From cbaa17caae599993bff0faa081176a4972fe9217 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 May 2012 16:37:35 -0700 Subject: [PATCH 1/2] Fix bug #8953 - winbind can hang as nbt_getdc() has no timeout. Add a timeout_in_seconds parameter to nbt_getdc() to make it fail after that time with NT_STATUS_IO_TIMEOUT. --- source3/libsmb/clidgram.c | 5 +++++ source3/libsmb/clidgram.h | 1 + source3/libsmb/dsgetdcname.c | 2 +- source3/winbindd/winbindd_cm.c | 2 +- 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c index d48811b..c7ff6ca 100644 --- a/source3/libsmb/clidgram.c +++ b/source3/libsmb/clidgram.c @@ -436,6 +436,7 @@ NTSTATUS nbt_getdc_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, } NTSTATUS nbt_getdc(struct messaging_context *msg_ctx, + uint32_t timeout_in_seconds, const struct sockaddr_storage *dc_addr, const char *domain_name, const struct dom_sid *sid, @@ -459,6 +460,10 @@ NTSTATUS nbt_getdc(struct messaging_context *msg_ctx, if (req == NULL) { goto fail; } + if (!tevent_req_set_endtime(req, ev, + timeval_current_ofs(timeout_in_seconds, 0))) { + goto fail; + } if (!tevent_req_poll_ntstatus(req, ev, &status)) { goto fail; } diff --git a/source3/libsmb/clidgram.h b/source3/libsmb/clidgram.h index a449724..6cd6222 100644 --- a/source3/libsmb/clidgram.h +++ b/source3/libsmb/clidgram.h @@ -37,6 +37,7 @@ NTSTATUS nbt_getdc_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, uint32_t *nt_version, const char **dc_name, struct netlogon_samlogon_response **samlogon_response); NTSTATUS nbt_getdc(struct messaging_context *msg_ctx, + uint32_t timeout_in_seconds, const struct sockaddr_storage *dc_addr, const char *domain_name, const struct dom_sid *sid, diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c index e062818..442f8ed 100644 --- a/source3/libsmb/dsgetdcname.c +++ b/source3/libsmb/dsgetdcname.c @@ -950,7 +950,7 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx, return NT_STATUS_UNSUCCESSFUL; } - status = nbt_getdc(msg_ctx, &dclist[i].ss, domain_name, + status = nbt_getdc(msg_ctx, 10, &dclist[i].ss, domain_name, NULL, nt_version, mem_ctx, &nt_version, &dc_name, &r); if (NT_STATUS_IS_OK(status)) { diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 062714b..9b04aba 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1188,7 +1188,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, } #endif - status = nbt_getdc(winbind_messaging_context(), pss, domain->name, + status = nbt_getdc(winbind_messaging_context(), 10, pss, domain->name, &domain->sid, nt_version, mem_ctx, &nt_version, &dc_name, NULL); if (NT_STATUS_IS_OK(status)) { -- 1.7.7.3 From b078c4730a1b110f1a086cc6609a5071e36e4410 Mon Sep 17 00:00:00 2001 From: Herb Lewis Date: Tue, 29 May 2012 16:38:53 -0700 Subject: [PATCH 2/2] Second part of fix for bug 8953 - winbind can hang as nbt_getdc() has no timeout. If we're running with SEC_ADS and we don't get a cldap response from the server when querying its name, don't fall back to NetBIOS requests as they're unlikely to succeed. Signed-off-by: Jeremy Allison --- source3/winbindd/winbindd_cm.c | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c index 9b04aba..7d7244a 100644 --- a/source3/winbindd/winbindd_cm.c +++ b/source3/winbindd/winbindd_cm.c @@ -1185,6 +1185,7 @@ static bool dcip_to_name(TALLOC_CTX *mem_ctx, } ads_destroy( &ads ); + return false; } #endif -- 1.7.7.3