enhancing error managements of winbind
kawasa_r at itg.hitachi.co.jp
kawasa_r at itg.hitachi.co.jp
Fri May 7 14:33:56 GMT 2004
In case of network error and LDAP server error, some managements consume a
lot of time.
We've add some timeout thresholds to avoid these three problems.
(1/3) If there's an error in domain controller of network, winbind daemon
take a lot of time to detect the error.
Reason: No timeout is set.
Measure: Set timeout by using alarm().
Index: samba-302/source/libads/ldap.c
===================================================================
RCS file: /cvs/samba-302/source/libads/ldap.c,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- samba-302/source/libads/ldap.c 17 Mar 2004 06:32:03 -0000 1.2
+++ samba-302/source/libads/ldap.c 15 Apr 2004 11:09:34 -0000 1.3
@@ -24,6 +24,14 @@
#ifdef HAVE_LDAP
+/***************************************************************
+ Signal function to tell us we timed out.
+****************************************************************/
+
+static void gotalarm_sig(void)
+{
+}
+
/**
* @file ldap.c
* @brief basic ldap client-side routines for ads server communications
@@ -58,7 +66,17 @@
/* this copes with inet_ntoa brokenness */
srv = strdup(server);
+ /* Setup timeout */
+ CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
+ alarm(60);
+ /* End setup timeout. */
+
ads->ld = ldap_open(srv, port);
+
+ /* Teardown timeout. */
+ CatchSignal(SIGALRM, SIGNAL_CAST SIG_IGN);
+ alarm(0);
+
if (!ads->ld) {
free(srv);
return False;
(2/3) If there's an error in LDAP server, smbldap_add() function runs
eternally.
Reason: No timeout is set.
Measure: Set timeout by using ldap_add() and ldap_result().
Index: samba-302/source/lib/smbldap.c
===================================================================
RCS file: /cvs/samba-302/source/lib/smbldap.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -r1.5 -r1.6
--- samba-302/source/lib/smbldap.c 15 Apr 2004 11:19:07 -0000 1.5
+++ samba-302/source/lib/smbldap.c 15 Apr 2004 11:26:28 -0000 1.6
@@ -1040,6 +1040,9 @@
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
char *utf8_dn;
+ int msgid = 0;
+ struct timeval timeout;
+ LDAPMessage *res = NULL;
SMB_ASSERT(ldap_state);
@@ -1049,17 +1052,29 @@
return LDAP_NO_MEMORY;
}
+ timeout.tv_sec = 60;
+ timeout.tv_usec = 0;
while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
- rc = ldap_add_s(ldap_state->ldap_struct, utf8_dn, attrs);
+ msgid = ldap_add(ldap_state->ldap_struct, utf8_dn, attrs);
+ if (ldap_result(ldap_state->ldap_struct, msgid, 1, &timeout, &res) != 0) {
+ rc = ldap_result2error(ldap_state->ldap_struct, res, 1);
+ } else {
+ rc = LDAP_TIMEOUT;
+ }
}
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
smbldap_close(ldap_state);
+ } else if (rc == LDAP_TIMEOUT) {
+ DEBUG(0,("%s: LDAP TIMEOUT!\n",FUNCTION_MACRO));
+ ldap_server_down = True;
+ ldap_server_down_time = time(NULL);
+ smbldap_close(ldap_state);
}
ldap_state->last_use = time(NULL);
(3/3) If there's an error in LDAP server, smbldap_modify() function runs
eternally.
Reason: No timeout is set.
Measure: Set timeout by using ldap_add() and ldap_result().
Index: samba-302/source/lib/smbldap.c
===================================================================
RCS file: /cvs/samba-302/source/lib/smbldap.c,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- samba-302/source/lib/smbldap.c 30 Mar 2004 12:19:07 -0000 1.4
+++ samba-302/source/lib/smbldap.c 15 Apr 2004 11:19:07 -0000 1.5
@@ -992,6 +992,9 @@
int rc = LDAP_SERVER_DOWN;
int attempts = 0;
char *utf8_dn;
+ int msgid = 0;
+ struct timeval timeout;
+ LDAPMessage *res = NULL;
SMB_ASSERT(ldap_state);
@@ -1001,17 +1004,29 @@
return LDAP_NO_MEMORY;
}
+ timeout.tv_sec = 60;
+ timeout.tv_usec = 0;
while ((rc == LDAP_SERVER_DOWN) && (attempts < SMBLDAP_NUM_RETRIES)) {
if ((rc = smbldap_retry_open(ldap_state,&attempts)) != LDAP_SUCCESS)
continue;
- rc = ldap_modify_s(ldap_state->ldap_struct, utf8_dn, attrs);
+ msgid = ldap_modify(ldap_state->ldap_struct, utf8_dn, attrs);
+ if (ldap_result(ldap_state->ldap_struct, msgid, 1, &timeout, &res) != 0) {
+ rc = ldap_result2error(ldap_state->ldap_struct, res, 1);
+ } else {
+ rc = LDAP_TIMEOUT;
+ }
}
if (rc == LDAP_SERVER_DOWN) {
DEBUG(0,("%s: LDAP server is down!\n",FUNCTION_MACRO));
smbldap_close(ldap_state);
+ } else if (rc == LDAP_TIMEOUT) {
+ DEBUG(0,("%s: LDAP TIMEOUT!\n",FUNCTION_MACRO));
+ ldap_server_down = True;
+ ldap_server_down_time = time(NULL);
+ smbldap_close(ldap_state);
}
ldap_state->last_use = time(NULL);
More information about the samba-technical
mailing list