
unix  2      [ ]         STREAM     CONNECTED     38554551
unix  2      [ ]         STREAM     CONNECTED     38561940
unix  2      [ ]         STREAM     CONNECTED     38581911
unix  2      [ ]         STREAM     CONNECTED     38596779
unix  2      [ ]         STREAM     CONNECTED     38618951
unix  2      [ ]         STREAM     CONNECTED     38751702
unix  2      [ ]         STREAM     CONNECTED     38790002
unix  2      [ ]         STREAM     CONNECTED     38796236
unix  2      [ ]         STREAM     CONNECTED     38840751
unix  2      [ ]         STREAM     CONNECTED     38867792
unix  2      [ ]         STREAM     CONNECTED     38892274
unix  2      [ ]         STREAM     CONNECTED     38934651
unix  2      [ ]         STREAM     CONNECTED     38951610
unix  2      [ ]         STREAM     CONNECTED     38978113
unix  2      [ ]         STREAM     CONNECTED     38994165
unix  2      [ ]         STREAM     CONNECTED     39011149
unix  2      [ ]         STREAM     CONNECTED     39018267
unix  2      [ ]         STREAM     CONNECTED     39028043
unix  2      [ ]         STREAM     CONNECTED     39031157
unix  2      [ ]         STREAM     CONNECTED     39075371
unix  2      [ ]         STREAM     CONNECTED     39135341
unix  2      [ ]         STREAM     CONNECTED     39386630
unix  2      [ ]         STREAM     CONNECTED     39513199
unix  2      [ ]         STREAM     CONNECTED     39530596
unix  2      [ ]         STREAM     CONNECTED     39543718
unix  2      [ ]         STREAM     CONNECTED     39550671
unix  2      [ ]         STREAM     CONNECTED     39597986
unix  2      [ ]         STREAM     CONNECTED     39691351
unix  2      [ ]         STREAM     CONNECTED     39693413
unix  2      [ ]         STREAM     CONNECTED     39715649
unix  2      [ ]         STREAM     CONNECTED     39721749
unix  2      [ ]         STREAM     CONNECTED     39763508
unix  2      [ ]         STREAM     CONNECTED     39796730
unix  3      [ ]         STREAM     CONNECTED     39858211
unix  3      [ ]         STREAM     CONNECTED     39890377
unix  3      [ ]         STREAM     CONNECTED     39895914
unix  3      [ ]         STREAM     CONNECTED     39923296
unix  3      [ ]         STREAM     CONNECTED     39976002
unix  3      [ ]         STREAM     CONNECTED     39991611
unix  3      [ ]         STREAM     CONNECTED     40002931
unix  3      [ ]         STREAM     CONNECTED     40075158
unix  3      [ ]         STREAM     CONNECTED     40111837
unix  3      [ ]         STREAM     CONNECTED     40128040
unix  3      [ ]         STREAM     CONNECTED     40130041
unix  3      [ ]         STREAM     CONNECTED     40137946
unix  3      [ ]         STREAM     CONNECTED     40139446
unix  3      [ ]         STREAM     CONNECTED     40158597
unix  3      [ ]         STREAM     CONNECTED     40166365
unix  3      [ ]         STREAM     CONNECTED     40187017
unix  3      [ ]         STREAM     CONNECTED     40198012
unix  3      [ ]         STREAM     CONNECTED     40211699
unix  3      [ ]         STREAM     CONNECTED     40220735
unix  3      [ ]         STREAM     CONNECTED     40233742
unix  3      [ ]         STREAM     CONNECTED     40248500
unix  3      [ ]         STREAM     CONNECTED     40260919
unix  3      [ ]         STREAM     CONNECTED     40271543
unix  3      [ ]         STREAM     CONNECTED     40287296
unix  3      [ ]         STREAM     CONNECTED     40342695
unix  3      [ ]         STREAM     CONNECTED     40346798
unix  3      [ ]         STREAM     CONNECTED     40352869
unix  3      [ ]         STREAM     CONNECTED     40370449
unix  3      [ ]         STREAM     CONNECTED     40381003
unix  3      [ ]         STREAM     CONNECTED     40393520
unix  3      [ ]         STREAM     CONNECTED     40407420
unix  3      [ ]         STREAM     CONNECTED     40448726
unix  3      [ ]         STREAM     CONNECTED     40453216
unix  3      [ ]         STREAM     CONNECTED     40509251
unix  3      [ ]         STREAM     CONNECTED     40527597
unix  3      [ ]         STREAM     CONNECTED     40539324
unix  3      [ ]         STREAM     CONNECTED     40553666


