| commit | c833b19b0c3e746b53e6731988cd8bb6aca927f5 | |
| author | Michael Adam <obnox@samba.org> | |
| Thu, 20 Nov 2008 15:57:44 +0000 (20 16:57 +0100) | ||
| committer | Michael Adam <obnox@samba.org> | |
| Fri, 21 Nov 2008 23:04:45 +0000 (22 00:04 +0100) | ||
| tree | 75bde532c08c98bb429074bed60a118313407f92 | treesnapshot (tar.gz zip) |
| parent | 7204116c9edcd98ea20cbc5f29e5f25737f78a41 | commitdiff |
winbindd_ads: prevent negative GM/ cache entries due to broken connections
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
The ads lookup_groupmem() function calls lda_lookupsids to resolve sids
to names. This is tried only once. So in case the connection was broken,
e.g. closed by the server (without a reset packet), there will be an empty
GM/ cache entry for the requested group which will prevent proper working
of access checks among other checks for the expiry period.
This patch works around this problem by retrying once if the lsa_lookupsids
call fails, re-establishing the dc-connection, as we already do in many other
places (e.g. the winbindd retry methods for the rpc layer).
Michael
| source/winbindd/winbindd_ads.c | diffblobblamehistory |