summaryrefslogtreecommitdiff
path: root/source3/winbindd
diff options
context:
space:
mode:
Diffstat (limited to 'source3/winbindd')
-rw-r--r--source3/winbindd/winbindd_dual.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 9be8bafdd7..9d4425b2f3 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1202,7 +1202,29 @@ bool winbindd_reinit_after_fork(const char *logfilename)
}
TALLOC_FREE(cl->lockout_policy_event);
TALLOC_FREE(cl->machine_password_change_event);
+
+ /* Children should never be able to send
+ * each other messages, all meesages must
+ * go through the parent.
+ */
+ cl->pid = (pid_t)0;
}
+ /*
+ * This is a little tricky, we don't want child
+ * to send MSG_WINBIND_ONLINE to idmap_child().
+ * If we are in the child of trusted domain or
+ * in the process created by fork_child_dc_connect().
+ * And the trusted domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * periodically to idmap_child().
+ * look, fork_child_dc_connect() ---> getdcs() --->
+ * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
+ * ---> init_dc_connection() ---> cm_open_connection --->
+ * set_domain_online(), here send MSG_WINBIND_ONLINE to
+ * idmap_child().
+ */
+ cl = idmap_child();
+ cl->pid = (pid_t)0;
return true;
}
@@ -1296,6 +1318,14 @@ static bool fork_domain_child(struct winbindd_child *child)
}
}
}
+
+ /*
+ * We are in idmap child, make sure that we set the
+ * check_online_event to bring primary domain online.
+ */
+ if (child == idmap_child()) {
+ set_domain_online_request(primary_domain);
+ }
/* We might be in the idmap child...*/
if (child->domain && !(child->domain->internal) &&