From: Volker Lendecke <vl@samba.org>
Date: Sat, 19 Jun 2021 15:06:59 +0000 (+0200)
Subject: s3:winbind: Close internal RPC pipes after 5 idle seconds
X-Git-Tag: tdb-1.4.6~354
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3fb2fd49445eae8a075638d0ed18e2ca41696450;p=thirdparty%2Fsamba.git

s3:winbind: Close internal RPC pipes after 5 idle seconds

Even internal pipes have a small cost, external ones will block a
process from exiting soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
---

diff --git a/source3/winbindd/winbindd_samr.c b/source3/winbindd/winbindd_samr.c
index 5e23ff8217b..6740d11dfb0 100644
--- a/source3/winbindd/winbindd_samr.c
+++ b/source3/winbindd/winbindd_samr.c
@@ -37,6 +37,7 @@
 #include "../libcli/security/security.h"
 #include "passdb/machine_sid.h"
 #include "auth.h"
+#include "source3/lib/global_contexts.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_WINBIND
@@ -48,6 +49,7 @@
  * winbindd or a part of this process
  */
 struct winbind_internal_pipes {
+	struct tevent_timer *shutdown_timer;
 	struct rpc_pipe_client *samr_pipe;
 	struct policy_handle samr_domain_hnd;
 	struct rpc_pipe_client *lsa_pipe;
@@ -120,6 +122,27 @@ NTSTATUS open_internal_lsa_conn(TALLOC_CTX *mem_ctx,
 	return status;
 }
 
+static void cached_internal_pipe_close(
+	struct tevent_context *ev,
+	struct tevent_timer *te,
+	struct timeval current_time,
+	void *private_data)
+{
+	struct winbindd_domain *domain = talloc_get_type_abort(
+		private_data, struct winbindd_domain);
+	/*
+	 * domain->private_data is the struct winbind_internal_pipes *
+	 * pointer so freeing it closes the cached pipes.
+	 *
+	 * We can do a hard close because at the time of this commit
+	 * we only use sychronous calls to external pipes. So we can't
+	 * have any outstanding requests. Also, we don't set
+	 * dcerpc_binding_handle_set_sync_ev in winbind, so we don't
+	 * get nested event loops. Once we start to get async in
+	 * winbind children, we need to check for outstanding calls
+	 */
+	TALLOC_FREE(domain->private_data);
+}
 
 static NTSTATUS open_cached_internal_pipe_conn(
 	struct winbindd_domain *domain,
@@ -156,6 +179,17 @@ static NTSTATUS open_cached_internal_pipe_conn(
 			return status;
 		}
 
+		internal_pipes->shutdown_timer = tevent_add_timer(
+			global_event_context(),
+			internal_pipes,
+			timeval_current_ofs(5, 0),
+			cached_internal_pipe_close,
+			domain);
+		if (internal_pipes->shutdown_timer == NULL) {
+			TALLOC_FREE(frame);
+			return NT_STATUS_NO_MEMORY;
+		}
+
 		domain->private_data = talloc_move(domain, &internal_pipes);
 
 		TALLOC_FREE(frame);
@@ -181,6 +215,10 @@ static NTSTATUS open_cached_internal_pipe_conn(
 		*lsa_pipe = internal_pipes->lsa_pipe;
 	}
 
+	tevent_update_timer(
+		internal_pipes->shutdown_timer,
+		timeval_current_ofs(5, 0));
+
 	return NT_STATUS_OK;
 }