s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx...

If not the child process would hang for quite a long time up to the
moment when the connection is cleaned by the kernel (took ~ 20 minutes)
in my tests.

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Feb 27 23:10:03 CET 2012 on sn-devel-104

diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 7163af2596bf792ff07866706161f591f183ce97..b7aec20534c0952b049f45284d39e0688bec3a24 100644 (file)
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1179,6 +1179,18 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
                if (!NT_STATUS_IS_OK(result)) {
                        DEBUG(3,("could not open handle to NETLOGON pipe (error: %s)\n",
                                  nt_errstr(result)));
+                       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+                               if (attempts > 0) {
+                                       DEBUG(3, ("This is the second problem for this "
+                                               "particular call, forcing the close of "
+                                               "this connection\n"));
+                                       invalidate_cm_connection(&domain->conn);
+                               } else {
+                                       DEBUG(3, ("First call to cm_connect_netlogon "
+                                               "has timed out, retrying\n"));
+                                       continue;
+                               }
+                       }
                        return result;
                }
                auth = netlogon_pipe->auth;
@@ -1322,7 +1334,7 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
                   rpc changetrustpw' */
 
                if ( NT_STATUS_EQUAL(result, NT_STATUS_ACCESS_DENIED) ) {
-                       DEBUG(3,("winbindd_pam_auth: sam_logon returned "
+                       DEBUG(3,("winbind_samlogon_retry_loop: sam_logon returned "
                                 "ACCESS_DENIED.  Maybe the trust account "
                                "password was changed and we didn't know it. "
                                 "Killing connections to domain %s\n",
@@ -1333,6 +1345,13 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
 
        } while ( (attempts < 2) && retry );
 
+       if (NT_STATUS_EQUAL(result, NT_STATUS_IO_TIMEOUT)) {
+               DEBUG(3,("winbind_samlogon_retry_loop: sam_network_logon(ex) "
+                               "returned NT_STATUS_IO_TIMEOUT after the retry."
+                               "Killing connections to domain %s\n",
+                       domainname));
+               invalidate_cm_connection(&domain->conn);
+       }
        return result;
 }