r18010: Ensure we don't timeout twice to the same

server in winbindd when it's down and listed
in the -ve connection cache. Fix memory leak,
reduce timeout for cldap calls - minimum 3 secs.
Jeremy.

diff --git a/source/libads/cldap.c b/source/libads/cldap.c
index da1dec6b931c9841e45b7ab7443c9542523c9d0f..8e34e27353ec395cdc191e7e30e685ac36ef78f1 100644 (file)
--- a/source/libads/cldap.c
+++ b/source/libads/cldap.c
@@ -188,6 +188,8 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
        DATA_BLOB blob;
        DATA_BLOB os1, os2, os3;
        int i1;
+       /* half the time of a regular ldap timeout, not less than 3 seconds. */
+       unsigned int al_secs = MAX(3,lp_ldap_timeout()/2);
        char *p;
 
        blob = data_blob(NULL, 8192);
@@ -200,7 +202,7 @@ static int recv_cldap_netlogon(int sock, struct cldap_netlogon_reply *reply)
        /* Setup timeout */
        gotalarm = 0;
        CatchSignal(SIGALRM, SIGNAL_CAST gotalarm_sig);
-       alarm(lp_ldap_timeout());
+       alarm(al_secs);
        /* End setup timeout. */
  
        ret = read(sock, blob.data, blob.length);

diff --git a/source/libads/kerberos.c b/source/libads/kerberos.c
index c872508fe84d025ea9c96ac6c01295ac1aba4072..57233f218281db1727a0c43387cafc9993da9bef 100644 (file)
--- a/source/libads/kerberos.c
+++ b/source/libads/kerberos.c
@@ -494,10 +494,13 @@ static char *get_kdc_ip_string(char *mem_ctx, const char *realm, struct in_addr
                kdc_str = talloc_asprintf(mem_ctx, "%s\tkdc = %s\n",
                        kdc_str, inet_ntoa(ip_srv[i].ip));
                if (!kdc_str) {
+                       SAFE_FREE(ip_srv);
                        return NULL;
                }
        }
 
+       SAFE_FREE(ip_srv);
+
        DEBUG(10,("get_kdc_ip_string: Returning %s\n",
                kdc_str ));
 

diff --git a/source/nsswitch/winbindd_cm.c b/source/nsswitch/winbindd_cm.c
index 6c35539e4dddfd1e14c90167fe3396bb29320d6d..b6a3b3ac054f24c5d76dbc65be59ca565ab4fb25 100644 (file)
--- a/source/nsswitch/winbindd_cm.c
+++ b/source/nsswitch/winbindd_cm.c
@@ -791,17 +791,22 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
        char *saf_servername = saf_fetch( domain->name );
        int retries;
 
-       if ((mem_ctx = talloc_init("cm_open_connection")) == NULL)
+       if ((mem_ctx = talloc_init("cm_open_connection")) == NULL) {
+               SAFE_FREE(saf_servername);
                return NT_STATUS_NO_MEMORY;
+       }
 
        /* we have to check the server affinity cache here since 
           later we selecte a DC based on response time and not preference */
           
-       if ( saf_servername ) 
-       {
+       /* Check the negative connection cache
+          before talking to it. It going down may have
+          triggered the reconnection. */
+
+       if ( saf_servername && NT_STATUS_IS_OK(check_negative_conn_cache( domain->name, saf_servername))) {
+
                /* convert an ip address to a name */
-               if ( is_ipaddress( saf_servername ) )
-               {
+               if ( is_ipaddress( saf_servername ) ) {
                        fstring saf_name;
                        struct in_addr ip;
 
@@ -814,9 +819,7 @@ static NTSTATUS cm_open_connection(struct winbindd_domain *domain,
                                        domain->name, saf_servername,
                                        NT_STATUS_UNSUCCESSFUL);
                        }
-               } 
-               else 
-               {
+               } else {
                        fstrcpy( domain->dcname, saf_servername );
                }