[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-2261-gb379b5b

Gerald Carter jerry at samba.org
Wed Apr 30 15:29:11 GMT 2008 

The branch, v3-3-test has been updated
       via  b379b5b5d8a6daccc69aaf2be6d9a6e276e7dd78 (commit)
       via  5ed9b92097460cd8180db806a08213e97cfb8daa (commit)
       via  2983b9dc790e0f90ec1e6add131438c6bfd361b4 (commit)
      from  14327b11baa18f185e747a321e75abe581d153d2 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit b379b5b5d8a6daccc69aaf2be6d9a6e276e7dd78
Author: Gerald W. Carter <jerry at samba.org>
Date:   Wed Apr 30 10:09:43 2008 -0500

    Winbind: Prevent cycle in children list when reaping dead child processes.
    
    Thanks to Glenn Curtis and Kyle Stemen @ Likewise.  Their explanation is:
    
        In winbindd_dual.c, there is a list of children processes that
        is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the
        case when a scheduled_async_request fails, the particular child
        was located in the list, and its attributes were cleared out
        and it was reused for a subsequent async request. The bug was that
        the new request would queue the same node into the doubly-linked
        list and would result in list->next pointing to the same node as
        list itself. This would set up an infinite loop in the processing of
        the for loop when the list of children was referenced.
    
        Solution was to fully remove the child node from the list, such that
        it could be inserted without risk of being inserted twice.
    
    Note that the child is re-added to the list in fork_domain_child() again.

commit 5ed9b92097460cd8180db806a08213e97cfb8daa
Author: Gerald W. Carter <jerry at samba.org>
Date:   Wed Apr 30 09:57:15 2008 -0500

    BUG 5107: Fix handling of large DNS replies on AIX and Solaris.
    
    On AIX, Solaris, and possibly some older glibc systems (e.g. SLES8)
    truncated replies never give back a resp_len > buflen
    which ends up causing DNS resolve failures on large tcp DNS replies.
    
    Also add more debug lines about processing the DNS reply.

commit 2983b9dc790e0f90ec1e6add131438c6bfd361b4
Author: Gerald W. Carter <jerry at samba.org>
Date:   Wed Apr 30 09:43:00 2008 -0500

    BUG 5429: Clarify log msgs re: failure to create BUILTIN\{Administrators,Users}
    
    Raise the debug msgs from Lvl 0 in the create_builtin_XX() functions
    to prevent unnecessary panic from people reading the logs.

-----------------------------------------------------------------------

Summary of changes:
 source/auth/token_util.c        |   16 +++++++++-------
 source/libads/dns.c             |   38 ++++++++++++++++++++++++++++++++------
 source/winbindd/winbindd_dual.c |    4 ++++
 3 files changed, 45 insertions(+), 13 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/auth/token_util.c b/source/auth/token_util.c
index 6720a2c..cd67c2a 100644
--- a/source/auth/token_util.c
+++ b/source/auth/token_util.c
@@ -210,7 +210,7 @@ static NTSTATUS create_builtin_users( void )
 
 	status = pdb_create_builtin_alias( BUILTIN_ALIAS_RID_USERS );
 	if ( !NT_STATUS_IS_OK(status) ) {
-		DEBUG(0,("create_builtin_users: Failed to create Users\n"));
+		DEBUG(5,("create_builtin_users: Failed to create Users\n"));
 		return status;
 	}
 
@@ -221,7 +221,7 @@ static NTSTATUS create_builtin_users( void )
 		sid_append_rid(&dom_users, DOMAIN_GROUP_RID_USERS );
 		status = pdb_add_aliasmem( &global_sid_Builtin_Users, &dom_users);
 		if ( !NT_STATUS_IS_OK(status) ) {
-			DEBUG(0,("create_builtin_administrators: Failed to add Domain Users to"
+			DEBUG(4,("create_builtin_administrators: Failed to add Domain Users to"
 				" Users\n"));
 			return status;
 		}
@@ -244,7 +244,7 @@ static NTSTATUS create_builtin_administrators( void )
 
 	status = pdb_create_builtin_alias( BUILTIN_ALIAS_RID_ADMINS );
 	if ( !NT_STATUS_IS_OK(status) ) {
-		DEBUG(0,("create_builtin_administrators: Failed to create Administrators\n"));
+		DEBUG(5,("create_builtin_administrators: Failed to create Administrators\n"));
 		return status;
 	}
 