I also count 200 connections like this:

unix  3      [ ]         STREAM     CONNECTED     39854981
/var/run/samba/winbindd_privileged/pipe

Most users are simply using port 25 and would not be authenticating,
so I know these numbers cannot be current connections.

Regards,

--Donald
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Wed, 08 Dec 2010 21:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Wed, 08 Dec 2010 21:57:03 GMT) Full text and rfc822 format available.

Message #25 received at 606350@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Dan White <dwhite@olp.net>
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 08 Dec 2010 13:53:20 -0800
D G Teed <donald.teed@gmail.com> writes:

> I also count 200 connections like this:

> unix  3      [ ]         STREAM     CONNECTED     39854981
> /var/run/samba/winbindd_privileged/pipe

> Most users are simply using port 25 and would not be authenticating,
> so I know these numbers cannot be current connections.

Looks like a file descriptor leak in pam_winbind.  I think saslauthd isn't
at fault here.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Thu, 09 Dec 2010 01:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Thu, 09 Dec 2010 01:45:03 GMT) Full text and rfc822 format available.

Message #30 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Russ Allbery <rra@debian.org>
Cc: 606350@bugs.debian.org, Dan White <dwhite@olp.net>
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 8 Dec 2010 21:42:03 -0400
[Message part 1 (text/plain, inline)]
On Wed, Dec 8, 2010 at 5:53 PM, Russ Allbery <rra@debian.org> wrote:

> D G Teed <donald.teed@gmail.com> writes:
>
> > I also count 200 connections like this:
>
> > unix  3      [ ]         STREAM     CONNECTED     39854981
> > /var/run/samba/winbindd_privileged/pipe
>
> > Most users are simply using port 25 and would not be authenticating,
> > so I know these numbers cannot be current connections.
>
> Looks like a file descriptor leak in pam_winbind.  I think saslauthd isn't
> at fault here.
>
>
Is there a way the bug report can shuffle along to becoming a winbind
bug report, or should I re-report it, referring to this bug report?

--Donald
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>:
Bug#606350; Package sasl2-bin. (Thu, 09 Dec 2010 02:09:10 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russ Allbery <rra@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Cyrus SASL Team <pkg-cyrus-sasl2-debian-devel@lists.alioth.debian.org>. (Thu, 09 Dec 2010 02:09:10 GMT) Full text and rfc822 format available.

Message #35 received at 606350@bugs.debian.org (full text, mbox):

From: Russ Allbery <rra@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Dan White <dwhite@olp.net>
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 08 Dec 2010 18:02:49 -0800
severity 606350 important
reassign 606350 winbind
retitle 606350 Possible file descriptor leak in pam_winbind
thanks

D G Teed <donald.teed@gmail.com> writes:
> On Wed, Dec 8, 2010 at 5:53 PM, Russ Allbery <rra@debian.org> wrote:
>> D G Teed <donald.teed@gmail.com> writes:

>>> I also count 200 connections like this:

>>> unix  3      [ ]         STREAM     CONNECTED     39854981
>>> /var/run/samba/winbindd_privileged/pipe

>>> Most users are simply using port 25 and would not be authenticating,
>>> so I know these numbers cannot be current connections.

>> Looks like a file descriptor leak in pam_winbind.  I think saslauthd
>> isn't at fault here.

> Is there a way the bug report can shuffle along to becoming a winbind
> bug report, or should I re-report it, referring to this bug report?

