[PATCHES] Retry ping-dc when session expires
Christof Schmitt
cs at samba.org
Mon Jan 5 16:05:30 MST 2015
On Mon, Jan 05, 2015 at 12:42:15PM -0800, Jeremy Allison wrote:
> On Mon, Dec 22, 2014 at 03:10:06PM -0800, Jeremy Allison wrote:
> > On Fri, Dec 19, 2014 at 03:16:32PM -0700, Christof Schmitt wrote:
> > > The call to wbinfo --ping-dc can return an error when the underlying SMB
> > > connection expires. Since the goal of --ping-dc is to test whether the
> > > DC is available, temporary session status changes should not be returned
> > > to the caller.
> >
> > > From c2d1e53f0f14f7c738d765d1add8ec3418f024f9 Mon Sep 17 00:00:00 2001
> > > From: Christof Schmitt <cs at samba.org>
> > > Date: Fri, 19 Dec 2014 12:24:53 -0700
> > > Subject: [PATCH 1/2] winbind: Retry after SESSION_EXPIRED error in ping-dc
> > >
> > > Trying to establish a netlogon connection when the service ticket
> > > expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
> > > underlying client code already marks the session as invalid, so retry
> > > the netlogon connect in this case.
> > >
> > > Signed-off-by: Christof Schmit <cs at samba.org>
> > > ---
> > > source3/winbindd/winbindd_dual_srv.c | 8 ++++++++
> > > 1 files changed, 8 insertions(+), 0 deletions(-)
> > >
> > > diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
> > > index 108b201..769d8d5 100644
> > > --- a/source3/winbindd/winbindd_dual_srv.c
> > > +++ b/source3/winbindd/winbindd_dual_srv.c
> > > @@ -675,6 +675,14 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
> > > }
> > >
> > > status = cm_connect_netlogon(domain, &netlogon_pipe);
> > > +
> > > + if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
> > > + /*
> > > + * Retry to open new connection with new kerberos ticket.
> > > + */
> >
> > invalidate_cm_connection(domain)
> >
> > is an idempotent call here. For safety's sake I'd prefer
> > this patch to call invalidate_cm_connection(domain) before
> > re-calling cm_connect_netlogon(). There are code paths out
> > of cm_connect_netlogon() that don't shut down the connection.
> >
> > Especially as you're calling invalidate_cm_connection(domain)
> > below in the same situation.
>
> Ping ! Christof, can you add the invalidate_cm_connection()
> call and re-submit this one ? I pushed the second patch
> already.
Yes, here is the updated patch, sorry for the delay. This would also be
an important fix for the currently active 4.x branches; i will open a
bug for the backport of the patches.
Christof
-------------- next part --------------
From 8fe2c392a0faeb35c0e9026999ff3f299920de36 Mon Sep 17 00:00:00 2001
From: Christof Schmitt <cs at samba.org>
Date: Fri, 19 Dec 2014 12:24:53 -0700
Subject: [PATCH] winbind: Retry after SESSION_EXPIRED error in ping-dc
Trying to establish a netlogon connection when the service ticket
expires might fail with NT_STATUS_NETWORK_SESSION_EXPIRED. The
underlying client code already marks the session as invalid, so retry
the netlogon connect in this case.
Signed-off-by: Christof Schmit <cs at samba.org>
---
source3/winbindd/winbindd_dual_srv.c | 8 ++++++++
1 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index 22e709f..061de72 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -677,6 +677,14 @@ NTSTATUS _wbint_PingDc(struct pipes_struct *p, struct wbint_PingDc *r)
reconnect:
status = cm_connect_netlogon(domain, &netlogon_pipe);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_NETWORK_SESSION_EXPIRED)) {
+ /*
+ * Retry to open new connection with new kerberos ticket.
+ */
+ invalidate_cm_connection(domain);
+ status = cm_connect_netlogon(domain, &netlogon_pipe);
+ }
+
reset_cm_connection_on_error(domain, status);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("could not open handle to NETLOGON pipe: %s\n",
--
1.7.1
More information about the samba-technical
mailing list