summaryrefslogtreecommitdiff
path: root/file_server
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2013-07-10 14:48:18 +0200
committerStefan Metzmacher <metze@samba.org>2013-07-10 23:18:06 +0200
commit596b51c666e549fb518d92931d8837922154a2fe (patch)
treebfd22b1a428c46e99a4306ca3a3498e31d60430c /file_server
parent1573638212a9733a44939a4d38a226f38dca36f1 (diff)
downloadsamba-596b51c666e549fb518d92931d8837922154a2fe.tar.gz
samba-596b51c666e549fb518d92931d8837922154a2fe.tar.bz2
samba-596b51c666e549fb518d92931d8837922154a2fe.zip
s4:server: avoid calling into nss_winbind from within 'samba'
The most important part is that the 'winbind_server' doesn't recurse into itself. This could happen if the krb5 libraries call getlogin(). As we may run in single process mode, we need to set _NO_WINBINDD=1 everywhere, the only exception is the forked 'smbd'. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
Diffstat (limited to 'file_server')
-rw-r--r--file_server/file_server.c9
1 files changed, 9 insertions, 0 deletions
diff --git a/file_server/file_server.c b/file_server/file_server.c
index 5d44d5a85c..aab5f39ac7 100644
--- a/file_server/file_server.c
+++ b/file_server/file_server.c
@@ -28,6 +28,7 @@
#include "source4/smbd/process_model.h"
#include "file_server/file_server.h"
#include "dynconfig.h"
+#include "nsswitch/winbind_client.h"
/*
called if smbd exits
@@ -64,6 +65,8 @@ static void s3fs_task_init(struct task_server *task)
smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR);
smbd_cmd[0] = smbd_path;
+ /* the child should be able to call through nss_winbind */
+ (void)winbind_on();
/* start it as a child process */
subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
smbd_cmd,
@@ -72,6 +75,12 @@ static void s3fs_task_init(struct task_server *task)
"--foreground",
debug_get_output_is_stdout()?"--log-stdout":NULL,
NULL);
+ /* the parent should not be able to call through nss_winbind */
+ if (!winbind_off()) {
+ DEBUG(0,("Failed to re-disable recursive winbindd calls after forking smbd\n"));
+ task_server_terminate(task, "Failed to re-disable recursive winbindd calls", true);
+ return;
+ }
if (subreq == NULL) {
DEBUG(0, ("Failed to start smbd as child daemon\n"));
task_server_terminate(task, "Failed to startup s3fs smb task", true);