[SCM] Samba Shared Repository - branch v3-3-stable updated -
release-3-2-0pre2-3808-gaf4ad67
Karolin Seeger
kseeger at samba.org
Fri Aug 22 21:29:11 GMT 2008
The branch, v3-3-stable has been updated
via af4ad677812763ea9bde8a767ed873918e184123 (commit)
via cb1ea1009f62ae2794e67cebd86df22ec6558009 (commit)
via a9333f6a87492d8ba0f1003317e31c96652601d5 (commit)
via 7992f6a814850805fb0c10a8f6034fd85a6a89cc (commit)
via 423a62a0cd115ea16c39b23560a8ad78cf021d37 (commit)
from d35aa3e9c049a92a7a94f0d6c9b0e06f662bfd7e (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit af4ad677812763ea9bde8a767ed873918e184123
Author: Jeremy Allison <jra at samba.org>
Date: Fri Aug 22 13:50:41 2008 -0700
Don't re-initialize a token when we already have one. This fixes the build farm failures when winbindd connects as guest.
This one took a *lot* of tracking down :-).
Jeremy.
(cherry picked from commit 0ca3ad6520778d78eeecfd78cd5036abd268e1b9)
commit cb1ea1009f62ae2794e67cebd86df22ec6558009
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Fri Aug 22 10:17:04 2008 -0500
winbindd: Fix crash in cm_connect_sam()
Fix segv when talking to parent DC (joined to child domain).
The root cause was
(a) storing the parent domain in the cli_state struct caused
the NTLMSSP pipe bind to fail which made us fallover to
the schannel code path
(b) the dcinfo pointer in cm_get_schannel_dcinfo() was returning
NULL even though the function indicated success.
(cherry picked from commit 5ce4a2ae6697970ea37d0078a506615b4b7a9a9c)
(cherry picked from commit 0aa7e1f54201577fa92ccda56b836eb8b8d49727)
commit a9333f6a87492d8ba0f1003317e31c96652601d5
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Aug 22 17:23:36 2008 +0200
manpages: Add documentation for new 'net rpc vampire' subcommands.
Karolin
(cherry picked from commit 8d0a16d8034cd07037b3c7711867280d5fa5b2c8)
(cherry picked from commit ad0296ad1c02ccc2b24cc33a3aad6317227a47b5)
commit 7992f6a814850805fb0c10a8f6034fd85a6a89cc
Author: Karolin Seeger <kseeger at samba.org>
Date: Fri Aug 22 16:47:19 2008 +0200
net: Add missing colon to unify usage messages.
Karolin
(cherry picked from commit c7aef4b38bd2b152b316d8d76b45be4b73ca315f)
(cherry picked from commit aa9b04de827b210db83dcfec0f0b05d2fbf95f09)
commit 423a62a0cd115ea16c39b23560a8ad78cf021d37
Author: Jeremy Allison <jra at samba.org>
Date: Wed Aug 20 16:23:13 2008 -0700
Here is a re-working of the winbindd
reconnect code to cope with rebooting a DC. This
replaces the code I asked Volker to revert.
The logic is pretty simple. It adds a new parameter,
"winbind reconnect delay", set to 30 seconds by
default, which determines how long to wait between
connection attempts.
To avoid overwhelming the box with DC-probe
forked children, the code now keeps track of
the DC probe child per winbindd_domain struct
and only starts a new one if the existing one
has died.
I also added a little logic to make sure the
dc probe child always sends a message whatever
the reason for exit so we will always reschedule
another connect attempt.
Also added documentation.
Jeremy.
(cherry picked from commit 1d87a36cb08f1aca093164d7ddb9ba1f077ebf61)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/net.8.xml | 13 +++++
.../smbdotconf/winbind/winbindreconnectdelay.xml | 15 ++++++
source/include/proto.h | 1 +
source/param/loadparm.c | 12 +++++
source/smbd/sesssetup.c | 23 +++++----
source/utils/net_rpc_samsync.c | 4 +-
source/winbindd/winbindd.h | 1 +
source/winbindd/winbindd_cm.c | 51 ++++++++++++++++----
source/winbindd/winbindd_util.c | 2 +-
9 files changed, 99 insertions(+), 23 deletions(-)
create mode 100644 docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/net.8.xml b/docs-xml/manpages-3/net.8.xml
index cdf0fbb..31fe69d 100644
--- a/docs-xml/manpages-3/net.8.xml
+++ b/docs-xml/manpages-3/net.8.xml
@@ -850,7 +850,20 @@ to run this against the PDC, from a Samba machine joined as a BDC. </para>
<para>Export users, aliases and groups from remote server to
local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
</para>
+</refsect2>
+
+<refsect2>
+<title>RPC VAMPIRE KEYTAB</title>
+<para>Dump remote SAM database to local Kerberos keytab file.
