[PATCH] Finish multi-process netlogon server for ncacn_ip_tcp

Andrew Bartlett abartlet at samba.org
Thu Jul 27 03:06:25 UTC 2017 

The attached patch adds debugging and fixes our NETLOGON server to
actually be multi-process for ncacn_ip_tcp

This was meant to work for 4.6, but I can't think of a way to detect
actual multi-process use with a test script, and of course it didn't
work.  Making things even more difficult, the distinct TCP port binding
for netlogon are enforced in make test, because we don't detect a
double-bind, so we can't even look for that.

I've tested it by checking the new log entries and killing one of the
fork()ed children, to show that others still proceed.

The attached patches Douglas has reviewed and I've pushed to autobuild,
but I pass them here for transparency. 

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba



-------------- next part --------------
From b2365557b618eb4dd1e86f973f1b905eb9d16793 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 27 Jul 2017 11:10:43 +1200
Subject: [PATCH 1/2] s4-rpc_server: Improve debug of new endpoints

This helps us know what process model is required and what one is in use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
---
 source4/rpc_server/dcerpc_server.c | 13 ++++++++++---
 source4/rpc_server/service_rpc.c   | 14 ++++++++++++++
 2 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index ef02e324ca8..332de55f32c 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -275,7 +275,8 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 	enum dcerpc_transport_t transport;
 	char *ep_string = NULL;
 	bool use_single_process = true;
-	
+	const char *ep_process_string;
+		
 	/*
 	 * If we are not using handles, there is no need for force
 	 * this service into using a single process.
@@ -437,8 +438,14 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 	/* Re-get the string as we may have set a port */
 	ep_string = dcerpc_binding_string(dce_ctx, ep->ep_description);
 
-	DEBUG(4,("dcesrv_interface_register: interface '%s' registered on endpoint '%s'\n",
-		 iface->name, ep_string));
+	if (use_single_process) {
+		ep_process_string = "single process required";
+	} else {
+		ep_process_string = "multi process compatible";
+	}
+	
+	DEBUG(4,("dcesrv_interface_register: interface '%s' registered on endpoint '%s' (%s)\n",
+		 iface->name, ep_string, ep_process_string));
 	TALLOC_FREE(ep_string);
 
 	return NT_STATUS_OK;
diff --git a/source4/rpc_server/service_rpc.c b/source4/rpc_server/service_rpc.c
index 44c0d53aee6..a1f5534815c 100644
--- a/source4/rpc_server/service_rpc.c
+++ b/source4/rpc_server/service_rpc.c
@@ -81,6 +81,10 @@ static void dcesrv_task_init(struct task_server *task)
 
 		enum dcerpc_transport_t transport =
 			dcerpc_binding_get_transport(e->ep_description);
+		const char *transport_str
+			= derpc_transport_string_by_transport(transport);
+
+		struct dcesrv_if_list *iface_list;
 
 		/*
 		 * Ensure that -Msingle sets e->use_single_process for
@@ -116,6 +120,16 @@ static void dcesrv_task_init(struct task_server *task)
 		if (!NT_STATUS_IS_OK(status)) {
 			goto failed;
 		}
+
+		for (iface_list = e->interface_list;
+		     iface_list != NULL;
+		     iface_list = iface_list->next) {
+			DBG_INFO("Added endpoint for %s on %s "
+				 "using process model %s\n",
+				 iface_list->iface.name,
+				 transport_str,
+				 this_model_ops->name);
+		}
 	}
 
 	irpc_add_name(task->msg_ctx, "rpc_server");
-- 
2.11.0


From 9d9badbba36dbbf7f3bd0a04dc556eee1a08b9ef Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet at samba.org>
Date: Thu, 27 Jul 2017 11:44:12 +1200
Subject: [PATCH 2/2] s4-rpc_server: ensure we get a new endpoint for netlogon

If we share the single process RPC servers with the multi-process RPC servers
on the same endpoint, they will default to running in an single process

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12939

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
---
 source4/rpc_server/dcerpc_server.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/source4/rpc_server/dcerpc_server.c b/source4/rpc_server/dcerpc_server.c
index 332de55f32c..7a35ebc5d90 100644
--- a/source4/rpc_server/dcerpc_server.c
+++ b/source4/rpc_server/dcerpc_server.c
@@ -355,8 +355,15 @@ _PUBLIC_ NTSTATUS dcesrv_interface_register(struct dcesrv_context *dce_ctx,
 		 * If we have mulitiple endpoints on port 0, they each
 		 * get an epemeral port (currently by walking up from
 		 * 1024).
+		 *
+		 * Because one endpoint can only have one process
+		 * model, we add a new IP_TCP endpoint for each model.
+		 *
+		 * This woks in conjunction with the forced overwrite
+		 * of ep->use_single_process below.
 		 */
-		if (!use_single_process && transport == NCACN_IP_TCP) {
+		if (ep->use_single_process != use_single_process
+		    && transport == NCACN_IP_TCP) {
 			add_ep = true;
 		}
 	}
-- 
2.11.0

More information about the samba-technical mailing list