s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx...

If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.

Fix bug #8771 (Winbind takes up to 20 minutes to change from DC 1 to DC 2 and
keeps in the meantime to respond NT_STATUS_IO_TIMEOUT).

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 79189ba57e5b2ac9ff90477dce7044a493de9588..9801f53134f740876031efe313baa761a45b01d6 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1166,6 +1166,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
                if (!NT_STATUS_IS_OK(result)) {
                        DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
                                  nt_errstr(result)));
+                       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+                               if (attempts > 0) {
+                                       DEBUG(3, ("This is the second problem for this "
+                                               "particular call, forcing the close of "
+                                               "this connection\n"));
+                                       invalidate_cm_connection(&domain->conn);
+                               } else {
+                                       DEBUG(3, ("First call to cm_connect_netlogon "
+                                               "has timed out, retrying\n"));
+                                       continue;
+                               }
+                       }
                        return result;
                }
                auth = netlogon_pipe->auth;
@@ -1309,7 +1321,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
                   rpc changetrustpw' */
 
                if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
-                       DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+                       DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned "
                                 "ACCESS_DENIED.  Maybe the trust account "
                                "password was changed and we didn't know it. "
                                 "Killing connections to domain %s\n",
@@ -1320,6 +1332,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 
        } while ( (attempts < 2) && retry );
 
+       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+               DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+                               "returned NT_STATUS_IO_TIMEOUT after the retry."
+                               "Killing connections to domain %s\n",
+                       domainname));
+               invalidate_cm_connection(&domain->conn);
+       }
        return result;
 }