diff options
-rw-r--r-- | source3/winbindd/winbindd_dual.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 9be8bafdd7..9d4425b2f3 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1202,7 +1202,29 @@ bool winbindd_reinit_after_fork(const char *logfilename) } TALLOC_FREE(cl->lockout_policy_event); TALLOC_FREE(cl->machine_password_change_event); + + /* Children should never be able to send + * each other messages, all meesages must + * go through the parent. + */ + cl->pid = (pid_t)0; } + /* + * This is a little tricky, we don't want child + * to send MSG_WINBIND_ONLINE to idmap_child(). + * If we are in the child of trusted domain or + * in the process created by fork_child_dc_connect(). + * And the trusted domain cannot go online, + * fork_child_dc_connection() sends MSG_WINBIND_ONLINE + * periodically to idmap_child(). + * look, fork_child_dc_connect() ---> getdcs() ---> + * get_dc_name_via_netlogon() ---> cm_connect_netlogon() + * ---> init_dc_connection() ---> cm_open_connection ---> + * set_domain_online(), here send MSG_WINBIND_ONLINE to + * idmap_child(). + */ + cl = idmap_child(); + cl->pid = (pid_t)0; return true; } @@ -1296,6 +1318,14 @@ static bool fork_domain_child(struct winbindd_child *child) } } } + + /* + * We are in idmap child, make sure that we set the + * check_online_event to bring primary domain online. + */ + if (child == idmap_child()) { + set_domain_online_request(primary_domain); + } /* We might be in the idmap child...*/ if (child->domain && !(child->domain->internal) && |