summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/winbindd/winbindd_dual.c24
1 files changed, 13 insertions, 11 deletions
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 9d4425b2f3..4b57d08b03 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1203,25 +1203,27 @@ bool winbindd_reinit_after_fork(const char *logfilename)
TALLOC_FREE(cl->lockout_policy_event);
TALLOC_FREE(cl->machine_password_change_event);
- /* Children should never be able to send
- * each other messages, all meesages must
+ /* Children should never be able to send
+ * each other messages, all messages must
* go through the parent.
*/
cl->pid = (pid_t)0;
}
/*
- * This is a little tricky, we don't want child
- * to send MSG_WINBIND_ONLINE to idmap_child().
- * If we are in the child of trusted domain or
- * in the process created by fork_child_dc_connect().
- * And the trusted domain cannot go online,
- * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * This is a little tricky, children must not
+ * send an MSG_WINBIND_ONLINE message to idmap_child().
+ * If we are in a child of our primary domain or
+ * in the process created by fork_child_dc_connect(),
+ * and the primary domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
* periodically to idmap_child().
- * look, fork_child_dc_connect() ---> getdcs() --->
+ *
+ * The sequence is, fork_child_dc_connect() ---> getdcs() --->
* get_dc_name_via_netlogon() ---> cm_connect_netlogon()
* ---> init_dc_connection() ---> cm_open_connection --->
- * set_domain_online(), here send MSG_WINBIND_ONLINE to
- * idmap_child().
+ * set_domain_online(), sends MSG_WINBIND_ONLINE to
+ * idmap_child(). Disallow children sending messages
+ * to each other, all messages must go through the parent.
*/
cl = idmap_child();
cl->pid = (pid_t)0;