[PATCH] LOOKUP_NAME_EXPLICIT to avoid lockups between winbindd and nscd

Gerald (Jerry) Carter jerry at samba.org
Wed May 30 18:54:36 GMT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gerald (Jerry) Carter wrote:
> Here's the problem I hit:
> 
> getgrnam("foo") -> nscd -> NSS -> winbindd ->
>   winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() ->
>   getgrnam("foo") -> nscd -> ....
> 
> This is in the SAMBA_3_0 specifically but in theory could happen
> SAMBA_3_0_25 (or 26) for an unknown group.
> 
> The attached patch passes down enough state for the
> name_to_sid() call to be able to determine the originating
> winbindd cmd that came into the parent.  So we can avoid
> making more NSS calls if the original call came in trough NSS
> so we don't deadlock ?  But you should still service
> lookupname() calls which are needed for example when
> doing the token access checks for a "valid groups" from
> smb.conf.
> 
> I've got this in testing now.  The problem has shown up with the
> DsProvider on OS X and with nscd on SOlaris and Linux.
> 
> Comments?

No one has stringy objected so I'm checking this into
SAMBA_3_0_26



cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFGXchsIR7qMdg1EfYRArVWAJ94miIkIGPk9pZVyIQQ07BiBxy37wCdF+dA
8hGSnbCKhD9m0UgD3gFIm/c=
=eU+n
-----END PGP SIGNATURE-----


More information about the samba-technical mailing list