@@ -255,7 +255,7 @@ static NTSTATUS create_builtin_administrators( void )
 		sid_append_rid(&dom_admins, DOMAIN_GROUP_RID_ADMINS);
 		status = pdb_add_aliasmem( &global_sid_Builtin_Administrators, &dom_admins );
 		if ( !NT_STATUS_IS_OK(status) ) {
-			DEBUG(0,("create_builtin_administrators: Failed to add Domain Admins"
+			DEBUG(4,("create_builtin_administrators: Failed to add Domain Admins"
 				" Administrators\n"));
 			return status;
 		}
@@ -273,7 +273,7 @@ static NTSTATUS create_builtin_administrators( void )
 	if ( ret ) {
 		status = pdb_add_aliasmem( &global_sid_Builtin_Administrators, &root_sid );
 		if ( !NT_STATUS_IS_OK(status) ) {
-			DEBUG(0,("create_builtin_administrators: Failed to add root"
+			DEBUG(4,("create_builtin_administrators: Failed to add root"
 				" Administrators\n"));
 			return status;
 		}
@@ -381,7 +381,8 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 			become_root();
 			status = create_builtin_administrators( );
 			if ( !NT_STATUS_IS_OK(status) ) {
-				DEBUG(2,("create_local_nt_token: Failed to create BUILTIN\\Administrators group!\n"));
+				DEBUG(2,("WARNING: Failed to create BUILTIN\\Administrators "
+					 "group!  Can Winbind allocate gids?\n"));
 				/* don't fail, just log the message */
 			}
 			unbecome_root();
@@ -408,7 +409,8 @@ struct nt_user_token *create_local_nt_token(TALLOC_CTX *mem_ctx,
 			become_root();
 			status = create_builtin_users( );
 			if ( !NT_STATUS_IS_OK(status) ) {
-				DEBUG(2,("create_local_nt_token: Failed to create BUILTIN\\Users group!\n"));
+				DEBUG(2,("WARNING: Failed to create BUILTIN\\Users group! "
+					 "Can Winbind allocate gids?\n"));
 				/* don't fail, just log the message */
 			}
 			unbecome_root();
diff --git a/source/libads/dns.c b/source/libads/dns.c
index 3239892..fe0e6d3 100644
--- a/source/libads/dns.c
+++ b/source/libads/dns.c
@@ -203,8 +203,15 @@ static bool ads_dns_parse_rr_srv( TALLOC_CTX *ctx, uint8 *start, uint8 *end,
 		DEBUG(1,("ads_dns_parse_rr_srv: Failed to uncompress name!\n"));
 		return False;
 	}
+
 	srv->hostname = talloc_strdup( ctx, dcname );
 
+	DEBUG(10,("ads_dns_parse_rr_srv: Parsed %s [%u, %u, %u]\n", 
+		  srv->hostname, 
+		  srv->priority,
+		  srv->weight,
+		  srv->port));
+
 	return True;
 }
 
@@ -285,7 +292,7 @@ static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type,
                               uint8 **buf, int *resp_length )
 {
 	uint8 *buffer = NULL;
-	size_t buf_len;
+	size_t buf_len = 0;
 	int resp_len = NS_PACKETSZ;
 	static time_t last_dns_check = 0;
 	static NTSTATUS last_dns_status = NT_STATUS_OK;
@@ -346,7 +353,26 @@ static NTSTATUS dns_send_req( TALLOC_CTX *ctx, const char *name, int q_type,
 			last_dns_check = time(NULL);
 			return last_dns_status;
 		}
-	} while ( buf_len < resp_len && resp_len < MAX_DNS_PACKET_SIZE );
+
+		/* On AIX, Solaris, and possibly some older glibc systems (e.g. SLES8)
+		   truncated replies never give back a resp_len > buflen
+		   which ends up causing DNS resolve failures on large tcp DNS replies */
+
+		if (buf_len == resp_len) {
+			if (resp_len == MAX_DNS_PACKET_SIZE) {
+				DEBUG(1,("dns_send_req: DNS reply too large when resolving %s\n",
+					name));
+				TALLOC_FREE( buffer );
+				last_dns_status = NT_STATUS_BUFFER_TOO_SMALL;
+				last_dns_check = time(NULL);
+				return last_dns_status;
+			}
+
+			resp_len = MIN(resp_len*2, MAX_DNS_PACKET_SIZE);
+		}
+
+
+	} while ( buf_len < resp_len && resp_len <= MAX_DNS_PACKET_SIZE );
 
 	*buf = buffer;
 	*resp_length = resp_len;
@@ -429,7 +455,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 		if (!ads_dns_parse_query(ctx, buffer,
 					buffer+resp_len, &p, &q)) {
 			DEBUG(1,("ads_dns_lookup_srv: "
-				"Failed to parse query record!\n"));
+				 "Failed to parse query record [%d]!\n", rrnum));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	}
@@ -440,7 +466,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 		if (!ads_dns_parse_rr_srv(ctx, buffer, buffer+resp_len,
 					&p, &dcs[rrnum])) {
 			DEBUG(1,("ads_dns_lookup_srv: "
-				"Failed to parse answer record!\n"));
+				 "Failed to parse answer recordi [%d]!\n", rrnum));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	}
@@ -455,7 +481,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 		if (!ads_dns_parse_rr( ctx, buffer,
 					buffer+resp_len, &p, &rr)) {
 			DEBUG(1,("ads_dns_lookup_srv: "
-				"Failed to parse authority record!\n"));
+				 "Failed to parse authority record! [%d]\n", rrnum));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 	}
@@ -469,7 +495,7 @@ static NTSTATUS ads_dns_lookup_srv( TALLOC_CTX *ctx,
 		if (!ads_dns_parse_rr(ctx, buffer, buffer+resp_len,
 					&p, &rr)) {
 			DEBUG(1,("ads_dns_lookup_srv: Failed "
-				"to parse additional records section!\n"));
+				 "to parse additional records section! [%d]\n", rrnum));
 			return NT_STATUS_UNSUCCESSFUL;
 		}
 
diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
index 14ba38c..f71eec5 100644
--- a/source/winbindd/winbindd_dual.c
+++ b/source/winbindd/winbindd_dual.c
@@ -478,6 +478,10 @@ void winbind_child_died(pid_t pid)
 		return;
 	}
 
+	/* This will be re-added in fork_domain_child() */
+
+	DLIST_REMOVE(children, child);
+	
 	remove_fd_event(&child->event);
 	close(child->event.fd);
 	child->event.fd = 0;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list