Attachment 8183 Details for Bug 9386 – master patch

[patch] master patch

0001-BUG-9386-Failover-if-netlogon-pipe-is-not-available.patch (text/plain), 3.02 KB, created by Andreas Schneider on 2012-11-12 11:32:33 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Andreas Schneider

Created: 2012-11-12 11:32:33 UTC

Size: 3.02 KB

patch

obsolete

>From 3f89ad1c11902cc947080a56ebf48430f8f69290 Mon Sep 17 00:00:00 2001
>From: Andreas Schneider <asn@samba.org>
>Date: Fri, 9 Nov 2012 15:33:09 +0100
>Subject: [PATCH] BUG 9386: Failover if netlogon pipe is not available.
>
>Samba continues to query a broken DC while the DC did not finish to
>rebuild Sysvol (after a Windows crash, for example). It causes end users
>to received strange codes while trying to authenticate, even if there is
>a secondary DC available.
>
>Signed-off-by: Andreas Schneider <asn@samba.org>
>---
> source3/winbindd/winbindd_pam.c | 52 ++++++++++++++++++++++++++++++-----------
> 1 file changed, 39 insertions(+), 13 deletions(-)
>
>diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
>index 5b6b77b..b23d421 100644
>--- a/source3/winbindd/winbindd_pam.c
>+++ b/source3/winbindd/winbindd_pam.c
>@@ -1175,6 +1175,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
> 					    struct netr_SamInfo3 **info3)
> {
> 	int attempts = 0;
>+	int netr_attempts = 0;
> 	bool retry = false;
> 	NTSTATUS result;
> 
>@@ -1189,22 +1190,47 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
> 		result = cm_connect_netlogon(domain, &netlogon_pipe);
> 
> 		if (!NT_STATUS_IS_OK(result)) {
>-			DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
>-				  nt_errstr(result)));
>-			if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
>-				if (attempts > 0) {
>-					DEBUG(3, ("This is the second problem for this "
>-						"particular call, forcing the close of "
>-						"this connection\n"));
>-					invalidate_cm_connection(&domain->conn);
>-				} else {
>-					DEBUG(3, ("First call to cm_connect_netlogon "
>-						"has timed out, retrying\n"));
>-					continue;
>-				}
>+			DEBUG(3,("Could not open handle to NETLOGON pipe "
>+				 "(error: %s, attempts: %d)\n",
>+				  nt_errstr(result), netr_attempts));
>+
>+			/* After the first retry always close the connection */
>+			if (netr_attempts > 0) {
>+				DEBUG(3, ("This is again a problem for this "
>+					  "particular call, forcing the close "
>+					  "of this connection\n"));
>+				invalidate_cm_connection(&domain->conn);
>+			}
>+
>+			/* After the second retry failover to the next DC */
>+			if (netr_attempts > 1) {
>+				/*
>+				 * If the netlogon server is not reachable then
>+				 * it is possible that the DC is rebuilding
>+				 * sysvol and shutdown netlogon for that time.
>+				 * We should failover to the next dc.
>+				 */
>+				DEBUG(3, ("This is the third problem for this "
>+					  "particular call, adding DC to the "
>+					  "negative cache list\n"));
>+				add_failed_connection_entry(domain->name,
>+							    domain->dcname,
>+							    result);
>+				saf_delete(domain->name);
>+			}
>+
>+			/* Only allow 3 retries */
>+			if (netr_attempts < 3) {
>+				DEBUG(3, ("The connection to netlogon "
>+					  "failed, retrying\n"));
>+				netr_attempts++;
>+				retry = true;
>+				continue;
> 			}
> 			return result;
> 		}
>+		netr_attempts = 0;
>+
> 		auth = netlogon_pipe->auth;
> 		if (netlogon_pipe->dc) {
> 			neg_flags = netlogon_pipe->dc->negotiate_flags;
>-- 
>1.8.0
>

Flags:

metze: review+

Actions: View

Attachments on bug 9386: 8183 | 8187