I'll reassign it.  I wanted to see if anyone disagreed with me first.  :)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>




Severity set to 'important' from 'critical' Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Thu, 09 Dec 2010 02:09:11 GMT) Full text and rfc822 format available.

Bug reassigned from package 'sasl2-bin' to 'winbind'. Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Thu, 09 Dec 2010 02:09:12 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions cyrus-sasl2/2.1.23.dfsg1-6. Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Thu, 09 Dec 2010 02:09:12 GMT) Full text and rfc822 format available.

Changed Bug title to 'Possible file descriptor leak in pam_winbind' from 'sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart' Request was from Russ Allbery <rra@debian.org> to control@bugs.debian.org. (Thu, 09 Dec 2010 02:09:13 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Thu, 09 Dec 2010 04:24:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Thu, 09 Dec 2010 04:24:03 GMT) Full text and rfc822 format available.

Message #48 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Russ Allbery <rra@debian.org>
Cc: 606350@bugs.debian.org, Dan White <dwhite@olp.net>
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Thu, 9 Dec 2010 00:20:02 -0400
[Message part 1 (text/plain, inline)]
On Wed, Dec 8, 2010 at 10:02 PM, Russ Allbery <rra@debian.org> wrote:

>
>
> I'll reassign it.  I wanted to see if anyone disagreed with me first.  :)
>
> --
> Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/<http://www.eyrie.org/%7Eeagle/>
> >
>

This might be the same as the samba bug reported upstream against Debian 5:
https://bugzilla.samba.org/show_bug.cgi?id=7265<%20https://bugzilla.samba.org/show_bug.cgi?id=7265>

That is showing a bug against samba 3.4, however it is
status NEW, from March this year.  A patch is mentioned.
I don't see why there would be a delay to release it.

This bug would effect apache, cyrus email, and many SMTP
services using authentication, so I'd think it should be a priority to fix.

--Donald
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Thu, 09 Dec 2010 08:33:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Thu, 09 Dec 2010 08:33:03 GMT) Full text and rfc822 format available.

Message #53 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>, 606350@bugs.debian.org
Cc: Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Thu, 9 Dec 2010 09:31:55 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):

> This might be the same as the samba bug reported upstream against Debian 5:
> https://bugzilla.samba.org/show_bug.cgi?id=7265<%20https://bugzilla.samba.org/show_bug.cgi?id=7265>
> 
> That is showing a bug against samba 3.4, however it is
> status NEW, from March this year.  A patch is mentioned.
> I don't see why there would be a delay to release it.

Maybe lack of testing? :-)


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Thu, 09 Dec 2010 13:51:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Thu, 09 Dec 2010 13:51:03 GMT) Full text and rfc822 format available.

Message #58 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Russ Allbery <rra@debian.org>
Cc: 606350@bugs.debian.org, Dan White <dwhite@olp.net>
Subject: Re: Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Thu, 9 Dec 2010 09:47:41 -0400
[Message part 1 (text/plain, inline)]
On Wed, Dec 8, 2010 at 5:53 PM, Russ Allbery <rra@debian.org> wrote:

>
> Looks like a file descriptor leak in pam_winbind.  I think saslauthd isn't
> at fault here.
>
>
I did a test today...  I noticed the number of fds had grown overnight by
20 to 40 per process.   I did a restart of winbind and looked at the fds
under
the saslauthd processes.  It didn't change.

Both winbind and saslauthd must be restarted as the workaround.
Restarting winbind closes only the streams reported as
/var/run/samba/winbindd_privileged/pipe .

Developers would likely expect this, but I mention it here in case it might
help others caught by the issue.
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Thu, 09 Dec 2010 21:03:09 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Thu, 09 Dec 2010 21:03:09 GMT) Full text and rfc822 format available.