+</para>
+</refsect2>
+
+<refsect2>
+<title>RPC VAMPIRE LDIF</title>
+
+<para>Dump remote SAM database to local LDIF file or standard output.
+</para>
</refsect2>
<refsect2>
diff --git a/docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml b/docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml
new file mode 100644
index 0000000..2da263e
--- /dev/null
+++ b/docs-xml/smbdotconf/winbind/winbindreconnectdelay.xml
@@ -0,0 +1,15 @@
+<samba:parameter name="winbind reconnect delay"
+ context="G"
+ type="integer"
+ advanced="1" developer="1"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+ <para>This parameter specifies the number of
+ seconds the <citerefentry><refentrytitle>winbindd</refentrytitle>
+ <manvolnum>8</manvolnum></citerefentry> daemon will wait between
+ attempts to contact a Domain controller for a domain that is
+ determined to be down or not contactable.</para>
+</description>
+
+<value type="default">30</value>
+</samba:parameter>
diff --git a/source/include/proto.h b/source/include/proto.h
index 3d0d419..d3a8dbb 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -6049,6 +6049,7 @@ int lp_directory_name_cache_size(int );
int lp_smb_encrypt(int );
char lp_magicchar(const struct share_params *p );
int lp_winbind_cache_time(void);
+int lp_winbind_reconnect_delay(void);
const char **lp_winbind_nss_info(void);
int lp_algorithmic_rid_base(void);
int lp_name_cache_timeout(void);
diff --git a/source/param/loadparm.c b/source/param/loadparm.c
index 14e051a..84c2c7f 100644
--- a/source/param/loadparm.c
+++ b/source/param/loadparm.c
@@ -240,6 +240,7 @@ struct global {
int map_to_guest;
int oplock_break_wait_time;
int winbind_cache_time;
+ int winbind_reconnect_delay;
int winbind_max_idle_children;
char **szWinbindNssInfo;
int iLockSpinTime;
@@ -4363,6 +4364,15 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED,
},
{
+ .label = "winbind reconnect delay",
+ .type = P_INTEGER,
+ .p_class = P_GLOBAL,
+ .ptr = &Globals.winbind_reconnect_delay,
+ .special = NULL,
+ .enum_list = NULL,
+ .flags = FLAG_ADVANCED,
+ },
+ {
.label = "winbind enum users",
.type = P_BOOL,
.p_class = P_GLOBAL,
@@ -4829,6 +4839,7 @@ static void init_globals(bool first_time_only)
Globals.clustering = False;
Globals.winbind_cache_time = 300; /* 5 minutes */
+ Globals.winbind_reconnect_delay = 30; /* 30 seconds */
Globals.bWinbindEnumUsers = False;
Globals.bWinbindEnumGroups = False;
Globals.bWinbindUseDefaultDomain = False;
@@ -5341,6 +5352,7 @@ FN_LOCAL_INTEGER(lp_directory_name_cache_size, iDirectoryNameCacheSize)
FN_LOCAL_INTEGER(lp_smb_encrypt, ismb_encrypt)
FN_LOCAL_CHAR(lp_magicchar, magic_char)
FN_GLOBAL_INTEGER(lp_winbind_cache_time, &Globals.winbind_cache_time)
+FN_GLOBAL_INTEGER(lp_winbind_reconnect_delay, &Globals.winbind_reconnect_delay)
FN_GLOBAL_LIST(lp_winbind_nss_info, &Globals.szWinbindNssInfo)
