From: Stefan Metzmacher Date: Fri, 7 Feb 2025 14:46:33 +0000 (+0100) Subject: winbindd: make wb_domain_request_* more robust X-Git-Tag: tevent-0.17.0~846 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e306f60865089b4908a20017ed95b1a71b462b4f;p=thirdparty%2Fsamba.git winbindd: make wb_domain_request_* more robust We don't need struct winbindd_domain_ref, but we should clear the pointers before removing the queue entry. And we should start the queue every time before remove ourself. Signed-off-by: Stefan Metzmacher Reviewed-by: Ralph Boehme --- diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 614727aceb9..a34232da430 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -462,8 +462,20 @@ struct dcerpc_binding_handle *dom_child_handle(struct winbindd_domain *domain) struct wb_domain_request_state { struct tevent_context *ev; + /* + * Note we use a plain + * struct winbindd_domain pointer + * instead of struct winbindd_domain_ref + * here, because we're protected by + * queue_entry that the domain + * is not free'd. + * + * This also makes sure + * struct winbindd_child *child + * does not be come invalid. + */ struct tevent_queue_entry *queue_entry; - struct winbindd_domain *domain; + struct winbindd_domain *domain; /* no ref needed */ struct winbindd_child *child; struct winbindd_request *request; struct winbindd_request *init_req; @@ -485,9 +497,13 @@ static void wb_domain_request_cleanup(struct tevent_req *req, * and give the next one in the queue the chance * to check for an idle child. */ + state->child = NULL; TALLOC_FREE(state->pending_subreq); + if (state->domain != NULL) { + tevent_queue_start(state->domain->queue); + state->domain = NULL; + } TALLOC_FREE(state->queue_entry); - tevent_queue_start(state->domain->queue); } static void wb_domain_request_trigger(struct tevent_req *req, @@ -567,6 +583,9 @@ static void wb_domain_request_trigger(struct tevent_req *req, * and give the next one in the queue the chance * to check for an idle child. */ + state->child = NULL; + tevent_queue_start(state->domain->queue); + state->domain = NULL; TALLOC_FREE(state->queue_entry); return; } @@ -720,6 +739,9 @@ static void wb_domain_request_initialized(struct tevent_req *subreq) * and give the next one in the queue the chance * to check for an idle child. */ + state->child = NULL; + tevent_queue_start(state->domain->queue); + state->domain = NULL; TALLOC_FREE(state->queue_entry); }