Message #63 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>, 606350@bugs.debian.org
Cc: Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Thu, 9 Dec 2010 22:00:17 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> On Wed, Dec 8, 2010 at 5:53 PM, Russ Allbery <rra@debian.org> wrote:
> 
> >
> > Looks like a file descriptor leak in pam_winbind.  I think saslauthd isn't
> > at fault here.
> >
> >
> I did a test today...  I noticed the number of fds had grown overnight by
> 20 to 40 per process.   I did a restart of winbind and looked at the fds
> under
> the saslauthd processes.  It didn't change.
> 
> Both winbind and saslauthd must be restarted as the workaround.
> Restarting winbind closes only the streams reported as
> /var/run/samba/winbindd_privileged/pipe .
> 
> Developers would likely expect this, but I mention it here in case it might
> help others caught by the issue.

Hello,

On http://people.debian.org/~bubulle/samba-test/, you'll soon find
packages which you may want to try. I just applied the patch from
Samba's Bugzilla and recompiled these package. 

They're currently being uploaded and should be ready to download in
about 10 minutes or so.

If they fix this file descriptors leak problem, please report.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Fri, 10 Dec 2010 13:45:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Fri, 10 Dec 2010 13:45:03 GMT) Full text and rfc822 format available.

Message #68 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Christian PERRIER <bubulle@debian.org>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Fri, 10 Dec 2010 09:43:43 -0400
[Message part 1 (text/plain, inline)]
On Thu, Dec 9, 2010 at 5:00 PM, Christian PERRIER <bubulle@debian.org>wrote:

>
> Hello,
>
> On http://people.debian.org/~bubulle/samba-test/<http://people.debian.org/%7Ebubulle/samba-test/>,
> you'll soon find
> packages which you may want to try. I just applied the patch from
> Samba's Bugzilla and recompiled these package.
>
> They're currently being uploaded and should be ready to download in
> about 10 minutes or so.
>
> If they fix this file descriptors leak problem, please report.
>
>
Hello,

This is awesome.  I'd like to test this.  Can we get the
packages built for amd64 where it is required?
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Fri, 10 Dec 2010 14:51:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian Perrier <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Fri, 10 Dec 2010 14:51:06 GMT) Full text and rfc822 format available.

Message #73 received at 606350@bugs.debian.org (full text, mbox):

From: Christian Perrier <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Fri, 10 Dec 2010 15:28:51 +0100
D G Teed a écrit :
> 
> On Thu, Dec 9, 2010 at 5:00 PM, Christian PERRIER <bubulle@debian.org 
> <mailto:bubulle@debian.org>> wrote:
> 
> 
>     Hello,
> 
>     On http://people.debian.org/~bubulle/samba-test/
>     <http://people.debian.org/%7Ebubulle/samba-test/>, you'll soon find
>     packages which you may want to try. I just applied the patch from
>     Samba's Bugzilla and recompiled these package.
> 
>     They're currently being uploaded and should be ready to download in
>     about 10 minutes or so.
> 
>     If they fix this file descriptors leak problem, please report.
> 
> 
> Hello,
> 
> This is awesome.  I'd like to test this.  Can we get the
> packages built for amd64 where it is required?
> 
> 
 Arg. my usual build machine is i386.... Building for amd64 might take 
more time to be done (unless asomeone wants to rebuild: IIRC, I uploaded 
the source and diffs




Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Sat, 18 Dec 2010 15:54:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Sat, 18 Dec 2010 15:54:03 GMT) Full text and rfc822 format available.

Message #78 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Sat, 18 Dec 2010 16:52:04 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> On Thu, Dec 9, 2010 at 5:00 PM, Christian PERRIER <bubulle@debian.org>wrote:
> 
> >
> > Hello,
> >
> > On http://people.debian.org/~bubulle/samba-test/<http://people.debian.org/%7Ebubulle/samba-test/>,
> > you'll soon find
> > packages which you may want to try. I just applied the patch from
> > Samba's Bugzilla and recompiled these package.
> >
> > They're currently being uploaded and should be ready to download in
> > about 10 minutes or so.
> >
> > If they fix this file descriptors leak problem, please report.
> >
> >
> Hello,
> 
> This is awesome.  I'd like to test this.  Can we get the
> packages built for amd64 where it is required?

