winbindd: make wb_domain_request_* more robust

We don't need struct winbindd_domain_ref, but
we should clear the pointers before removing
the queue entry.

And we should start the queue every time
before remove ourself.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 614727aceb9ba314e38915e7d7e3b66b03c6d39e..a34232da430128149201fe6d9f7bfe717ea345f2 100644 (file)
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -462,8 +462,20 @@ struct dcerpc_binding_handle *dom_child_handle(struct winbindd_domain *domain)
 
 struct wb_domain_request_state {
        struct tevent_context *ev;
+       /*
+        * Note we use a plain
+        * struct winbindd_domain pointer
+        * instead of struct winbindd_domain_ref
+        * here, because we're protected by
+        * queue_entry that the domain
+        * is not free'd.
+        *
+        * This also makes sure
+        * struct winbindd_child *child
+        * does not be come invalid.
+        */
        struct tevent_queue_entry *queue_entry;
-       struct winbindd_domain *domain;
+       struct winbindd_domain *domain; /* no ref needed */
        struct winbindd_child *child;
        struct winbindd_request *request;
        struct winbindd_request *init_req;
@@ -485,9 +497,13 @@ static void wb_domain_request_cleanup(struct tevent_req *req,
         * and give the next one in the queue the chance
         * to check for an idle child.
         */
+       state->child = NULL;
        TALLOC_FREE(state->pending_subreq);
+       if (state->domain != NULL) {
+               tevent_queue_start(state->domain->queue);
+               state->domain = NULL;
+       }
        TALLOC_FREE(state->queue_entry);
-       tevent_queue_start(state->domain->queue);
 }
 
 static void wb_domain_request_trigger(struct tevent_req *req,
@@ -567,6 +583,9 @@ static void wb_domain_request_trigger(struct tevent_req *req,
                 * and give the next one in the queue the chance
                 * to check for an idle child.
                 */
+               state->child = NULL;
+               tevent_queue_start(state->domain->queue);
+               state->domain = NULL;
                TALLOC_FREE(state->queue_entry);
                return;
        }
@@ -720,6 +739,9 @@ static void wb_domain_request_initialized(struct tevent_req *subreq)
         * and give the next one in the queue the chance
         * to check for an idle child.
         */
+       state->child = NULL;
+       tevent_queue_start(state->domain->queue);
+       state->domain = NULL;
        TALLOC_FREE(state->queue_entry);
 }