summaryrefslogtreecommitdiff
path: root/source4/smbd
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2004-07-14 12:14:07 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:57:35 -0500
commitf607197054436a8195e3d0a695fe31574b418059 (patch)
tree90efd6698cf4cf7a499d7b3307c513b8c85d3690 /source4/smbd
parent71d28b8265726a50b6f077115e7dacdb8c4b06f8 (diff)
downloadsamba-f607197054436a8195e3d0a695fe31574b418059.tar.gz
samba-f607197054436a8195e3d0a695fe31574b418059.tar.bz2
samba-f607197054436a8195e3d0a695fe31574b418059.zip
r1498: (merge from 3.0)
Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae)
Diffstat (limited to 'source4/smbd')
-rw-r--r--source4/smbd/process_standard.c4
-rw-r--r--source4/smbd/rewrite.c7
2 files changed, 11 insertions, 0 deletions
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c
index cc02e84d57..5c2a0a3410 100644
--- a/source4/smbd/process_standard.c
+++ b/source4/smbd/process_standard.c
@@ -74,6 +74,10 @@ static void standard_accept_connection(struct event_context *ev, struct fd_event
DEBUG(0,("standard_accept_connection: tdb_reopen_all failed.\n"));
}
+ /* Ensure that the forked children do not expose identical random streams */
+
+ set_need_random_reseed();
+
mem_ctx = talloc_init("server_service_connection");
if (!mem_ctx) {
DEBUG(0,("talloc_init(server_service_connection) failed\n"));
diff --git a/source4/smbd/rewrite.c b/source4/smbd/rewrite.c
index d0a4bad374..ac241958c7 100644
--- a/source4/smbd/rewrite.c
+++ b/source4/smbd/rewrite.c
@@ -70,6 +70,13 @@ void smbd_process_init(void)
if (!init_change_notify())
exit(1);
+ /* Start old-style secrets subsystem */
+
+ /* We must perform secrets_init(), as it sets up important
+ * seeding for the random number generator.
+ */
+ secrets_init();
+
talloc_destroy(mem_ctx);
}