Finally, I made it to build some packages. Could you please test
http://people.debian.org/~bubulle/samba-test/?



-- 


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Wed, 22 Dec 2010 07:48:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Wed, 22 Dec 2010 07:48:03 GMT) Full text and rfc822 format available.

Message #83 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Wed, 22 Dec 2010 07:05:50 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> On Thu, Dec 9, 2010 at 5:00 PM, Christian PERRIER <bubulle@debian.org>wrote:
> 
> >
> > Hello,
> >
> > On http://people.debian.org/~bubulle/samba-test/<http://people.debian.org/%7Ebubulle/samba-test/>,
> > you'll soon find
> > packages which you may want to try. I just applied the patch from
> > Samba's Bugzilla and recompiled these package.
> >
> > They're currently being uploaded and should be ready to download in
> > about 10 minutes or so.
> >
> > If they fix this file descriptors leak problem, please report.
> >
> >
> Hello,
> 
> This is awesome.  I'd like to test this.  Can we get the
> packages built for amd64 where it is required?


Did you have any chance to test the amd64 packages I poointed you to?

This fix is a good candidate for squeeze but I would like to have
success reports before requesting a freeze exception to the release team.

-- 


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Mon, 27 Dec 2010 20:39:06 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Mon, 27 Dec 2010 20:39:06 GMT) Full text and rfc822 format available.

Message #88 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Christian PERRIER <bubulle@debian.org>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Mon, 27 Dec 2010 16:36:20 -0400
[Message part 1 (text/plain, inline)]
On Wed, Dec 22, 2010 at 2:05 AM, Christian PERRIER <bubulle@debian.org>wrote:

>
>
> Did you have any chance to test the amd64 packages I poointed you to?
>
> This fix is a good candidate for squeeze but I would like to have
> success reports before requesting a freeze exception to the release team.
>

I've tested the test packages:

libwbclient0
samba-common
samba-common-bin
smbclient
winbind

They have worked well with saslauthd and there is no longer growth in the
file descriptors after a couple of days running.

Regards,

--Donald
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Sat, 01 Jan 2011 16:57:08 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Sat, 01 Jan 2011 16:57:08 GMT) Full text and rfc822 format available.

Message #93 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org, Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Sat, 1 Jan 2011 17:51:56 +0100
[Message part 1 (text/plain, inline)]
forcemerge 574468 606350
thanks

Quoting D G Teed (donald.teed@gmail.com):
> On Wed, Dec 22, 2010 at 2:05 AM, Christian PERRIER <bubulle@debian.org>wrote:
> 
> >
> >
> > Did you have any chance to test the amd64 packages I poointed you to?
> >
> > This fix is a good candidate for squeeze but I would like to have
> > success reports before requesting a freeze exception to the release team.
> >
> 
> I've tested the test packages:
> 
> libwbclient0
> samba-common
> samba-common-bin
> smbclient
> winbind
> 
> They have worked well with saslauthd and there is no longer growth in the
> file descriptors after a couple of days running.


OK, thanks for your tests and thanks to everybody for the great job
you did investigating this.

I just asked the release team approval to upload a fix for this bug,
meant for squeeze.

This bug is definitely #574468, hence merging both bugs.


[signature.asc (application/pgp-signature, inline)]

Forcibly Merged 574468 606350. Request was from Christian Perrier <bubulle@debian.org> to control@bugs.debian.org. (Sat, 01 Jan 2011 17:30:04 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Sun, 02 Jan 2011 06:27:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Sun, 02 Jan 2011 06:27:03 GMT) Full text and rfc822 format available.

