[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Tue Feb 28 12:00:21 MST 2012
The branch, v3-6-test has been updated
via 9902744 s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
from 4d60392 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 990274481795a47376cdbc95d5f80d830079d702
Author: Matthieu Patou <mat at matws.net>
Date: Fri Feb 24 16:13:10 2012 -0800
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and
keeps in the meantime to respond NT_STATUS_IO_TIMEOUT).
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 21 ++++++++++++++++++++-
1 files changed, 20 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 79189ba..9801f53 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1166,6 +1166,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
nt_errstr(result)));
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ if (attempts > 0) {
+ DEBUG(3, ("This is the second problem for this "
+ "particular call, forcing the close of "
+ "this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ } else {
+ DEBUG(3, ("First call to cm_connect_netlogon "
+ "has timed out, retrying\n"));
+ continue;
+ }
+ }
return result;
}
auth = netlogon_pipe->auth;
@@ -1309,7 +1321,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
rpc changetrustpw' */
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
- DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned "
"ACCESS_DENIED. Maybe the trust account "
"password was changed and we didn't know it. "
"Killing connections to domain %s\n",
@@ -1320,6 +1332,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
} while ( (attempts < 2) && retry );
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+ "returned NT_STATUS_IO_TIMEOUT after the retry."
+ "Killing connections to domain %s\n",
+ domainname));
+ invalidate_cm_connection(&domain->conn);
+ }
return result;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list