[patch] HEAD winbindd_cm.c mutex bug

Andrew Bartlett abartlet at samba.org
Fri Jan 10 08:02:01 GMT 2003

On Fri, 2003-01-10 at 15:59, Martin Pool wrote:
> This patch is meant to fix the case where we repeatedly fail to
> acquire the mutex for opening the connection.  At the moment the code
> proceeds with neither the new_conn-> or result variables initialized,
> which I'm pretty sure is a bug.
> I don't know if this is the most appropriate status code but it should
> be set to something.

Winbind NT_STATUS errors don't usually go back to the client - except
for the auth stuff.

I think that the connection mutex should be sorted out in
cli_full_connection(), rather than in individual apps.  Then we can grab
the mutex for netlogon when operating on that pipe, but I really think
that end should be separate.

> --- winbindd_cm.c.~1.59.~	2003-01-09 12:11:32.000000000 +1100
> +++ winbindd_cm.c	2003-01-10 15:55:53.000000000 +1100
> @@ -369,9 +369,11 @@ static NTSTATUS cm_open_connection(const
>  	      new_conn->controller, global_myname(), ipc_domain, ipc_username));
>  	for (i = 0; retry && (i < 3); i++) {
> -		
>  		if (!secrets_named_mutex(new_conn->controller, 10)) {
>  			DEBUG(0,("cm_open_connection: mutex grab failed for %s\n", new_conn->controller));
> +			/* try again, but if we never succeed in getting a connection then this
> +			 * is the result */
>  			continue;
>  		}

Well, if it's the 'we never got a DC' then there is a better error -
NT_STATUS_NO_LOGON_SERVERS.  This is particularly important for the
winbind auth stuff, as that gives a meaningful error to the client.

(To find out what errors are 'meaningful', configure samba
--configure-developer, set 'auth methods = guest sam name_to_ntstatus'
and login as NT_STATUS_....  You will soon figure out if it's a good
choice of error.

Andrew Bartlett

Andrew Bartlett

Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20030110/f4c3b6a7/attachment.bin

More information about the samba-technical mailing list