Message #100 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>, 606350@bugs.debian.org
Cc: Russ Allbery <rra@debian.org>, Dan White <dwhite@olp.net>
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Sun, 2 Jan 2011 07:22:08 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> On Wed, Dec 8, 2010 at 10:02 PM, Russ Allbery <rra@debian.org> wrote:
> 
> >
> >
> > I'll reassign it.  I wanted to see if anyone disagreed with me first.  :)
> >
> > --
> > Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/<http://www.eyrie.org/%7Eeagle/>
> > >
> >
> 
> This might be the same as the samba bug reported upstream against Debian 5:
> https://bugzilla.samba.org/show_bug.cgi?id=7265<%20https://bugzilla.samba.org/show_bug.cgi?id=7265>
> 
> That is showing a bug against samba 3.4, however it is
> status NEW, from March this year.  A patch is mentioned.
> I don't see why there would be a delay to release it.
> 
> This bug would effect apache, cyrus email, and many SMTP
> services using authentication, so I'd think it should be a priority to fix.
> 
> --Donald



Coming back on this bug report again.

I had more discussion with samba upstream and they pointed me to
https://bugzilla.samba.org/show_bug.cgi?id=7684 which is a duplicate
of #7265.

From #7684, the bug is fixed in samba 3.5.6, which reached testing as
of Oct 21st  2010.

And, indeed, the patch I applied is useless and redundant.

So, Donald, your original report doesn't mention which version of
winbind was running on your system when you reported #606350 but I
somehow suspect it might have been a version lower than 3.5.6. Still,
your system is reported to be using testing so it should have been
3.5.6

Are you in position to test again with the genuine 3.5.6 version from
testing and not the packages I pointed you to? Alternatively, if you
confirm that, at the moment you reported this bug, the version fo
samba was lower than 3.5.6, then I will close it as fixed in 3.5.6




[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Mon, 03 Jan 2011 06:39:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Mon, 03 Jan 2011 06:39:05 GMT) Full text and rfc822 format available.

Message #105 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>, 606350@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Mon, 3 Jan 2011 07:37:22 +0100
[Message part 1 (text/plain, inline)]
Leaving your full answer so that it's logged to the bug report, too.

Quoting D G Teed (donald.teed@gmail.com):
> On Sun, Jan 2, 2011 at 2:22 AM, Christian PERRIER <bubulle@debian.org>wrote:
> 
> >
> > Coming back on this bug report again.
> >
> > I had more discussion with samba upstream and they pointed me to
> > https://bugzilla.samba.org/show_bug.cgi?id=7684 which is a duplicate
> > of #7265.
> >
> > From #7684, the bug is fixed in samba 3.5.6, which reached testing as
> > of Oct 21st  2010.
> >
> > And, indeed, the patch I applied is useless and redundant.
> >
> > So, Donald, your original report doesn't mention which version of
> > winbind was running on your system when you reported #606350 but I
> > somehow suspect it might have been a version lower than 3.5.6. Still,
> > your system is reported to be using testing so it should have been
> > 3.5.6
> >
> > Are you in position to test again with the genuine 3.5.6 version from
> > testing and not the packages I pointed you to? Alternatively, if you
> > confirm that, at the moment you reported this bug, the version fo
> > samba was lower than 3.5.6, then I will close it as fixed in 3.5.6
> >
> >
> The version I had installed from testing was current as of the time of the
> bug report.
> 
> According to the dpkg logs, I had winbind 3.5.6~dfsg-1 installed Oct 26th
> onward,
> until I installed the test packages manually from the
> http://people.debian.org/~bubulle/samba-test/
> location on Dec 22.
> 
> I do remember looking at the /lib/security/ directory prior to installing
> the ~bubulle
> test packages.  I noticed only pam_winbind.so file in /lib/security
> was older than Oct 21.  All other pam library files were dated Oct 21st.
> 
> I can use the index on our backup service as a sort of time machine to
> verify my
> memory of this.
> 
> I can set the time on the backup indexes, to view the file size and
> timestamp.
> In an "ls -l" report as of Dec 1, 2010, I see:
> 
> -rw-r--r-- root            60168 Oct 10 06:54 pam_winbind.so
> 
> All other files in the directory have a time stamp of Oct 21, 14:39
> winbind package was updated to 3.5.6~dfsg-1 according to dpkg logs on Oct
> 26th.
> 
> Right now, if I install winbind and friends from the squeeze repository, I
> get
> a pam_winbind.so dated Dec 7th.  This is from winbind 3.5.6~dfsg-3.
> 
> Perhaps there was a build problem with dfsg-1 and /lib/security/
> pam_winbind.so/
> which is not seen in dfsg-3?
> 
> --Donald

Eh, that's really strange, but thanks for the detailed investigation.

