The branch, master has been updated
via b2866ad8816 s3:libsmb: Rework check_negative_conn_cache()
from a3684a2284c s3:winbindd fix race condition in terminate_child
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b2866ad88163ca1dd25a4d54c64f8d98dfa3a4ba
Author: Andreas Schneider <[email protected]>
Date: Mon Jan 12 17:03:35 2026 +0100
s3:libsmb: Rework check_negative_conn_cache()
The name and results are confusing. Rename the function and use a bool that
it
is easier to understand.
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Pavel Filipenský <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Tue Jan 13 17:00:06 UTC 2026 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
source3/include/proto.h | 2 +-
source3/libads/kerberos.c | 4 ++--
source3/libads/ldap.c | 16 ++++++++++------
source3/libsmb/conncache.c | 36 ++++++++++++++++++++++++++----------
source3/libsmb/namequery.c | 24 ++++++++++++++++--------
source3/libsmb/namequery_dc.c | 5 +++--
source3/winbindd/winbindd_cm.c | 15 +++++++++------
7 files changed, 67 insertions(+), 35 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 854945e8db7..8847c3f4617 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -576,7 +576,7 @@ unsigned wins_srv_count_tag(const char *tag);
/* The following definitions come from libsmb/conncache.c */
-NTSTATUS check_negative_conn_cache( const char *domain, const char *server);
+bool has_negative_conn_cache_entry( const char *domain, const char *server);
void add_failed_connection_entry(const char *domain, const char *server,
NTSTATUS result) ;
void flush_negative_conn_cache_for_domain(const char *domain);
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index 5593364c397..ed8d52f7866 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -1259,10 +1259,10 @@ static char *get_kdc_ip_string(char *mem_ctx,
cldap_reply = &responses[i]->data.nt5_ex;
if (cldap_reply->pdc_dns_name != NULL) {
- status = check_negative_conn_cache(
+ bool has_entry = has_negative_conn_cache_entry(
realm,
cldap_reply->pdc_dns_name);
- if (!NT_STATUS_IS_OK(status)) {
+ if (has_entry) {
/* propagate blacklisting from name to ip */
add_failed_connection_entry(realm, addr,
status);
continue;
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index c0974af5976..e3e4ff2b240 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -448,6 +448,7 @@ again:
for (i = 0; i < count; i++) {
char server[INET6_ADDRSTRLEN];
+ bool has_entry = false;
int ret;
if (is_zero_addr(&sa_list[i].u.ss)) {
@@ -456,8 +457,8 @@ again:
print_sockaddr(server, sizeof(server), &sa_list[i].u.ss);
- status = check_negative_conn_cache(domain, server);
- if (!NT_STATUS_IS_OK(status)) {
+ has_entry = has_negative_conn_cache_entry(domain, server);
+ if (has_entry) {
continue;
}
@@ -542,10 +543,10 @@ again:
cldap_reply = &responses[i]->data.nt5_ex;
if (cldap_reply->pdc_dns_name != NULL) {
- status = check_negative_conn_cache(
+ bool has_entry = has_negative_conn_cache_entry(
domain,
cldap_reply->pdc_dns_name);
- if (!NT_STATUS_IS_OK(status)) {
+ if (has_entry) {
/*
* only use the server if it's not black listed
* by name
@@ -642,11 +643,14 @@ static NTSTATUS resolve_and_ping_netbios(ADS_STRUCT *ads,
if (*realm) {
for (i = 0; i < count; ++i) {
char server[INET6_ADDRSTRLEN];
+ bool has_entry;
print_sockaddr(server, sizeof(server),
&sa_list[i].u.ss);
- if(!NT_STATUS_IS_OK(
- check_negative_conn_cache(realm, server))) {
+ has_entry = has_negative_conn_cache_entry(
+ realm,
+ server);
+ if (has_entry) {
/* Ensure we add the workgroup name for this
IP address as negative too. */
add_failed_connection_entry(
diff --git a/source3/libsmb/conncache.c b/source3/libsmb/conncache.c
index 353c1e8f930..278c15a0c9d 100644
--- a/source3/libsmb/conncache.c
+++ b/source3/libsmb/conncache.c
@@ -26,6 +26,7 @@
#include "includes.h"
#include "lib/gencache.h"
+#include "ntstatus.h"
/**
* @file
@@ -131,12 +132,13 @@ static void delete_matches(const char *key, const char
*value,
*
* @param[in] domain
* @param[in] server may be either a FQDN or an IP address
- * @return The cached failure status
- * @retval NT_STATUS_OK returned if no record is found or an error occurs
+ *
+ * @retval true if there is an entry, false otherwise
*/
-NTSTATUS check_negative_conn_cache( const char *domain, const char *server)
+bool has_negative_conn_cache_entry(const char *domain, const char *server)
{
- NTSTATUS result = NT_STATUS_OK;
+ NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
+ bool has_entry = false;
char *key = NULL;
char *value = NULL;
@@ -144,15 +146,29 @@ NTSTATUS check_negative_conn_cache( const char *domain,
const char *server)
if (key == NULL)
goto done;
- if (gencache_get(key, talloc_tos(), &value, NULL))
