diff options
-rw-r--r-- | source3/winbindd/winbindd_dual.c | 24 |
1 files changed, 13 insertions, 11 deletions
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 9d4425b2f3..4b57d08b03 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1203,25 +1203,27 @@ bool winbindd_reinit_after_fork(const char *logfilename) TALLOC_FREE(cl->lockout_policy_event); TALLOC_FREE(cl->machine_password_change_event); - /* Children should never be able to send - * each other messages, all meesages must + /* Children should never be able to send + * each other messages, all messages must * go through the parent. */ cl->pid = (pid_t)0; } /* - * This is a little tricky, we don't want child - * to send MSG_WINBIND_ONLINE to idmap_child(). - * If we are in the child of trusted domain or - * in the process created by fork_child_dc_connect(). - * And the trusted domain cannot go online, - * fork_child_dc_connection() sends MSG_WINBIND_ONLINE + * This is a little tricky, children must not + * send an MSG_WINBIND_ONLINE message to idmap_child(). + * If we are in a child of our primary domain or + * in the process created by fork_child_dc_connect(), + * and the primary domain cannot go online, + * fork_child_dc_connection() sends MSG_WINBIND_ONLINE * periodically to idmap_child(). - * look, fork_child_dc_connect() ---> getdcs() ---> + * + * The sequence is, fork_child_dc_connect() ---> getdcs() ---> * get_dc_name_via_netlogon() ---> cm_connect_netlogon() * ---> init_dc_connection() ---> cm_open_connection ---> - * set_domain_online(), here send MSG_WINBIND_ONLINE to - * idmap_child(). + * set_domain_online(), sends MSG_WINBIND_ONLINE to + * idmap_child(). Disallow children sending messages + * to each other, all messages must go through the parent. */ cl = idmap_child(); cl->pid = (pid_t)0; |