The branch, master has been updated
via 5ebbd46 s3-winbindd: Close netlogon connection if the status
returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
from b8407c2 s3:torture/test_smb2: show that a session is not valid for
path based calls during reauth
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5ebbd46b4a8714e98bb14862f9c3dc31301d8404
Author: Matthieu Patou <[email protected]>
Date: Fri Feb 24 16:13:10 2012 -0800
s3-winbindd: Close netlogon connection if the status returned by the
NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Signed-off-by: Jeremy Allison <[email protected]>
Autobuild-User: Jeremy Allison <[email protected]>
Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_pam.c | 21 ++++++++++++++++++++-
1 files changed, 20 insertions(+), 1 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 7163af2..b7aec20 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1179,6 +1179,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3,("could not open handle to NETLOGON pipe
(error: %s)\n",
nt_errstr(result)));
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ if (attempts > 0) {
+ DEBUG(3, ("This is the second problem
for this "
+ "particular call, forcing the
close of "
+ "this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ } else {
+ DEBUG(3, ("First call to
cm_connect_netlogon "
+ "has timed out, retrying\n"));
+ continue;
+ }
+ }
return result;
}
auth = netlogon_pipe->auth;
@@ -1322,7 +1334,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
rpc changetrustpw' */
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
- DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_logon
returned "
"ACCESS_DENIED. Maybe the trust account "
"password was changed and we didn't know it. "
"Killing connections to domain %s\n",
@@ -1333,6 +1345,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct
winbindd_domain *domain,
} while ( (attempts < 2) && retry );
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+ "returned NT_STATUS_IO_TIMEOUT after the retry."
+ "Killing connections to domain %s\n",
+ domainname));
+ invalidate_cm_connection(&domain->conn);
+ }
return result;
}
--
Samba Shared Repository
