diff options
| -rw-r--r-- | source3/libads/cldap.c | 4 | ||||
| -rw-r--r-- | source3/libads/kerberos.c | 3 | ||||
| -rw-r--r-- | source3/nsswitch/winbindd_cm.c | 19 |
3 files changed, 17 insertions, 9 deletions
diff --git a/source3/libads/cldap.c b/source3/libads/cldap.c index da1dec6b93..8e34e27353 100644 --- a/source3/libads/cldap.c +++ b/source3/libads/cldap.c @@ -188,6 +188,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) DATA_BLOB blob; DATA_BLOB os1, os2, os3; int i1; + /* half the time of a regular ldap timeout, not less than 3 seconds. */ + unsigned int al_secs = MAX(3,lp_ldap_timeout()/2); char *p; blob = data_blob(NULL, 8192); @@ -200,7 +202,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply) /* Setup timeout */ gotalarm = 0; CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig); - alarm(lp_ldap_timeout()); + alarm(al_secs); /* End setup timeout. */ ret = read(sock, blob.data, blob.length); diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index c872508fe8..57233f2182 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -494,10 +494,13 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, struct in_addr kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n", kdc_str, inet_ntoa(ip_srv[i].ip)); if (!kdc_str) { + SAFE_FREE(ip_srv); return NULL; } } + SAFE_FREE(ip_srv); + DEBUG(10,("get_kdc_ip_string: Returning %s\n", kdc_str )); diff --git a/source3/nsswitch/winbindd_cm.c b/source3/nsswitch/winbindd_cm.c index 6c35539e4d..b6a3b3ac05 100644 --- a/source3/nsswitch/winbindd_cm.c +++ b/source3/nsswitch/winbindd_cm.c @@ -791,17 +791,22 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, char *saf_servername = saf_fetch( domain->name ); int retries; - if ((mem_ctx = talloc_init("cm_open_connection")) == NULL) + if ((mem_ctx = talloc_init("cm_open_connection")) == NULL) { + SAFE_FREE(saf_servername); return NT_STATUS_NO_MEMORY; + } /* we have to check the server affinity cache here since later we selecte a DC based on response time and not preference */ - if ( saf_servername ) - { + /* Check the negative connection cache + before talking to it. It going down may have + triggered the reconnection. */ + + if ( saf_servername && NT_STATUS_IS_OK(check_negative_conn_cache( domain->name, saf_servername))) { + /* convert an ip address to a name */ - if ( is_ipaddress( saf_servername ) ) - { + if ( is_ipaddress( saf_servername ) ) { fstring saf_name; struct in_addr ip; @@ -814,9 +819,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain, domain->name, saf_servername, NT_STATUS_UNSUCCESSFUL); } - } - else - { + } else { fstrcpy( domain->dcname, saf_servername ); } |