diff options
Diffstat (limited to 'source3/winbindd/winbindd_dual.c')
-rw-r--r-- | source3/winbindd/winbindd_dual.c | 82 |
1 files changed, 52 insertions, 30 deletions
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index 4f1e92ed7c..1499141c34 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -175,7 +175,7 @@ static void async_main_request_sent(void *private_data, bool success) static void async_request_timeout_handler(struct event_context *ctx, struct timed_event *te, - const struct timeval *now, + struct timeval now, void *private_data) { struct winbindd_async_request *state = @@ -247,7 +247,6 @@ static void async_request_sent(void *private_data_data, bool success) state->reply_timeout_event = event_add_timed(winbind_event_context(), NULL, timeval_current_ofs(300,0), - "async_request_timeout", async_request_timeout_handler, state); if (!state->reply_timeout_event) { @@ -827,7 +826,7 @@ void winbind_msg_dump_domain_list(struct messaging_context *msg_ctx, static void account_lockout_policy_handler(struct event_context *ctx, struct timed_event *te, - const struct timeval *now, + struct timeval now, void *private_data) { struct winbindd_child *child = @@ -866,7 +865,6 @@ static void account_lockout_policy_handler(struct event_context *ctx, child->lockout_policy_event = event_add_timed(winbind_event_context(), NULL, timeval_current_ofs(3600, 0), - "account_lockout_policy_handler", account_lockout_policy_handler, child); } @@ -919,7 +917,7 @@ static bool calculate_next_machine_pwd_change(const char *domain, static void machine_password_change_handler(struct event_context *ctx, struct timed_event *te, - const struct timeval *now, + struct timeval now, void *private_data) { struct winbindd_child *child = @@ -971,7 +969,6 @@ static void machine_password_change_handler(struct event_context *ctx, child->machine_password_change_event = event_add_timed(winbind_event_context(), NULL, next_change, - "machine_password_change_handler", machine_password_change_handler, child); } @@ -985,6 +982,7 @@ static void child_msg_offline(struct messaging_context *msg, DATA_BLOB *data) { struct winbindd_domain *domain; + struct winbindd_domain *primary_domain = NULL; const char *domainname = (const char *)data->data; if (data->data == NULL || data->length == 0) { @@ -998,6 +996,8 @@ static void child_msg_offline(struct messaging_context *msg, return; } + primary_domain = find_our_domain(); + /* Mark the requested domain offline. */ for (domain = domain_list(); domain; domain = domain->next) { @@ -1007,6 +1007,11 @@ static void child_msg_offline(struct messaging_context *msg, if (strequal(domain->name, domainname)) { DEBUG(5,("child_msg_offline: marking %s offline.\n", domain->name)); set_domain_offline(domain); + /* we are in the trusted domain, set the primary domain + * offline too */ + if (domain != primary_domain) { + set_domain_offline(primary_domain); + } } } } @@ -1020,6 +1025,7 @@ static void child_msg_online(struct messaging_context *msg, DATA_BLOB *data) { struct winbindd_domain *domain; + struct winbindd_domain *primary_domain = NULL; const char *domainname = (const char *)data->data; if (data->data == NULL || data->length == 0) { @@ -1033,6 +1039,8 @@ static void child_msg_online(struct messaging_context *msg, return; } + primary_domain = find_our_domain(); + /* Set our global state as online. */ set_global_winbindd_state_online(); @@ -1047,6 +1055,16 @@ static void child_msg_online(struct messaging_context *msg, DEBUG(5,("child_msg_online: requesting %s to go online.\n", domain->name)); winbindd_flush_negative_conn_cache(domain); set_domain_online_request(domain); + + /* we can be in trusted domain, which will contact primary domain + * we have to bring primary domain online in trusted domain process + * see, winbindd_dual_pam_auth() --> winbindd_dual_pam_auth_samlogon() + * --> contact_domain = find_our_domain() + * */ + if (domain != primary_domain) { + winbindd_flush_negative_conn_cache(primary_domain); + set_domain_online_request(primary_domain); + } } } } @@ -1177,13 +1195,18 @@ static bool fork_domain_child(struct winbindd_child *child) state.sock = fdpair[0]; close(fdpair[1]); - if (!reinit_after_fork(winbind_messaging_context(), true)) { + if (!reinit_after_fork(winbind_messaging_context(), + winbind_event_context(), true)) { DEBUG(0,("reinit_after_fork() failed\n")); _exit(0); } close_conns_after_fork(); + /* Ensure we're not handling an event inherited from + our parent. */ + ccache_remove_all_after_fork(); + if (!override_logfile) { lp_set_logfile(child->logfilename); reopen_logs(); @@ -1219,33 +1242,34 @@ static bool fork_domain_child(struct winbindd_child *child) messaging_register(winbind_messaging_context(), NULL, MSG_DEBUG, debug_message); + primary_domain = find_our_domain(); + + if (primary_domain == NULL) { + smb_panic("no primary domain found"); + } + /* we have destroy all time event in reinit_after_fork() + * set check_online_event to NULL */ + for (domain = domain_list(); domain; domain = domain->next) { + domain->check_online_event = NULL; + } + /* It doesn't matter if we allow cache login, + * try to bring domain online after fork. */ if ( child->domain ) { child->domain->startup = True; child->domain->startup_time = time(NULL); - } - - /* Ensure we have no pending check_online events other - than one for this domain or the primary domain. */ - - for (domain = domain_list(); domain; domain = domain->next) { - if (domain->primary) { - primary_domain = domain; - } - if ((domain != child->domain) && !domain->primary) { - TALLOC_FREE(domain->check_online_event); + /* we can be in primary domain or in trusted domain + * If we are in trusted domain, set the primary domain + * in start-up mode */ + if (!(child->domain->internal)) { + set_domain_online_request(child->domain); + if (!(child->domain->primary)) { + primary_domain->startup = True; + primary_domain->startup_time = time(NULL); + set_domain_online_request(primary_domain); + } } } - if (primary_domain == NULL) { - smb_panic("no primary domain found"); - } - - /* Ensure we're not handling an event inherited from - our parent. */ - - cancel_named_event(winbind_event_context(), - "krb5_ticket_refresh_handler"); - /* We might be in the idmap child...*/ if (child->domain && !(child->domain->internal) && lp_winbind_offline_logon()) { @@ -1266,7 +1290,6 @@ static bool fork_domain_child(struct winbindd_child *child) child->lockout_policy_event = event_add_timed( winbind_event_context(), NULL, timeval_zero(), - "account_lockout_policy_handler", account_lockout_policy_handler, child); } @@ -1281,7 +1304,6 @@ static bool fork_domain_child(struct winbindd_child *child) &next_change)) { child->machine_password_change_event = event_add_timed( winbind_event_context(), NULL, next_change, - "machine_password_change_handler", machine_password_change_handler, child); } |