infinite loop in find_new_dc

Herb Lewis hlewis at
Thu Feb 12 09:25:13 MST 2009

This turns out to have been a bug in an ancient change we made
before the server affinity code was implemented. We were always
returning the lp_passwordserver name first in get_dc_list and that
was accidentally cut and pasted into the path for the trusted
domains as well as our primary domain. This also only shows up
in security=domain where the DC name is returned as the short
name instead of the FQDN. Looks like it is not a samba bug.

Steven Danneman wrote:
>> If you are not using WINS and your DNS search order does not
>> allow resolution of the name returned by the get_dcs call
>> you will put winbindd into an infinite loop in this function
>> because of the "goto again" at the end of the function.
>> this is in source/winbindd/winbindd_cm.c and the problem
>> exists in 3.0 as well as 3.2 and I assume 3.3.
>> Why are we doing this retry, and if it is necessary, we
>> need to put a max number of trys on it
> Herb,
> I've looked at that code good and hard and flip flopped back and forth
> on whether there was an infinite loop or not.  I'm still not sure.  I
> have a patch that greatly refactors that whole path, but is still
> incomplete.  If you're highly motivated I can send it to you to finish
> the job.
> -Steven

More information about the samba-technical mailing list