diff options
author | Matthieu Patou <mat@matws.net> | 2012-02-24 16:13:10 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-02-27 23:10:03 +0100 |
commit | 5ebbd46b4a8714e98bb14862f9c3dc31301d8404 (patch) | |
tree | 0e23ef67f1b3cb116e53d3516cd9bab4330638cd /source3/winbindd | |
parent | b8407c22d920df726c2e7dd0d92756ca8eb28dc9 (diff) | |
download | samba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.tar.gz samba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.tar.bz2 samba-5ebbd46b4a8714e98bb14862f9c3dc31301d8404.zip |
s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path
If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104
Diffstat (limited to 'source3/winbindd')
-rw-r--r-- | source3/winbindd/winbindd_pam.c | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 7163af2596..b7aec20534 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1179,6 +1179,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, if (!NT_STATUS_IS_OK(result)) { DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n", nt_errstr(result))); + if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { + if (attempts > 0) { + DEBUG(3, ("This is the second problem for this " + "particular call, forcing the close of " + "this connection\n")); + invalidate_cm_connection(&domain->conn); + } else { + DEBUG(3, ("First call to cm_connect_netlogon " + "has timed out, retrying\n")); + continue; + } + } return result; } auth = netlogon_pipe->auth; @@ -1322,7 +1334,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, rpc changetrustpw' */ if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { - DEBUG(3,("winbindd_pam_auth: sam_logon returned " + DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned " "ACCESS_DENIED. Maybe the trust account " "password was changed and we didn't know it. " "Killing connections to domain %s\n", @@ -1333,6 +1345,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, } while ( (attempts < 2) && retry ); + if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { + DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) " + "returned NT_STATUS_IO_TIMEOUT after the retry." + "Killing connections to domain %s\n", + domainname)); + invalidate_cm_connection(&domain->conn); + } return result; } |