FN_GLOBAL_INTEGER(lp_algorithmic_rid_base, &Globals.AlgorithmicRidBase)
FN_GLOBAL_INTEGER(lp_name_cache_timeout, &Globals.name_cache_timeout)
diff --git a/source/smbd/sesssetup.c b/source/smbd/sesssetup.c
index 041596b..9c9d0a9 100644
--- a/source/smbd/sesssetup.c
+++ b/source/smbd/sesssetup.c
@@ -1738,16 +1738,19 @@ void reply_sesssetup_and_X(struct smb_request *req)
return;
}
- nt_status = create_local_token(server_info);
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(10, ("create_local_token failed: %s\n",
- nt_errstr(nt_status)));
- data_blob_free(&nt_resp);
- data_blob_free(&lm_resp);
- data_blob_clear_free(&plaintext_password);
- reply_nterror(req, nt_status_squash(nt_status));
- END_PROFILE(SMBsesssetupX);
- return;
+ if (!server_info->ptok) {
+ nt_status = create_local_token(server_info);
+
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ DEBUG(10, ("create_local_token failed: %s\n",
+ nt_errstr(nt_status)));
+ data_blob_free(&nt_resp);
+ data_blob_free(&lm_resp);
+ data_blob_clear_free(&plaintext_password);
+ reply_nterror(req, nt_status_squash(nt_status));
+ END_PROFILE(SMBsesssetupX);
+ return;
+ }
}
data_blob_clear_free(&plaintext_password);
diff --git a/source/utils/net_rpc_samsync.c b/source/utils/net_rpc_samsync.c
index c01aace..c0922ef 100644
--- a/source/utils/net_rpc_samsync.c
+++ b/source/utils/net_rpc_samsync.c
@@ -219,7 +219,7 @@ NTSTATUS rpc_vampire_ldif_internals(struct net_context *c,
int rpc_vampire_ldif(struct net_context *c, int argc, const char **argv)
{
if (c->display_usage) {
- d_printf("Usage\n"
+ d_printf("Usage:\n"
"net rpc vampire ldif\n"
" Dump remote SAM database to LDIF file or stdout\n");
return 0;
@@ -343,7 +343,7 @@ int rpc_vampire_keytab(struct net_context *c, int argc, const char **argv)
int ret = 0;
if (c->display_usage) {
- d_printf("Usage\n"
+ d_printf("Usage:\n"
"net rpc vampire keytab\n"
" Dump remote SAM database to Kerberos keytab file\n");
return 0;
diff --git a/source/winbindd/winbindd.h b/source/winbindd/winbindd.h
index fe0c076..1b8cd91 100644
--- a/source/winbindd/winbindd.h
+++ b/source/winbindd/winbindd.h
@@ -204,6 +204,7 @@ struct winbindd_domain {
uint32_t id_range_low, id_range_high;
/* A working DC */
+ pid_t dc_probe_pid; /* Child we're using to detect the DC. */
fstring dcname;
struct sockaddr_storage dcaddr;
diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index 47df4e4..a8c0166 100644
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -171,20 +171,33 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
struct dc_name_ip *dcs = NULL;
int num_dcs = 0;
TALLOC_CTX *mem_ctx = NULL;
- pid_t child_pid;
pid_t parent_pid = sys_getpid();
/* Stop zombies */
CatchChild();
- child_pid = sys_fork();
+ if (domain->dc_probe_pid != (pid_t)-1) {
+ /*
+ * We might already have a DC probe
+ * child working, check.
