diff options
author | Andrew Bartlett <abartlet@samba.org> | 2004-07-14 12:14:07 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:57:35 -0500 |
commit | f607197054436a8195e3d0a695fe31574b418059 (patch) | |
tree | 90efd6698cf4cf7a499d7b3307c513b8c85d3690 /source4/smbd | |
parent | 71d28b8265726a50b6f077115e7dacdb8c4b06f8 (diff) | |
download | samba-f607197054436a8195e3d0a695fe31574b418059.tar.gz samba-f607197054436a8195e3d0a695fe31574b418059.tar.bz2 samba-f607197054436a8195e3d0a695fe31574b418059.zip |
r1498: (merge from 3.0)
Rework our random number generation system.
On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork().
For other systems, we now only re-seed after a fork, and on startup.
No need to do it per-operation. This removes the 'need_reseed'
parameter from generate_random_buffer().
This also requires that we start the secrets subsystem, as that is
where the reseed value is stored, for systems without /dev/urandom.
In order to aviod identical streams in forked children, the random
state is re-initialised after the fork(), at the same point were we do
that to the tdbs.
Andrew Bartlett
(This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
Diffstat (limited to 'source4/smbd')
-rw-r--r-- | source4/smbd/process_standard.c | 4 | ||||
-rw-r--r-- | source4/smbd/rewrite.c | 7 |
2 files changed, 11 insertions, 0 deletions
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index cc02e84d57..5c2a0a3410 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -74,6 +74,10 @@ static void standard_accept_connection(struct event_context *ev, struct fd_event DEBUG(0,("standard_accept_connection: tdb_reopen_all failed.\n")); } + /* Ensure that the forked children do not expose identical random streams */ + + set_need_random_reseed(); + mem_ctx = talloc_init("server_service_connection"); if (!mem_ctx) { DEBUG(0,("talloc_init(server_service_connection) failed\n")); diff --git a/source4/smbd/rewrite.c b/source4/smbd/rewrite.c index d0a4bad374..ac241958c7 100644 --- a/source4/smbd/rewrite.c +++ b/source4/smbd/rewrite.c @@ -70,6 +70,13 @@ void smbd_process_init(void) if (!init_change_notify()) exit(1); + /* Start old-style secrets subsystem */ + + /* We must perform secrets_init(), as it sets up important + * seeding for the random number generator. + */ + secrets_init(); + talloc_destroy(mem_ctx); } |