From 19f34b2161dee26ebaee2774b4bee0dc3ce9e340 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Thu, 7 Feb 2019 09:42:36 +0100 Subject: [PATCH] samba_dnsupdate: make rodc_dns_update() more robust against timing problems Without this we had an interesting race! The messaging_dgm code caches connected datagram sockets based on the destination pid for 1 second. The fact that samba_dnsupdate constantly recreates its messaging context (and the underlying datagram socket) means that we the winbindd messaging context may get a stale connection. As a result sending any message from winbindd back to samba_dnsupdate will result in ECONNREFUSED. That means the IRPC response from winbindd never reaches samba_dnsupdate, which will then hit a timeout. In turn samba_dnsupdate on the RODC times out. This was a workaround for the problem, by having just one global IRPC handle and thus just one messaging_dgm context. The actual problem is solved a few commits before ("messages_dgm: Properly handle receiver re-initialization"). But we keep this as an performance optimization, which hopefully means that the overall samba_dnsupdate is less likely to timeout after the hardcoded 20 seconds. Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett --- source4/scripting/bin/samba_dnsupdate | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 90d403464dc..3fb540b202c 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -633,6 +633,14 @@ def call_samba_tool(d, op="add", zone=None): print("Failed 'samba-tool dns' based update: %s : %s" % (str(d), estr)) raise +irpc_wb = None +def cached_irpc_wb(lp): + global irpc_wb + if irpc_wb is not None: + return irpc_wb + irpc_wb = winbind.winbind("irpc:winbind_server", lp) + return irpc_wb + def rodc_dns_update(d, t, op): '''a single DNS update via the RODC netlogon call''' global sub_vars @@ -652,7 +660,7 @@ def rodc_dns_update(d, t, op): netlogon.NlDnsGenericGcAtSite : netlogon.NlDnsDomainNameAlias } - w = winbind.winbind("irpc:winbind_server", lp) + w = cached_irpc_wb(lp) dns_names = netlogon.NL_DNS_NAME_INFO_ARRAY() dns_names.count = 1 name = netlogon.NL_DNS_NAME_INFO() @@ -680,6 +688,9 @@ def rodc_dns_update(d, t, op): print("Error setting DNS entry of type %u: %s: %s" % (t, d, reason)) error_count = error_count + 1 + if opts.verbose: + print("Called netlogon RODC update for %s" % d) + if error_count != 0 and opts.fail_immediately: sys.exit(1) -- 2.47.2