+ */
+ if (process_exists_by_pid(domain->dc_probe_pid)) {
+ DEBUG(10,("fork_child_dc_connect: pid %u already "
+ "checking for DC's.\n",
+ (unsigned int)domain->dc_probe_pid));
+ return true;
+ }
+ domain->dc_probe_pid = (pid_t)-1;
+ }
+
+ domain->dc_probe_pid = sys_fork();
- if (child_pid == -1) {
+ if (domain->dc_probe_pid == (pid_t)-1) {
DEBUG(0, ("fork_child_dc_connect: Could not fork: %s\n", strerror(errno)));
return False;
}
- if (child_pid != 0) {
+ if (domain->dc_probe_pid != (pid_t)0) {
/* Parent */
messaging_register(winbind_messaging_context(), NULL,
MSG_WINBIND_TRY_TO_GO_ONLINE,
@@ -201,6 +214,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
if (!reinit_after_fork(winbind_messaging_context(), true)) {
DEBUG(0,("reinit_after_fork() failed\n"));
+ messaging_send_buf(winbind_messaging_context(),
+ pid_to_procid(parent_pid),
+ MSG_WINBIND_FAILED_TO_GO_ONLINE,
+ (uint8 *)domain->name,
+ strlen(domain->name)+1);
_exit(0);
}
@@ -218,6 +236,11 @@ static bool fork_child_dc_connect(struct winbindd_domain *domain)
mem_ctx = talloc_init("fork_child_dc_connect");
if (!mem_ctx) {
DEBUG(0,("talloc_init failed.\n"));
+ messaging_send_buf(winbind_messaging_context(),
+ pid_to_procid(parent_pid),
+ MSG_WINBIND_FAILED_TO_GO_ONLINE,
+ (uint8 *)domain->name,
+ strlen(domain->name)+1);
_exit(0);
}
@@ -291,12 +314,12 @@ static void check_domain_online_handler(struct event_context *ctx,
static void calc_new_online_timeout_check(struct winbindd_domain *domain)
{
- int wbc = lp_winbind_cache_time();
+ int wbr = lp_winbind_reconnect_delay();
if (domain->startup) {
domain->check_online_timeout = 10;
- } else if (domain->check_online_timeout < wbc) {
- domain->check_online_timeout = wbc;
+ } else if (domain->check_online_timeout < wbr) {
+ domain->check_online_timeout = wbr;
}
}
@@ -336,7 +359,7 @@ void set_domain_offline(struct winbindd_domain *domain)
}
/* If we're in statup mode, check again in 10 seconds, not in
- lp_winbind_cache_time() seconds (which is 5 mins by default). */
+ lp_winbind_reconnect_delay() seconds (which is 30 seconds by default). */
calc_new_online_timeout_check(domain);
@@ -852,7 +875,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, domain->name, machine_password);
+ cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
goto session_setup_done;
}
}
@@ -877,7 +900,7 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
result = ads_ntstatus(ads_status);
if (NT_STATUS_IS_OK(result)) {
/* Ensure creds are stored for NTLMSSP authenticated pipe access. */
- cli_init_creds(*cli, machine_account, domain->name, machine_password);
+ cli_init_creds(*cli, machine_account, lp_workgroup(), machine_password);
goto session_setup_done;
}
}
@@ -914,6 +937,9 @@ static NTSTATUS cm_prepare_connection(const struct winbindd_domain *domain,
anon_fallback:
/* Fall back to anonymous connection, this might fail later */
+ DEBUG(10,("cm_prepare_connection: falling back to anonymous "
+ "connection for DC %s\n",
+ controller ));
if (NT_STATUS_IS_OK(cli_session_setup(*cli, "", NULL, 0,
NULL, 0, ""))) {
@@ -1904,6 +1930,10 @@ static bool cm_get_schannel_dcinfo(struct winbindd_domain *domain,
/* Return a pointer to the struct dcinfo from the
netlogon pipe. */
+ if (!domain->conn.netlogon_pipe->dc) {
+ return false;
+ }
+
*ppdc = domain->conn.netlogon_pipe->dc;
return True;
}
@@ -1930,6 +1960,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx,
goto done;
}
+
/*
* No SAMR pipe yet. Attempt to get an NTLMSSP SPNEGO authenticated
* sign and sealed pipe using the machine account password by
diff --git a/source/winbindd/winbindd_util.c b/source/winbindd/winbindd_util.c
index 77b1778..4668d37 100644
--- a/source/winbindd/winbindd_util.c
+++ b/source/winbindd/winbindd_util.c
@@ -180,11 +180,11 @@ static struct winbindd_domain *add_trusted_domain(const char *domain_name, const
domain->initialized = False;
domain->online = is_internal_domain(sid);
domain->check_online_timeout = 0;
+ domain->dc_probe_pid = (pid_t)-1;
if (sid) {
sid_copy(&domain->sid, sid);
}
-
/* Link to domain list */
DLIST_ADD_END(_domain_list, domain, struct winbindd_domain *);
--
Samba Shared Repository
More information about the samba-cvs
mailing list