Using source3 RPC servers as daemons causes deadlock with winbindd!

Andrew Bartlett abartlet at samba.org
Tue May 6 01:38:31 MDT 2014 

On Tue, 2014-05-06 at 08:27 +0200, Andreas Schneider wrote:
> On Friday 02 May 2014 16:56:03 Andrew Bartlett wrote:
> > On Wed, 2014-04-30 at 17:37 +0200, Andreas Schneider wrote:
> > > On Wednesday 30 April 2014 11:55:40 Andrew Bartlett wrote:
> > > > The attached patches finally make the source3 winbindd code connect to
> > > > the LSA and SAMR servers over ncalrpc rather than directly linking the
> > > > shared library.
> > > > 
> > > > The problem is, in make test s3dc is set to use:
> > > >         rpc_server:epmapper = external
> > > >         rpc_server:spoolss = external
> > > >         rpc_server:lsarpc = external
> > > >         rpc_server:samr = external
> > > >         rpc_server:netlogon = external
> > > >         rpc_server:register_embedded_np = yes
> > > >         
> > > >         rpc_daemon:epmd = fork
> > > >         rpc_daemon:spoolssd = fork
> > > >         rpc_daemon:lsasd = fork
> > > > 
> > > > The issue is, when we connect to the RPC server, we lock up due to a
> > > > recursive call to winbindd (otherwise prevented because of the
> > > > winbind_off() call).
> > > > 
> > > > It can be reproduced with:
> > > > make test TESTS=samba3.blackbox.smbclient_auth.plain
> > > > 
> > > > GDB backtraces for smbd and winbindd are attached.
> > > > 
> > > > It appears to be locking up looking via LSA lookupnames and an NSS call
> > > > for unix group\nogroup
> > > > 
> > > > Do you think it is reasonable to expect the source3 LSA and SAMR servers
> > > > to be able to service winbindd when not loaded as a shared library, or
> > > > should we instead put an exception in for this (only use the pipes when
> > > > in AD DC mode).
> > > > 
> > > > Your thoughts and comments would be most valued.  As mentioned above,
> > > > the patch used the to reproduce this is also attached.
> > > 
> > > I'll leave today and will back on monday. Then I can look into this.
> > > 
> > > Maybe Simo has time ...
> > 
> > This patch causes other issues (probably because it defines up an extra
> > domain), but appears to avoid the deadlock.  It might provide some
> > inspiration for a correct fix here.
> 
> I haven't forgotten about it. But Günther and I have a talk next week at 
> SambaXP and we try to get a prototype working till then. I will look into it 
> as soon as we have something. It is still on my TODO list!

Thanks, I'll leave it in your capable hands.  It won't block my progress
because at the very worst, we can make this conditional on another
smb.conf option 'rpc_server:use external for winbind=true' or such.

Andrew Bartlett

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the samba-technical mailing list