The branch, master has been updated
via a2411c5... s3:winbindd: correctly invalidate the cached connection
via 0f95d00... s3:winbindd: only set child_domain in the child
via d930904... s3:winbindd: make sure we don't try rpc requests against
unaccessable domains
from 658dc77... s3: fix a typo in winbind_client_response_written
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a2411c5708b47c3c2d53c34c6dbed7e1c2eab717
Author: Stefan Metzmacher <[email protected]>
Date: Wed Mar 31 20:54:18 2010 +0200
s3:winbindd: correctly invalidate the cached connection
There're maybe additional TCP connection for ncacn_ip_tcp.
metze
commit 0f95d00f49ce58a09c95b60777f8d1a65626ec37
Author: Stefan Metzmacher <[email protected]>
Date: Wed Mar 31 20:20:26 2010 +0200
s3:winbindd: only set child_domain in the child
metze
commit d930904b997d310aeff781bde1e7e3ce47dde8a1
Author: Stefan Metzmacher <[email protected]>
Date: Thu Apr 1 09:29:38 2010 +0200
s3:winbindd: make sure we don't try rpc requests against unaccessable
domains
This makes sure we don't crash while trying to dereference
domain->conn.cli->foo
while trying to establish a rpc connection to the server.
metze
-----------------------------------------------------------------------
Summary of changes:
source3/winbindd/winbindd_cm.c | 50 +++++++++++++++++++++++++++++--------
source3/winbindd/winbindd_dual.c | 2 +-
2 files changed, 40 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 0f0d5f8..c2df244 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -1594,14 +1594,19 @@ void close_conns_after_fork(void)
struct winbindd_domain *domain;
for (domain = domain_list(); domain; domain = domain->next) {
- if (domain->conn.cli == NULL)
- continue;
+ struct cli_state *cli = domain->conn.cli;
- if (domain->conn.cli->fd == -1)
- continue;
+ /*
+ * first close the low level SMB TCP connection
+ * so that we don't generate any SMBclose
+ * requests in invalidate_cm_connection()
+ */
+ if (cli && cli->fd != -1) {
+ close(domain->conn.cli->fd);
+ domain->conn.cli->fd = -1;
+ }
- close(domain->conn.cli->fd);
- domain->conn.cli->fd = -1;
+ invalidate_cm_connection(&domain->conn);
}
}
@@ -1632,7 +1637,13 @@ static NTSTATUS init_dc_connection_network(struct
winbindd_domain *domain)
NTSTATUS result;
/* Internal connections never use the network. */
- if (domain->internal || !winbindd_can_contact_domain(domain)) {
+ if (domain->internal) {
+ domain->initialized = True;
+ return NT_STATUS_OK;
+ }
+
+ if (!winbindd_can_contact_domain(domain)) {
+ invalidate_cm_connection(&domain->conn);
domain->initialized = True;
return NT_STATUS_OK;
}
@@ -1665,6 +1676,23 @@ NTSTATUS init_dc_connection(struct winbindd_domain
*domain)
return init_dc_connection_network(domain);
}
+static NTSTATUS init_dc_connection_rpc(struct winbindd_domain *domain)
+{
+ NTSTATUS status;
+
+ status = init_dc_connection(domain);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (!domain->internal && domain->conn.cli == NULL) {
+ /* happens for trusted domains without inbound trust */
+ return NT_STATUS_TRUSTED_DOMAIN_FAILURE;
+ }
+
+ return NT_STATUS_OK;
+}
+
/******************************************************************************
Set the trust flags (direction and forest location) for a domain
******************************************************************************/
@@ -2011,7 +2039,7 @@ NTSTATUS cm_connect_sam(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
char *machine_account = NULL;
char *domain_name = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
@@ -2194,7 +2222,7 @@ NTSTATUS cm_connect_lsa_tcp(struct winbindd_domain
*domain,
DEBUG(10,("cm_connect_lsa_tcp\n"));
- status = init_dc_connection(domain);
+ status = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -2240,7 +2268,7 @@ NTSTATUS cm_connect_lsa(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
struct netlogon_creds_CredentialState *p_creds;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result))
return result;
@@ -2372,7 +2400,7 @@ NTSTATUS cm_connect_netlogon(struct winbindd_domain
*domain,
*cli = NULL;
- result = init_dc_connection(domain);
+ result = init_dc_connection_rpc(domain);
if (!NT_STATUS_IS_OK(result)) {
return result;
}
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 26f9232..ca6af1f 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1305,7 +1305,6 @@ static bool fork_domain_child(struct winbindd_child
*child)
} else {
DEBUG(10, ("fork_domain_child called without domain.\n"));
}
- child_domain = child->domain;
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fdpair) != 0) {
DEBUG(0, ("Could not open child pipe: %s\n",
@@ -1335,6 +1334,7 @@ static bool fork_domain_child(struct winbindd_child
*child)
}
/* Child */
+ child_domain = child->domain;
DEBUG(10, ("Child process %d\n", (int)sys_getpid()));
--
Samba Shared Repository
