[SCM] Samba Shared Repository - branch v3-6-test updated

Tue Feb 28 12:00:21 MST 2012

The branch, v3-6-test has been updated
       via  9902744 s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
      from  4d60392 Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER but has no permission for that, but token has SeTakeOwnershipPrivilege

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 990274481795a47376cdbc95d5f80d830079d702
Author: Matthieu Patou <mat at matws.net>
Date:   Fri Feb 24 16:13:10 2012 -0800

    s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
    
    If not the child process would hang for quite a long time up to the
    moment when the connection is cleaned by the kernel (took ~ 20 minutes)
    in my tests.
    
    Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and
    keeps in the meantime to respond NT_STATUS_IO_TIMEOUT).

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_pam.c |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 79189ba..9801f53 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1166,6 +1166,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		if (!NT_STATUS_IS_OK(result)) {
 			DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
 				  nt_errstr(result)));
+			if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+				if (attempts > 0) {
+					DEBUG(3, ("This is the second problem for this "
+						"particular call, forcing the close of "
+						"this connection\n"));
+					invalidate_cm_connection(&domain->conn);
+				} else {
+					DEBUG(3, ("First call to cm_connect_netlogon "
+						"has timed out, retrying\n"));
+					continue;
+				}
+			}
 			return result;
 		}
 		auth = netlogon_pipe->auth;
@@ -1309,7 +1321,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 		   rpc changetrustpw' */
 
 		if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
-			DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+			DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned "
 				 "ACCESS_DENIED.  Maybe the trust account "
 				"password was changed and we didn't know it. "
 				 "Killing connections to domain %s\n",
@@ -1320,6 +1332,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 
 	} while ( (attempts < 2) && retry );
 
+	if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+		DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+				"returned NT_STATUS_IO_TIMEOUT after the retry."
+				"Killing connections to domain %s\n",
+			domainname));
+		invalidate_cm_connection(&domain->conn);
+	}
 	return result;
 }
 


-- 
Samba Shared Repository
