s3:winbindd: raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds.

metze

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index a95b31da48a9790a4cea52b2009f8068a3ca0f9a..665dd53df1bfdf53c4e3af18669ec6d0a5ef68c2 100644 (file)
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1121,6 +1121,7 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
 
        /* handle sids not resolved from cache by lsa_lookup_sids */
        if (num_nocache > 0) {
+               unsigned int orig_timeout;
 
                status = cm_connect_lsa(domain, tmp_ctx, &cli, &lsa_policy);
 
@@ -1128,6 +1129,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                        goto done;
                }
 
+               /*
+                * This call can take a long time
+                * allow the server to time out.
+                * 35 seconds should do it.
+                */
+               orig_timeout = rpccli_set_timeout(cli, 35000);
+
                status = rpccli_lsa_lookup_sids(cli, tmp_ctx,
                                                &lsa_policy,
                                                num_nocache,
@@ -1136,6 +1144,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                                                &names_nocache,
                                                &name_types_nocache);
 
+               /* And restore our original timeout. */
+               rpccli_set_timeout(cli, orig_timeout);
+
                if (!(NT_STATUS_IS_OK(status) ||
                      NT_STATUS_EQUAL(status, STATUS_SOME_UNMAPPED) ||
                      NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED)))
@@ -1150,6 +1161,13 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                                goto done;
                        }
 
+                       /*
+                        * This call can take a long time
+                        * allow the server to time out.
+                        * 35 seconds should do it.
+                        */
+                       orig_timeout = rpccli_set_timeout(cli, 35000);
+
                        status = rpccli_lsa_lookup_sids(cli, tmp_ctx,
                                                        &lsa_policy,
                                                        num_nocache,
@@ -1157,6 +1175,9 @@ static NTSTATUS lookup_groupmem(struct winbindd_domain *domain,
                                                        &domains_nocache,
                                                        &names_nocache,
                                                        &name_types_nocache);
+
+                       /* And restore our original timeout. */
+                       rpccli_set_timeout(cli, orig_timeout);
                }
 
                if (NT_STATUS_IS_OK(status) ||

diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 037fae09c607ccb94f76709c8dbbd702fca14a3b..3aa4231506334f75485002002cdb86ec6d712d72 100644 (file)
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -281,6 +281,7 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
        struct policy_handle lsa_policy;
        NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
        char *mapped_name = NULL;
+       unsigned int orig_timeout;
 
        if (name == NULL || *name=='\0') {
                full_name = talloc_asprintf(mem_ctx, "%s", domain_name);
@@ -314,9 +315,19 @@ static NTSTATUS msrpc_name_to_sid(struct winbindd_domain *domain,
        if (!NT_STATUS_IS_OK(result))
                return result;
 
+       /*
+        * This call can take a long time
+        * allow the server to time out.
+        * 35 seconds should do it.
+        */
+       orig_timeout = rpccli_set_timeout(cli, 35000);
+
        result = rpccli_lsa_lookup_names(cli, mem_ctx, &lsa_policy, 1, 
                                         (const char**) &full_name, NULL, 1, &sids, &types);
 
+       /* And restore our original timeout. */
+       rpccli_set_timeout(cli, orig_timeout);
+
        if (!NT_STATUS_IS_OK(result))
                return result;
 
@@ -346,6 +357,7 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
        struct policy_handle lsa_policy;
        NTSTATUS name_map_status = NT_STATUS_UNSUCCESSFUL;
        char *mapped_name = NULL;
+       unsigned int orig_timeout;
 
        DEBUG(3,("sid_to_name [rpc] %s for domain %s\n", sid_string_dbg(sid),
                 domain->name ));
@@ -358,8 +370,19 @@ static NTSTATUS msrpc_sid_to_name(struct winbindd_domain *domain,
        }
 
 
+       /*
+        * This call can take a long time
+        * allow the server to time out.
+        * 35 seconds should do it.
+        */
+       orig_timeout = rpccli_set_timeout(cli, 35000);
+
        result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,
                                        1, sid, &domains, &names, &types);
+
+       /* And restore our original timeout. */
+       rpccli_set_timeout(cli, orig_timeout);
+
        if (!NT_STATUS_IS_OK(result)) {         
                DEBUG(2,("msrpc_sid_to_name: rpccli_lsa_lookup_sids()  failed (%s)\n",
                         nt_errstr(result)));           
@@ -400,6 +423,7 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
        DOM_SID *sids;
        size_t i;
        char **ret_names;
+       unsigned int orig_timeout;
 
        DEBUG(3, ("rids_to_names [rpc] for domain %s\n", domain->name ));
 
@@ -423,9 +447,20 @@ static NTSTATUS msrpc_rids_to_names(struct winbindd_domain *domain,
                return result;
        }
 
+       /*
+        * This call can take a long time
+        * allow the server to time out.
+        * 35 seconds should do it.
+        */
+       orig_timeout = rpccli_set_timeout(cli, 35000);
+
        result = rpccli_lsa_lookup_sids(cli, mem_ctx, &lsa_policy,
                                        num_rids, sids, &domains,
                                        names, types);
+
+       /* And restore our original timeout. */
+       rpccli_set_timeout(cli, orig_timeout);
+
        if (!NT_STATUS_IS_OK(result) &&
            !NT_STATUS_EQUAL(result, STATUS_SOME_UNMAPPED)) {
                return result;