summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_dual.c
AgeCommit message (Collapse)AuthorFilesLines
2009-02-23More warning fixes for Solaris.Jeremy Allison1-1/+1
Jeremy.
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-27s3:winbindd: handle SIG_TERM, SIGHUP, SIGCHLD and SIGUSR2 via teventStefan Metzmacher1-5/+6
metze
2009-01-22s3:winbindd: we don't need to call message_dispatch() anymore it's event ↵Stefan Metzmacher1-4/+0
triggered now metze
2009-01-22s3: always call run_events() before and after sys_select()Stefan Metzmacher1-9/+24
And always setup the fd events. metze
2009-01-14Clean up comments a little.Jeremy Allison1-11/+13
Jeremy.
2009-01-14Don't send message to any other child in child process.Bo Yang1-0/+30
Signed-off-by: Bo Yang <boyang@novell.com>
2009-01-13From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison1-2/+2
Jeremy.
2009-01-10Don't set child->requests to NULL in parent after forkBo Yang1-1/+0
2009-01-06Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison1-17/+21
Jeremy.
2009-01-06Add winbindd_reinit_after_fork(), cleaning out all possible eventsJeremy Allison1-52/+76
in a forked child. Jeremy.
2009-01-05s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher1-8/+3
metze
2009-01-05s3:winbindd: cancel all ccache entry events and not just oneStefan Metzmacher1-6/+4
cancel_named_event() is stupid by design and also only cancels one single event. metze
2009-01-05Fix broken krb5 refresh chainBo Yang1-0/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-01-05clean event context after child is forked.Bo Yang1-16/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-31s3:winbindd: we don't need to call messaging_reinit() twiceStefan Metzmacher1-7/+0
reinit_after_fork() already calls messaging_reinit() metze
2008-11-21s3-winbindd: for now only change machine pwd when not using a system krb5 ↵Günther Deschner1-0/+1
keytab. Guenther
2008-10-29Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure).Jeremy Allison1-1/+1
Jeremy.
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-1/+1
2008-10-08Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison1-0/+23
"rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy.
2008-10-06Log in the parent winbind log where a request is goingVolker Lendecke1-0/+4
2008-09-23Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵Jeremy Allison1-5/+9
patch from shargagan@novell.com Jeremy.
2008-08-31Fix Coverity ID 592Volker Lendecke1-0/+4
The scanner did not figure out that we always have a primary domain, so it complained about us potentially passing a NULL pointer down to set_domain_online_request() where it is dereferenced. Make the code a bit clearer. (This used to be commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9)
2008-08-25winbindd: only create machine pwd change event when in primary domain child.Günther Deschner1-1/+1
Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e)
2008-08-23Use talloc_stackframe() in machine_password_change_handlerVolker Lendecke1-9/+5
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807)
2008-08-23Fix a memleak in calculate_next_machine_pwd_changeVolker Lendecke1-2/+7
(This used to be commit 5314f06dcdf14ce5e038a03a3e4dfded227bd00c)
2008-08-23winbindd: add event based machine password change.Günther Deschner1-0/+119
Guenther (This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a)
2008-08-12idmap rewriteVolker Lendecke1-0/+2
(This used to be commit 30a180f2fce8cf6a3e5548f6bba453272ba70b33)
2008-07-25Fix a race condition in winbind leading to a crashVolker Lendecke1-4/+3
When SIGCHLD handling is delayed for some reason, sending a request to a child can fail early because the child has died already. In this case async_main_request_sent() directly called the continuation function without properly removing the malfunctioning child process and the requests in the queue. The next request would then crash in the DLIST_ADD_END() in async_request() because the request pending for the child had been talloc_free()'ed and yet still was referenced in the list. This one is *old*... Volker (cherry picked from commit 8691709626b0d461de91b8fc9d10c730d1f183dd) (This used to be commit c70e2b6476d2d99c79624e15a4a3cfcdc850fc7c)
2008-07-17From Jim McDonoughJeremy Allison1-1/+2
In reloading the smb.conf, if a "log file" is specified in smb.conf, winbind children will overwrite the logfile name to be the same as the parent. Jeremy. (This used to be commit 62d319cc1a2ef891866b2ddbd22f3ed0944356af)
2008-07-01MSG_DEBUG now forwarded to all the winbindd children by parent.Darshan Purandare1-0/+34
smbcontrol winbindd debug level would only set the debug level of the parent winbindd process and not the child processes. This patch adds the functionality of broadcasting the debug message to all winbindd children. Now the debug level message is propagated to all the winbindd processes that includes parent and children. (This used to be commit cfbcfc3ffe74f28ec874a6bf1ab93f55f405b6e6)
2008-06-02Fix by Bo Yang <boyang@novell.com> for bug with winbindd trusted domain childJeremy Allison1-2/+18
