[SCM] Samba Shared Repository - branch v3-6-test updated

Karolin Seeger Tue, 28 Feb 2012 11:00:48 -0800

The branch, v3-6-test has been updated
       via  9902744 s3-winbindd: Close netlogon connection if the status 
returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
      from  4d60392 Honor SeTakeOwnershiPrivilege when client asks for 
SEC_STD_WRITE_OWNER but has no permission for that, but token has 
SeTakeOwnershipPrivilege


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 990274481795a47376cdbc95d5f80d830079d702
Author: Matthieu Patou <m...@matws.net>
Date:   Fri Feb 24 16:13:10 2012 -0800

    s3-winbindd: Close netlogon connection if the status returned by the 
NetrSamLogonEx call is timeout in the pam_auth_crap path
    
    If not the child process would hang for quite a long time up to the
    moment when the connection is cleaned by the kernel (took ~ 20 minutes)
    in my tests.
    
    Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 
and
    keeps in the meantime to respond NT_STATUS_IO_TIMEOUT).

-----------------------------------------------------------------------

Summary of changes:
 source3/winbindd/winbindd_pam.c |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 79189ba..9801f53 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1166,6 +1166,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct 
winbindd_domain *domain,
                if (!NT_STATUS_IS_OK(result)) {
                        DEBUG(3,("could not open handle to NETLOGON pipe 
(error: %s)\n",
                                  nt_errstr(result)));
+                       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+                               if (attempts > 0) {
+                                       DEBUG(3, ("This is the second problem 
for this "
+                                               "particular call, forcing the 
close of "
+                                               "this connection\n"));
+                                       invalidate_cm_connection(&domain->conn);
+                               } else {
+                                       DEBUG(3, ("First call to 
cm_connect_netlogon "
+                                               "has timed out, retrying\n"));
+                                       continue;
+                               }
+                       }
                        return result;
                }
                auth = netlogon_pipe->auth;
@@ -1309,7 +1321,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct 
winbindd_domain *domain,
                   rpc changetrustpw' */
 
                if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
-                       DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+                       DEBUG(3,("winbind_samlogon_retry_loop: sam_logon 
returned "
                                 "ACCESS_DENIED.  Maybe the trust account "
                                "password was changed and we didn't know it. "
                                 "Killing connections to domain %s\n",
@@ -1320,6 +1332,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct 
winbindd_domain *domain,
 
        } while ( (attempts < 2) && retry );
 
+       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+               DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+                               "returned NT_STATUS_IO_TIMEOUT after the retry."
+                               "Killing connections to domain %s\n",
+                       domainname));
+               invalidate_cm_connection(&domain->conn);
+       }
        return result;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-6-test updated

Reply via email to