Age | Commit message (Collapse) | Author | Files | Lines |
|
Jeremy.
|
|
lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum. Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab
For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only
The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.
The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode. This keytab is only used in
ads_verify_ticket.
|
|
metze
|
|
triggered now
metze
|
|
And always setup the fd events.
metze
|
|
Jeremy.
|
|
Signed-off-by: Bo Yang <boyang@novell.com>
|
|
Jeremy.
|
|
|
|
Jeremy.
|
|
in a forked child.
Jeremy.
|
|
metze
|
|
cancel_named_event() is stupid by design and also only cancels
one single event.
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
reinit_after_fork() already calls messaging_reinit()
metze
|
|
keytab.
Guenther
|
|
Jeremy.
|
|
|
|
"rescan_trusted_domain".
From analysis by hargagan <shargagan@novell.com> :
"The winbindd_child_died() is also getting called from process_loop() in case of
SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for
the first request. It then initiate a new request using
schedule_async_request() which installs a new timeout handler for the same
request. In such a case, for a badly unresponsive system both the timeout
handler can be called. For the first call the "private_data" will be cleared
and for another call the timeout handler will be detecting the double free. So,
for such a case as well, the winbindd_child_died() should make the
timeout_handler to NULL."
Jeremy.
|
|
|
|
patch from shargagan@novell.com
Jeremy.
|
|
The scanner did not figure out that we always have a primary domain, so it
complained about us potentially passing a NULL pointer down to
set_domain_online_request() where it is dereferenced.
Make the code a bit clearer.
(This used to be commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9)
|
|
Guenther
(This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e)
|
|
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807)
|
|
(This used to be commit 5314f06dcdf14ce5e038a03a3e4dfded227bd00c)
|
|
Guenther
(This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a)
|
|
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
|
|
When SIGCHLD handling is delayed for some reason, sending a request to a child
can fail early because the child has died already. In this case
async_main_request_sent() directly called the continuation function without
properly removing the malfunctioning child process and the requests in the
queue. The next request would then crash in the DLIST_ADD_END() in
async_request() because the request pending for the child had been
talloc_free()'ed and yet still was referenced in the list.
This one is *old*...
Volker
(cherry picked from commit 8691709626b0d461de91b8fc9d10c730d1f183dd)
(This used to be commit c70e2b6476d2d99c79624e15a4a3cfcdc850fc7c)
|
|
In reloading the smb.conf, if a "log file" is specified in smb.conf,
winbind children will overwrite the logfile name to be the same as the
parent.
Jeremy.
(This used to be commit 62d319cc1a2ef891866b2ddbd22f3ed0944356af)
|
|
smbcontrol winbindd debug level would only set the debug level of the
parent winbindd process and not the child processes. This patch adds
the functionality of broadcasting the debug message to all winbindd
children. Now the debug level message is propagated to all the winbindd
processes that includes parent and children.
(This used to be commit cfbcfc3ffe74f28ec874a6bf1ab93f55f405b6e6)
|
|
not keeping primary domain online status up to date.
Jeremy.
(This used to be commit 0621c7c8161b7b94cc9249ab3e71855d3030b6fb)
|
|
way - deleting the socket!
Jeremy.
(This used to be commit 3ab5a3883e33eba159152aa02544d71f047c7e45)
|
|
83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537.
We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this
will come later.
Jeremy.
(This used to be commit 41e20becf3b976656f60aaec9175df329803b012)
|
|
call :
CatchChild();
*before* we fork the domain child. This call establishes a signal handler that
eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon
SIGCLD handler should do. This causes the parent to ignore dead children and
time out, instead of calling winbind_child_died() on receipt of the signal. The
correct fix is to move the CatchChild call into the child code after the fork.
Jeremy.
(This used to be commit 8d701a142be2b75dc30ad215bc178af902eb4af9)
|
|
in particular closing and reopening logs on SIGHUP.
Conflicts:
source/winbindd/winbindd.c
(This used to be commit 0f7b11accec7df1c0e9a9dc0828a5e0c5ddec4cb)
|
|
Thanks to Glenn Curtis and Kyle Stemen @ Likewise. Their explanation is:
In winbindd_dual.c, there is a list of children processes that
is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the
case when a scheduled_async_request fails, the particular child
was located in the list, and its attributes were cleared out
and it was reused for a subsequent async request. The bug was that
the new request would queue the same node into the doubly-linked
list and would result in list->next pointing to the same node as
list itself. This would set up an infinite loop in the processing of
the for loop when the list of children was referenced.
Solution was to fully remove the child node from the list, such that
it could be inserted without risk of being inserted twice.
Note that the child is re-added to the list in fork_domain_child() again.
(This used to be commit b379b5b5d8a6daccc69aaf2be6d9a6e276e7dd78)
|
|
We now open messages.tdb even before we do the become_daemon. become_daemon()
involves a fork and an immediate exit of the parent, thus the
parent_is_longlived argument must be set to false in this case. The parent is
not really long lived :-)
(This used to be commit 4f4781c6d17fe2db34dd5945fec52a7685448aec)
|
|
metze
(This used to be commit 8e9fdef792e612e414444e7714a2fd4513892248)
|
|
Winbind can't be allowed to connect to the local smbd.
(This used to be commit 0d617f639a3c9c52e4327aed4bd02d9e8e7312a2)
|
|
Guenther
(This used to be commit dd9fa33e968d4e641460fe1c6beb05dfe12fa918)
|
|
(This used to be commit af40b71023f8c4a2133d996ea698c72b97624043)
|
|
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
|
|
This patch make sure we do not try to contact smbd in the main dameon
to avoid deadlocks.
All the operations that require connecting to smbd are performed in
the domain child anyway.
(This used to be commit 9347d34b502bef70cdae8f3e8acd9796dba49581)
|
|
Michael
(This used to be commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a)
|
|
Guenther
(This used to be commit 54ad97bd8364c393de2c9471a4c14ca5b880b318)
|
|
The child struct is immediately reused, and this results
in a panic when child->logfilename == NULL.
Michael
(This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
|
|
metze
(This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
|
|
Add struct_ prefix to struct based protocol specific
elemetens struct winbindd_child_dispatch_table.
metze
(This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
|
|
them with malloc'ing accessor functions. Should save a
lot of static space :-).
Jeremy.
(This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)
|