Using source3 RPC servers as daemons causes deadlock with winbindd!

Andrew Bartlett abartlet at samba.org
Thu May 1 22:56:03 MDT 2014 

On Wed, 2014-04-30 at 17:37 +0200, Andreas Schneider wrote:
> On Wednesday 30 April 2014 11:55:40 Andrew Bartlett wrote:
> > The attached patches finally make the source3 winbindd code connect to
> > the LSA and SAMR servers over ncalrpc rather than directly linking the
> > shared library.
> > 
> > The problem is, in make test s3dc is set to use:
> > 
> > 
> >         rpc_server:epmapper = external
> >         rpc_server:spoolss = external
> >         rpc_server:lsarpc = external
> >         rpc_server:samr = external
> >         rpc_server:netlogon = external
> >         rpc_server:register_embedded_np = yes
> > 
> >         rpc_daemon:epmd = fork
> >         rpc_daemon:spoolssd = fork
> >         rpc_daemon:lsasd = fork
> > 
> > The issue is, when we connect to the RPC server, we lock up due to a
> > recursive call to winbindd (otherwise prevented because of the
> > winbind_off() call).
> > 
> > It can be reproduced with:
> > make test TESTS=samba3.blackbox.smbclient_auth.plain
> > 
> > GDB backtraces for smbd and winbindd are attached.
> > 
> > It appears to be locking up looking via LSA lookupnames and an NSS call
> > for unix group\nogroup
> > 
> > Do you think it is reasonable to expect the source3 LSA and SAMR servers
> > to be able to service winbindd when not loaded as a shared library, or
> > should we instead put an exception in for this (only use the pipes when
> > in AD DC mode).
> > 
> > Your thoughts and comments would be most valued.  As mentioned above,
> > the patch used the to reproduce this is also attached.
> 
> I'll leave today and will back on monday. Then I can look into this.
> 
> Maybe Simo has time ...

This patch causes other issues (probably because it defines up an extra
domain), but appears to avoid the deadlock.  It might provide some
inspiration for a correct fix here.

Thanks,

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba



-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-winbind-Add-a-winbindd_unix-backend-for-the-unix-.patch
Type: text/x-patch
Size: 13871 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140502/b2b46bc8/attachment.bin>

More information about the samba-technical mailing list