| commit | a995f8329d66a950accaf9f152c21689afa0ddeb | |
| author | Michael Adam <obnox@samba.org> | |
| Thu, 20 Nov 2008 15:57:44 +0000 (20 16:57 +0100) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Wed, 26 Nov 2008 09:13:42 +0000 (26 10:13 +0100) | ||
| tree | fb0fa0190f997b3c6001b3ebfcdcef7036c462f1 | treesnapshot (tar.gz zip) |
| parent | 727d5d6a8df01b0efd5372f5324206b96203ef73 | commitdiff |
winbindd_ads: prevent negative GM/ cache entries due to broken connections
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
(cherry picked from commit c833b19b0c3e746b53e6731988cd8bb6aca927f5)
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
(cherry picked from commit c833b19b0c3e746b53e6731988cd8bb6aca927f5)
| source/winbindd/winbindd_ads.c | diffblobblamehistory |