[PATCH] Next round of netlogon_cli_creds refactoring

Volker Lendecke Volker.Lendecke at SerNet.DE
Sun Sep 17 02:23:47 UTC 2017

On Sun, Sep 17, 2017 at 02:17:36PM +1200, Andrew Bartlett wrote:
> These look good so far.  I'll review them in the next day or so. 
> I'm just curious what the end goal of this is, you seem to be on a
> particular path and it helps to know the destination for context.

There's at least two deficiencies in the netlogon_creds_cli code.
First, we do a G_LOCK_WRITE lock when doing an schannel bind. This
should be a G_LOCK_READ. The second one is more important: When
multiple winbinds simultaneously find the netlogon creds missing they
all enter a G_LOCK_WRITE, but once they got the lock they don't
re-check if someone else has properly established a serverauth. I've
seen literally 5000 (five thousand) winbinds in a cluster waiting for
the g_lock to do the serverauth. To get those two right we need to
make the locking more flexible.

To actually figure those two out and eventually fix them it took me a
while to understand the code. On my way I found some places to make
the code more understandable to me, and I could not keep my hands off.


SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de

More information about the samba-technical mailing list