+ if (gencache_get(key, talloc_tos(), &value, NULL)) {
+ /* result is the NTSTATUS value from the failed connection */
result = negative_conn_cache_valuedecode(value);
- done:
- DBG_PREFIX(NT_STATUS_IS_OK(result) ? DBGLVL_DEBUG : DBGLVL_INFO,
- ("returning result %s for domain %s "
- "server %s\n", nt_errstr(result), domain, server));
+ has_entry = !NT_STATUS_IS_OK(result);
+ }
+
+done:
+ if (has_entry) {
+ DBG_INFO("Found negative entry for domain %s and server %s - "
+ "reason: %s",
+ domain,
+ server,
+ nt_errstr(result));
+ } else {
+ DBG_DEBUG("No negative entry for domain %s and server %s\n",
+ domain,
+ server);
+ }
+
TALLOC_FREE(key);
TALLOC_FREE(value);
- return result;
+
+ return has_entry;
}
/**
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index dabb0e4b42b..3d222f32e5c 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -2617,9 +2617,11 @@ static NTSTATUS resolve_ads(TALLOC_CTX *ctx,
for(i = 0; i < numdcs; i++) {
/* Copy all the IP addresses from the SRV response */
size_t j;
+ bool has_entry = false;
- status = check_negative_conn_cache(name, dcs[i].hostname);
- if (!NT_STATUS_IS_OK(status)) {
+ has_entry = has_negative_conn_cache_entry(name,
+ dcs[i].hostname);
+ if (has_entry) {
DBG_DEBUG("Skipping blacklisted server [%s] "
"for domain [%s]", dcs[i].hostname, name);
continue;
@@ -2640,8 +2642,8 @@ static NTSTATUS resolve_ads(TALLOC_CTX *ctx,
DBG_DEBUG("SRV lookup %s got IP[%zu] %s\n",
name, j, addr);
- status = check_negative_conn_cache(name, addr);
- if (!NT_STATUS_IS_OK(status)) {
+ has_entry = has_negative_conn_cache_entry(name, addr);
+ if (has_entry) {
DBG_DEBUG("Skipping blacklisted server [%s] "
"for domain [%s]", addr, name);
continue;
@@ -3404,14 +3406,17 @@ static NTSTATUS get_dc_list(TALLOC_CTX *ctx,
size_t j;
for (j=0; j<auto_count; j++) {
char addr[INET6_ADDRSTRLEN];
+ bool has_entry;
+
print_sockaddr(addr,
sizeof(addr),
&auto_sa_list[j].u.ss);
/* Check for and don't copy any
* known bad DC IP's. */
- if(!NT_STATUS_IS_OK(check_negative_conn_cache(
+ has_entry = has_negative_conn_cache_entry(
domain,
- addr))) {
+ addr);
+ if (has_entry) {
DEBUG(5,("get_dc_list: "
"negative entry %s removed "
"from DC list\n",
@@ -3428,6 +3433,7 @@ static NTSTATUS get_dc_list(TALLOC_CTX *ctx,
* handle names & IP addresses */
if (resolve_name(name, &name_sa.u.ss, 0x20, true)) {
char addr[INET6_ADDRSTRLEN];
+ bool has_entry;
bool ok;
/*
@@ -3449,8 +3455,10 @@ static NTSTATUS get_dc_list(TALLOC_CTX *ctx,
&name_sa.u.ss);
/* Check for and don't copy any known bad DC IP's. */
- if( !NT_STATUS_IS_OK(check_negative_conn_cache(domain,
- addr)) ) {
+ has_entry = has_negative_conn_cache_entry(
+ domain,
+ addr);
+ if (has_entry) {
DEBUG(5,("get_dc_list: negative entry %s "
"removed from DC list\n",
name ));
diff --git a/source3/libsmb/namequery_dc.c b/source3/libsmb/namequery_dc.c
index 3a2f22129b8..83236e3474c 100644
--- a/source3/libsmb/namequery_dc.c
+++ b/source3/libsmb/namequery_dc.c
@@ -194,8 +194,9 @@ static bool rpc_dc_name(const char *domain,
continue;
if (name_status_find(domain, 0x1c, 0x20, &sa_list[i].u.ss,
srv_name)) {
- result = check_negative_conn_cache( domain, srv_name );
- if ( NT_STATUS_IS_OK(result) ) {
+ bool has_entry = has_negative_conn_cache_entry(domain,
+ srv_name);
+ if (!has_entry) {
dc_ss = sa_list[i].u.ss;
goto done;
}
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 67003bb00fb..d3b48a74131 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -979,8 +979,10 @@ static bool add_one_dc_unique(TALLOC_CTX *mem_ctx, const
char *domain_name,
struct dc_name_ip **dcs, int *num)
{
int i = 0;
+ bool has_entry;
- if (!NT_STATUS_IS_OK(check_negative_conn_cache(domain_name, dcname))) {
+ has_entry = has_negative_conn_cache_entry(domain_name, dcname);
+ if (has_entry) {
DEBUG(10, ("DC %s was in the negative conn cache\n", dcname));
return False;
}
@@ -1339,6 +1341,7 @@ static bool connect_preferred_dc(TALLOC_CTX *mem_ctx,
lp_client_smb_transports());
struct loadparm_context *lp_ctx = NULL;
NTSTATUS status;
+ bool has_entry;
bool ok;
/*
@@ -1356,9 +1359,9 @@ static bool connect_preferred_dc(TALLOC_CTX *mem_ctx,
* down may have triggered the reconnection.
*/
if (saf_servername != NULL) {
- status = check_negative_conn_cache(domain->name,
- saf_servername);
- if (!NT_STATUS_IS_OK(status)) {
+ has_entry = has_negative_conn_cache_entry(domain->name,
+ saf_servername);
+ if (has_entry) {
saf_servername = NULL;
}
}
@@ -1400,8 +1403,8 @@ static bool connect_preferred_dc(TALLOC_CTX *mem_ctx,
return false;
}
- status = check_negative_conn_cache(domain->name, domain->dcname);
- if (!NT_STATUS_IS_OK(status)) {
+ has_entry = has_negative_conn_cache_entry(domain->name, domain->dcname);
+ if (has_entry) {
return false;
}
--
Samba Shared Repository