Could you check whether you still experience the bug with the
3.5.6~dfsg-3 packages? I suppose this is indeed what you're doing
right now...


-- 


[signature.asc (application/pgp-signature, inline)]

Changed Bug forwarded-to-address to 'https://bugzilla.samba.org/show_bug.cgi?id=7265, merged-upstream: https://bugzilla.samba.org/show_bug.cgi?id=7684' from 'https://bugzilla.samba.org/show_bug.cgi?id=7265' Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 03 Jan 2011 16:33:06 GMT) Full text and rfc822 format available.

Added tag(s) fixed-upstream. Request was from bts-link-upstream@lists.alioth.debian.org to control@bugs.debian.org. (Mon, 03 Jan 2011 16:33:07 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Tue, 04 Jan 2011 00:36:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Tue, 04 Jan 2011 00:36:03 GMT) Full text and rfc822 format available.

Message #114 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Christian PERRIER <bubulle@debian.org>
Cc: 606350@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Mon, 3 Jan 2011 20:33:28 -0400
[Message part 1 (text/plain, inline)]
On Mon, Jan 3, 2011 at 2:37 AM, Christian PERRIER <bubulle@debian.org>wrote:

>
> Eh, that's really strange, but thanks for the detailed investigation.
>
> Could you check whether you still experience the bug with the
> 3.5.6~dfsg-3 packages? I suppose this is indeed what you're doing
> right now...
>
>
I'm afraid the bug reappears with these packages:

samba-common                        2:3.5.6~dfsg-3
samba-common-bin                    2:3.5.6~dfsg-3~test1
libwbclient0                        2:3.5.6~dfsg-3
winbind                             2:3.5.6~dfsg-3

I am seeing a growth in fd links.  Also the pipes left open
are visible from running: netstat -e | grep winbind
It reports dozens of lines like:

unix  3      [ ]         STREAM     CONNECTED     72840600
/var/run/samba/winbindd_privileged/pipe
unix  3      [ ]         STREAM     CONNECTED     72819898
/var/run/samba/winbindd_privileged/pipe
unix  3      [ ]         STREAM     CONNECTED     72811786
/var/run/samba/winbindd_privileged/pipe
unix  3      [ ]         STREAM     CONNECTED     72799966
/var/run/samba/winbindd_privileged/pipe
unix  3      [ ]         STREAM     CONNECTED     72765262
/var/run/samba/winbindd_privileged/pipe

When I used all packages ending with ~test1 , I never catch any
dangling pipes like this from netstat report.

I'm up to 71 open fd links to sockets from 5 saslauthd processes
since this morning (relatively slow as students and faculty are not back
yet).

--Donald
[Message part 2 (text/html, inline)]

Added tag(s) pending. Request was from bubulle@alioth.debian.org to control@bugs.debian.org. (Sat, 15 Jan 2011 17:09:05 GMT) Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Sat, 15 Jan 2011 18:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Sat, 15 Jan 2011 18:39:07 GMT) Full text and rfc822 format available.

Message #121 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Sat, 15 Jan 2011 19:33:57 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> On Mon, Jan 3, 2011 at 2:37 AM, Christian PERRIER <bubulle@debian.org>wrote:
> 
> >
> > Eh, that's really strange, but thanks for the detailed investigation.
> >
> > Could you check whether you still experience the bug with the
> > 3.5.6~dfsg-3 packages? I suppose this is indeed what you're doing
> > right now...
> >
> >
> I'm afraid the bug reappears with these packages:
> 
> samba-common                        2:3.5.6~dfsg-3
> samba-common-bin                    2:3.5.6~dfsg-3~test1
> libwbclient0                        2:3.5.6~dfsg-3
> winbind                             2:3.5.6~dfsg-3

After hesitating for a long time, I finally uploaded 2:3.5.6~dfsg-4
with the patch I used in the package you tested.

