summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
authorMatthieu Patou <mat@matws.net>2012-02-24 16:13:10 -0800
committerJeremy Allison <jra@samba.org>2012-02-27 23:10:03 +0100
commit5ebbd46b4a8714e98bb14862f9c3dc31301d8404 (patch)
tree0e23ef67f1b3cb116e53d3516cd9bab4330638cd /source3/winbindd
parentb8407c22d920df726c2e7dd0d92756ca8eb28dc9 (diff)
downloadsamba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.tar.gz
samba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.tar.bz2
samba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.zip
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_pam.c21
1 files changed, 20 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 7163af2596..b7aec20534 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1179,6 +1179,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
if (!NT_STATUS_IS_OK(result)) {
DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
nt_errstr(result)));
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ if (attempts > 0) {
+ DEBUG(3, ("This is the second problem for this "
+ "particular call, forcing the close of "
+ "this connection\n"));
+ invalidate_cm_connection(&domain->conn);
+ } else {
+ DEBUG(3, ("First call to cm_connect_netlogon "
+ "has timed out, retrying\n"));
+ continue;
+ }
+ }
return result;
}
auth = netlogon_pipe->auth;
@@ -1322,7 +1334,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
rpc changetrustpw' */
if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
- DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned "
"ACCESS_DENIED. Maybe the trust account "
"password was changed and we didn't know it. "
"Killing connections to domain %s\n",
@@ -1333,6 +1345,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
} while ( (attempts < 2) && retry );
+ if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+ DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+ "returned NT_STATUS_IO_TIMEOUT after the retry."
+ "Killing connections to domain %s\n",
+ domainname));
+ invalidate_cm_connection(&domain->conn);
+ }
return result;
}