From 00d85c2cf5f482218f3cb1360ae78763c498eee9 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 Jul 2014 14:53:11 -0700 Subject: [PATCH 1/2] s3: winbindd: Add new parameter "winbind request timeout" set to 60 seconds with man page. "This parameter specifies the number of seconds the winbindd daemon will wait before disconnecting either a client connection with no outstanding requests (idle) or a client connection with a request that has remained outstanding (hung) for longer than this number of seconds." Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper --- docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml | 16 ++++++++++++++++ lib/param/param_functions.c | 1 + lib/param/param_table.c | 9 +++++++++ source3/include/proto.h | 1 + source3/param/loadparm.c | 1 + 5 files changed, 28 insertions(+) create mode 100644 docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml diff --git a/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml new file mode 100644 index 0000000..3220871 --- /dev/null +++ b/docs-xml/smbdotconf/winbind/winbindrequesttimeout.xml @@ -0,0 +1,16 @@ + + + This parameter specifies the number of + seconds the winbindd + 8 daemon will wait before + disconnecting either a client connection with no outstanding + requests (idle) or a client connection with a request that has + remained outstanding (hung) for longer than this number of seconds. + + +60 + diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c index 61f0044..d9d5df6 100644 --- a/lib/param/param_functions.c +++ b/lib/param/param_functions.c @@ -341,6 +341,7 @@ FN_GLOBAL_INTEGER(winbind_cache_time, winbind_cache_time) FN_GLOBAL_INTEGER(winbind_expand_groups, winbind_expand_groups) FN_GLOBAL_INTEGER(winbind_max_clients, winbind_max_clients) FN_GLOBAL_INTEGER(winbind_reconnect_delay, winbind_reconnect_delay) +FN_GLOBAL_INTEGER(winbind_request_timeout, winbind_request_timeout) FN_GLOBAL_LIST(auth_methods, AuthMethods) FN_GLOBAL_LIST(cluster_addresses, szClusterAddresses) FN_GLOBAL_LIST(dcerpc_endpoint_servers, dcerpc_ep_servers) diff --git a/lib/param/param_table.c b/lib/param/param_table.c index 7b32998..8e3f952 100644 --- a/lib/param/param_table.c +++ b/lib/param/param_table.c @@ -4018,6 +4018,15 @@ static struct parm_struct parm_table[] = { .flags = FLAG_ADVANCED, }, { + .label = "winbind request timeout", + .type = P_INTEGER, + .p_class = P_GLOBAL, + .offset = GLOBAL_VAR(winbind_request_timeout), + .special = NULL, + .enum_list = NULL, + .flags = FLAG_ADVANCED, + }, + { .label = "winbind max clients", .type = P_INTEGER, .p_class = P_GLOBAL, diff --git a/source3/include/proto.h b/source3/include/proto.h index a42faf8..cbad7ac 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1357,6 +1357,7 @@ int lp_smb_encrypt(int ); char lp_magicchar(const struct share_params *p ); int lp_winbind_cache_time(void); int lp_winbind_reconnect_delay(void); +int lp_winbind_request_timeout(void); int lp_winbind_max_clients(void); const char **lp_winbind_nss_info(void); int lp_algorithmic_rid_base(void); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index a339a1d..4b31023 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -978,6 +978,7 @@ static void init_globals(bool reinit_globals) Globals.winbind_cache_time = 300; /* 5 minutes */ Globals.winbind_reconnect_delay = 30; /* 30 seconds */ + Globals.winbind_request_timeout = 60; /* 60 seconds */ Globals.winbind_max_clients = 200; Globals.bWinbindEnumUsers = false; Globals.bWinbindEnumGroups = false; -- 2.0.0.526.g5318336 From 47cd239b6d9e79185e35990176f64c7e31f177ee Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 25 Jul 2014 12:46:46 -0700 Subject: [PATCH 2/2] s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout" Bug 3204 winbindd: Exceeding 200 client connections, no idle connection found https://bugzilla.samba.org/show_bug.cgi?id=3204 Signed-off-by: Jeremy Allison Reviewed-by: Ira Cooper Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jul 29 23:31:14 CEST 2014 on sn-devel-104 (cherry picked from commit f9588675ea3cb2f1fabd07a4ea8b2138d65aee83) --- source3/winbindd/winbindd.c | 36 ++++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 1e85411..27c43dc 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -999,6 +999,41 @@ static bool remove_idle_client(void) return False; } +/* + * Terminate all clients whose requests have taken longer than + * "winbind request timeout" seconds to process, or have been + * idle for more than "winbind request timeout" seconds. + */ + +static void remove_timed_out_clients(void) +{ + struct winbindd_cli_state *state, *next = NULL; + time_t curr_time = time(NULL); + int timeout_val = lp_winbind_request_timeout(); + + for (state = winbindd_client_list(); state; state = next) { + time_t expiry_time; + + next = state->next; + expiry_time = state->last_access + timeout_val; + + if (curr_time > expiry_time) { + if (client_is_idle(state)) { + DEBUG(5,("Idle client timed out, " + "shutting down sock %d, pid %u\n", + state->sock, + (unsigned int)state->pid)); + } else { + DEBUG(5,("Client request timed out, " + "shutting down sock %d, pid %u\n", + state->sock, + (unsigned int)state->pid)); + } + remove_client(state); + } + } +} + struct winbindd_listen_state { bool privileged; int fd; @@ -1024,6 +1059,7 @@ static void winbindd_listen_fde_handler(struct tevent_context *ev, break; } } + remove_timed_out_clients(); new_connection(s->fd, s->privileged); } -- 2.0.0.526.g5318336