not keeping primary domain online status up to date. Jeremy. (This used to be commit 0621c7c8161b7b94cc9249ab3e71855d3030b6fb)
2008-05-30Fix bug #5504. winbindd children and parent were handing SIGTERM in the same ↵Jeremy Allison1-1/+1
way - deleting the socket! Jeremy. (This used to be commit 3ab5a3883e33eba159152aa02544d71f047c7e45)
2008-05-29Fix winbindd on a PDC by reverting : ↵Jeremy Allison1-9/+0
83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537. We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this will come later. Jeremy. (This used to be commit 41e20becf3b976656f60aaec9175df329803b012)
2008-05-14Fix bug #5464. Pointed out by Herb @ Connectathon. In fork_domain_child() we ↵Jeremy Allison1-3/+3
call : CatchChild(); *before* we fork the domain child. This call establishes a signal handler that eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon SIGCLD handler should do. This causes the parent to ignore dead children and time out, instead of calling winbind_child_died() on receipt of the signal. The correct fix is to move the CatchChild call into the child code after the fork. Jeremy. (This used to be commit 8d701a142be2b75dc30ad215bc178af902eb4af9)
2008-05-13Enable winbind child processes to do something with signals,Jim McDonough1-0/+4
in particular closing and reopening logs on SIGHUP. Conflicts: source/winbindd/winbindd.c (This used to be commit 0f7b11accec7df1c0e9a9dc0828a5e0c5ddec4cb)
2008-04-30Winbind: Prevent cycle in children list when reaping dead child processes.Gerald W. Carter1-0/+4
Thanks to Glenn Curtis and Kyle Stemen @ Likewise. Their explanation is: In winbindd_dual.c, there is a list of children processes that is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the case when a scheduled_async_request fails, the particular child was located in the list, and its attributes were cleared out and it was reused for a subsequent async request. The bug was that the new request would queue the same node into the doubly-linked list and would result in list->next pointing to the same node as list itself. This would set up an infinite loop in the processing of the for loop when the list of children was referenced. Solution was to fully remove the child node from the list, such that it could be inserted without risk of being inserted twice. Note that the child is re-added to the list in fork_domain_child() again. (This used to be commit b379b5b5d8a6daccc69aaf2be6d9a6e276e7dd78)
2008-04-23Fix CLEAR_IF_FIRST handling of messages.tdbVolker Lendecke1-1/+1
We now open messages.tdb even before we do the become_daemon. become_daemon() involves a fork and an immediate exit of the parent, thus the parent_is_longlived argument must be set to false in this case. The parent is not really long lived :-) (This used to be commit 4f4781c6d17fe2db34dd5945fec52a7685448aec)
2008-04-18winbindd: call reinit_after_fork() in the child processesStefan Metzmacher1-3/+2
metze (This used to be commit 8e9fdef792e612e414444e7714a2fd4513892248)
2008-03-27Fix wbinfo -a trusted\\user%password on a Samba DC with trustsVolker Lendecke1-1/+0
Winbind can't be allowed to connect to the local smbd. (This used to be commit 0d617f639a3c9c52e4327aed4bd02d9e8e7312a2)
2008-02-06Use rpccli_samr_QueryDomainInfo() in winbindd.Günther Deschner1-1/+1
Guenther (This used to be commit dd9fa33e968d4e641460fe1c6beb05dfe12fa918)
2008-02-02Convert read_data() to NTSTATUSVolker Lendecke1-9/+11
(This used to be commit af40b71023f8c4a2133d996ea698c72b97624043)
2008-02-01Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-testSimo Sorce1-1/+91
(This used to be commit 7dbfc7bdc65314466a83e8121b35c9bcb24b2631)
2008-02-01Fix winbindd running on a Samba DC,Simo Sorce1-0/+11
This patch make sure we do not try to contact smbd in the main dameon to avoid deadlocks. All the operations that require connecting to smbd are performed in the domain child anyway. (This used to be commit 9347d34b502bef70cdae8f3e8acd9796dba49581)
2008-01-25Add debug message: show which domain_child is being forked.Michael Adam1-0/+7
Michael (This used to be commit 373a00ae0d667d257fa93ab14c773e841f2c4f1a)
2008-01-24Add winbind_msg_dump_domain_list to winbindd.Günther Deschner1-0/+84
Guenther (This used to be commit 54ad97bd8364c393de2c9471a4c14ca5b880b318)
2008-01-23Fix panic: Don't free the logfilename in winbind_child_died().Michael Adam1-1/+0
The child struct is immediately reused, and this results in a panic when child->logfilename == NULL. Michael (This used to be commit da131d089db98017632103aa9bbe38c98f7a3fc1)
2007-12-14winbindd: move domain child specific stuff into its own fileStefan Metzmacher1-89/+10
metze (This used to be commit 075d315e0f72d506b70040da10940e4af131b4e2)
2007-12-11winbindd: rename child table struct elementsStefan Metzmacher1-32/+80
Add struct_ prefix to struct based protocol specific elemetens struct winbindd_child_dispatch_table. metze (This used to be commit 4ab9a8aab72a8406659a72e87b2d2a1ec2a2eabf)
2007-12-10Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison1-2/+2
them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy. (This used to be commit 52dc5eaef2106015b3a8b659e818bdb15ad94b05)