winbindd: set file descriptor limit according to configuration

Set the winbindd process file descriptor limit according to
the values that affect it in the configuration:
- Maximum number of clients
- Number of outgoing connections per domain

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

diff --git a/source3/include/local.h b/source3/include/local.h
index 5963eb067472bd14204a0cfba26a36eae239a649..7f97d4ece9c7628084a76610a461a384c609de18 100644 (file)
--- a/source3/include/local.h
+++ b/source3/include/local.h
@@ -204,4 +204,8 @@
 /* Maximum size of RPC data we will accept for one call. */
 #define MAX_RPC_DATA_SIZE (15*1024*1024)
 
+/* A guestimate of how many domains winbindd will be contacting */
+#ifndef WINBIND_MAX_DOMAINS_HINT
+#define WINBIND_MAX_DOMAINS_HINT 10
+#endif
 #endif

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 4ffe79c41fa4b5c8e3d65e19515b37d03e36f3d2..defc9cca1d93c2392fce645d59d14b0afe7bdaed 100644 (file)
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -48,6 +48,7 @@
 
 static bool client_is_idle(struct winbindd_cli_state *state);
 static void remove_client(struct winbindd_cli_state *state);
+static void winbindd_setup_max_fds(void);
 
 static bool opt_nocache = False;
 static bool interactive = False;
@@ -145,6 +146,7 @@ static bool reload_services_file(const char *lfile)
 
        reopen_logs();
        load_interfaces();
+       winbindd_setup_max_fds();
 
        return(ret);
 }
@@ -1130,6 +1132,35 @@ char *get_winbind_priv_pipe_dir(void)
        return state_path(WINBINDD_PRIV_SOCKET_SUBDIR);
 }
 
+static void winbindd_setup_max_fds(void)
+{
+       int num_fds = MAX_OPEN_FUDGEFACTOR;
+       int actual_fds;
+
+       num_fds += lp_winbind_max_clients();
+       /* Add some more to account for 2 sockets open
+          when the client transitions from unprivileged
+          to privileged socket
+       */
+       num_fds += lp_winbind_max_clients() / 10;
+
+       /* Add one socket per child process
+          (yeah there are child processes other than the
+          domain children but only domain children can vary
+          with configuration
+       */
+       num_fds += lp_winbind_max_domain_connections() *
+                  (lp_allow_trusted_domains() ? WINBIND_MAX_DOMAINS_HINT : 1);
+
+       actual_fds = set_maxfiles(num_fds);
+
+       if (actual_fds < num_fds) {
+               DEBUG(1, ("winbindd_setup_max_fds: Information only: "
+                         "requested %d open files, %d are available.\n",
+                         num_fds, actual_fds));
+       }
+}
+
 static bool winbindd_setup_listeners(void)
 {
        struct winbindd_listen_state *pub_state = NULL;