I'll ask release managers to unblock it....based on the argument that
-3 isn't working properly for you while -4 should be.

Please confirm ASAP if that's correct.


[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Mon, 17 Jan 2011 19:36:22 GMT) Full text and rfc822 format available.

Acknowledgement sent to D G Teed <donald.teed@gmail.com>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Mon, 17 Jan 2011 19:36:22 GMT) Full text and rfc822 format available.

Message #126 received at 606350@bugs.debian.org (full text, mbox):

From: D G Teed <donald.teed@gmail.com>
To: Christian PERRIER <christian@perrier.eu.org>
Cc: 606350@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Mon, 17 Jan 2011 15:35:41 -0400
[Message part 1 (text/plain, inline)]
I installed these packages from sid this morning, onto
an otherwise squeeze based system:

samba-common                        2:3.5.6~dfsg-4
samba-common-bin                    2:3.5.6~dfsg-4
libwbclient0                        2:3.5.6~dfsg-4
winbind                             2:3.5.6~dfsg-4

I can see the pam library file is updated:

ls -l /lib/security/pam_winbind.so
-rw-r--r-- 1 root root 60168 Jan 15 16:04 /lib/security/pam_winbind.so

winbind and saslauthd are restarted.

Six hours later I check and the number of fd files
and links is static at 8 files under each /proc/<pid>/fd
where <pid> is a process id from saslauthd

Based on prior experiences with the bug (leak growth appears
within a few  minutes), this bug is fixed in these package releases.

--Donald
[Message part 2 (text/html, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>:
Bug#606350; Package winbind. (Tue, 18 Jan 2011 07:03:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Christian PERRIER <bubulle@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian Samba Maintainers <pkg-samba-maint@lists.alioth.debian.org>. (Tue, 18 Jan 2011 07:03:03 GMT) Full text and rfc822 format available.

Message #131 received at 606350@bugs.debian.org (full text, mbox):

From: Christian PERRIER <bubulle@debian.org>
To: D G Teed <donald.teed@gmail.com>
Cc: 606350@bugs.debian.org
Subject: Re: [Pkg-samba-maint] Bug#606350: sasl2-bin: "Too many open files" error with PAM - recovery with saslauthd restart
Date: Tue, 18 Jan 2011 06:46:51 +0100
[Message part 1 (text/plain, inline)]
Quoting D G Teed (donald.teed@gmail.com):
> I installed these packages from sid this morning, onto
> an otherwise squeeze based system:
> 
> samba-common                        2:3.5.6~dfsg-4
> samba-common-bin                    2:3.5.6~dfsg-4
> libwbclient0                        2:3.5.6~dfsg-4
> winbind                             2:3.5.6~dfsg-4
> 
> I can see the pam library file is updated:
> 
> ls -l /lib/security/pam_winbind.so
> -rw-r--r-- 1 root root 60168 Jan 15 16:04 /lib/security/pam_winbind.so
> 
> winbind and saslauthd are restarted.
> 
> Six hours later I check and the number of fd files
> and links is static at 8 files under each /proc/<pid>/fd
> where <pid> is a process id from saslauthd
> 
> Based on prior experiences with the bug (leak growth appears
> within a few  minutes), this bug is fixed in these package releases.


OK, thanks for your feedback. I just asked the release team for that
version to be accepted in squeeze.


Thanks again for your help all along this bug's investigation.


[signature.asc (application/pgp-signature, inline)]

Added tag(s) pending. Request was from bubulle@alioth.debian.org to control@bugs.debian.org. (Sun, 13 Feb 2011 17:18:11 GMT) Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 30 Mar 2011 07:33:18 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 10:48:57 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.