From c94bceb0929734c23df2ee5b0feea37ccbf5572c Mon Sep 17 00:00:00 2001 From: Matthieu Patou Date: Fri, 24 Feb 2012 16:13:10 -0800 Subject: [PATCH] s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path If not the child process would hang for quite a long time up to the moment when the connection is cleaned by the kernel (took ~ 20 minutes) in my tests. --- source3/winbindd/winbindd_pam.c | 9 ++++++++- 1 files changed, 8 insertions(+), 1 deletions(-) diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c index 7163af2..55addb9 100644 --- a/source3/winbindd/winbindd_pam.c +++ b/source3/winbindd/winbindd_pam.c @@ -1322,7 +1322,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, rpc changetrustpw' */ if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) { - DEBUG(3,("winbindd_pam_auth: sam_logon returned " + DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned " "ACCESS_DENIED. Maybe the trust account " "password was changed and we didn't know it. " "Killing connections to domain %s\n", @@ -1333,6 +1333,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain, } while ( (attempts < 2) && retry ); + if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) { + DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) " + "returned NT_STATUS_IO_TIMEOUT after the retry." + "Killing connections to domain %s\n", + domainname)); + invalidate_cm_connection(&domain->conn); + } return result; } -- 1.7.7.3