FW: winbindd_cm.c leak in failed connection cache

Dan Coppock danno at stbernard.com
Wed Jul 31 08:34:02 GMT 2002 

(I should have sent this to the list, not directly to Tim.  Sorry.)

- Danno

-----Original Message-----
From: Dan Coppock 
Sent: Tuesday, July 30, 2002 9:16 AM
To: 'Tim Potter'
Subject: RE: winbindd_cm.c leak in failed connection cache


>>On Mon, Jul 29, 2002 at 10:40:54AM -0700, Dan Coppock wrote:
>> I'm seeing a slow winbind leak when the dc for a trusted domain is
>> permanently unreachable (it's down, or administratively unavailable).  It
>> looks like in winbindd_cm.c, when the controller name cannot be looked
up,
>> or when the connection really fails, cm_open_connection() calls
>> add_failed_connection_entry(), blindly adding to the failed connection
>> cache.  I suspect there should be check to see if it's already in the
failed
>> connection cache, and only update the lookup_time when present.

>Fixed.  Thanks for spotting this.

>> Also, in the case where the controller name lookup fails, is controller
even
>> defined for inclusion in the "struct failed_connection_cache"?  Isn't the
>> controller name the very piece of information that wasn't obtainable, and
>> therefore not useful for caching here?  I'm not sure on this part.

>Yes this does look like a bit of a problem.  Fortunately the connection
>structure is zeroed before cm_open_connection is called so the
>controller name will always be the null string.  It does seem a bit
>silly to store the controller name as part of the cache entry.
>Tim.

Tim,

Thanks for looking at this.

I think there still exists a problem scenario.  Your fix guards against
adding to
the fcc again, if one already exists for that domain.  However, if the entry
on
the list was put there with a null controller name, I don't see how it will
ever
get timed-out, as both the domain and controller must match in order to
reach the
DLIST_REMOVE in list check in com_open_connection().

Also, isn't it a good idea to update the lookup_time when an existing entry
is found
in the fcc?

Thanks,

Danno Coppock
St. Bernard Software
858-524-2131

More information about the samba-technical mailing list