From 9b78af1f64015ae63948de565754ad8f6af66cbe Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 30 May 2007 19:47:35 +0000 Subject: r23244: Fix loop with nscd and NSS recusive calls. > Here's the problem I hit: > > getgrnam("foo") -> nscd -> NSS -> winbindd -> > winbindd_passdb.c:nam_to_sid() -> lookup_global_sam_name() -> > getgrnam("foo") -> nscd -> .... > > This is in the SAMBA_3_0 specifically but in theory could happen > SAMBA_3_0_25 (or 26) for an unknown group. > > The attached patch passes down enough state for the > name_to_sid() call to be able to determine the originating > winbindd cmd that came into the parent. So we can avoid > making more NSS calls if the original call came in trough NSS > so we don't deadlock ? But you should still service > lookupname() calls which are needed for example when > doing the token access checks for a "valid groups" from > smb.conf. > > I've got this in testing now. The problem has shown up with the > DsProvider on OS X and with nscd on SOlaris and Linux. (This used to be commit bcc8a3290aaa0d2620e9d391ffbbf65541f6d742) --- source3/nsswitch/winbindd_reconnect.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'source3/nsswitch/winbindd_reconnect.c') diff --git a/source3/nsswitch/winbindd_reconnect.c b/source3/nsswitch/winbindd_reconnect.c index 6b484bdd06..70e5579109 100644 --- a/source3/nsswitch/winbindd_reconnect.c +++ b/source3/nsswitch/winbindd_reconnect.c @@ -84,6 +84,7 @@ static NTSTATUS enum_local_groups(struct winbindd_domain *domain, /* convert a single name to a sid in a domain */ static NTSTATUS name_to_sid(struct winbindd_domain *domain, TALLOC_CTX *mem_ctx, + enum winbindd_cmd orig_cmd, const char *domain_name, const char *name, DOM_SID *sid, @@ -91,12 +92,12 @@ static NTSTATUS name_to_sid(struct winbindd_domain *domain, { NTSTATUS result; - result = msrpc_methods.name_to_sid(domain, mem_ctx, + result = msrpc_methods.name_to_sid(domain, mem_ctx, orig_cmd, domain_name, name, sid, type); if (NT_STATUS_EQUAL(result, NT_STATUS_UNSUCCESSFUL)) - result = msrpc_methods.name_to_sid(domain, mem_ctx, + result = msrpc_methods.name_to_sid(domain, mem_ctx, orig_cmd, domain_name, name, sid, type); -- cgit