Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2009-11-19 | s3: Avoid races to change the machine password in winbind | Volker Lendecke | 1 | -0/+18 | |
The machine password handler has code to deal with every node in the cluster trying to change the machine password at the same time. However, it is not very nice to the DC if everyone tries this simultaneously. This adds a random 0-255 second offset to our timed event. When this fires a bit later than strictly calculated, someone else might have stepped in and have already changed it. The timed event handler will handle this gracefully, it won't even try to do it again. | |||||
2009-11-19 | s3: Protect against flooding the DC with pwchange requests | Volker Lendecke | 1 | -14/+24 | |
When there is a temporary problem changing passwords we flooded the DC with pwchange requests. This gives the DC a 60-second break to recover. | |||||
2009-11-19 | s3: Re-check the timeout in machine_password_change_handler() | Volker Lendecke | 1 | -0/+6 | |
Someone else might have come in between and changed the password since we created that timed request | |||||
2009-11-19 | s3: Add some debugs to the winbind machine pwchange machinery | Volker Lendecke | 1 | -0/+16 | |
2009-11-19 | s3: Do not kill the whole smb session if a machine pwchange failed | Volker Lendecke | 1 | -1/+1 | |
2009-10-06 | s3-winbindd: make sure to reset connections when machine account password ↵ | Günther Deschner | 1 | -0/+8 | |
change chain was broken. Guenther | |||||
2009-10-05 | Revert "s3: Attempt to fix machine password change" | Volker Lendecke | 1 | -33/+9 | |
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed. | |||||
2009-10-05 | s3: Attempt to fix machine password change | Volker Lendecke | 1 | -9/+33 | |
2009-08-27 | s3:winbind: Add a generic cache for NDR based parent-child requests | Volker Lendecke | 1 | -2/+2 | |
2009-08-05 | s3:winbind: Add NDR-based parent-child communication to winbind | Volker Lendecke | 1 | -0/+13 | |
2009-07-31 | Provide a mem_ctx for child requests | Volker Lendecke | 1 | -0/+1 | |
2009-07-28 | Remove a duplicate prototype | Volker Lendecke | 1 | -1/+0 | |
2009-07-18 | s3: don't do this, upper callbacks will check it | Bo Yang | 1 | -4/+0 | |
Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-06-14 | Remove "winbindd_request" and "winbindd_response" from winbindd_cli_state | Volker Lendecke | 1 | -2/+4 | |
This shrinks the memory footprint of an idle client by 5592 bytes to 60 bytes on my 32-bit box. | |||||
2009-06-14 | Make winbindd_cli_state->response a pointer instead of a struct member | Volker Lendecke | 1 | -15/+16 | |
Same comment as in baa6084378e530b: This is just a preparatory checkin. Volker | |||||
2009-06-14 | Fix an error message: We get the errno in "err" | Volker Lendecke | 1 | -1/+1 | |
2009-06-14 | Do not use "finished" in winbind child | Volker Lendecke | 1 | -10/+8 | |
2009-06-14 | Convert async_domain_request to wb_domain_request_send | Volker Lendecke | 1 | -20/+22 | |
2009-06-14 | Add wb_domain_request_send/recv | Volker Lendecke | 1 | -0/+184 | |
2009-06-14 | Convert the winbind parent->child communication to wb_reqtrans | Volker Lendecke | 1 | -230/+156 | |
2009-06-14 | Make winbindd_cli_state->request a pointer instead of a struct member | Volker Lendecke | 1 | -18/+19 | |
In itself, this is pretty pointless. But in the next steps I'll convert the winbind internal communication to wb_reqtrans which allocates the request properly. This minimizes the later diff. Volker | |||||
2009-05-27 | s3: Allow child processes to exit gracefully if we are out of fds | Marc VanHeyningen | 1 | -2/+3 | |
When we run out of file descriptors for some reason, every new connection forks a child that immediately panics causing smbd to coredump. This seems unnecessarily harsh; with this code change we now catch that error and merely log a message about it and exit without the core dump. Signed-off-by: Tim Prouty <tprouty@samba.org> | |||||
2009-05-22 | s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵ | Bo Yang | 1 | -78/+51 | |
trusted domains Signed-off-by: Bo Yang <boyang@samba.org> | |||||
2009-05-12 | Convert response.extra_data.data from malloc to talloc | Volker Lendecke | 1 | -2/+0 | |
2009-05-07 | Fix some nonempty blank lines | Volker Lendecke | 1 | -11/+10 | |
2009-02-23 | More warning fixes for Solaris. | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2009-02-01 | Add two new parameters to control how we verify kerberos tickets. Removes ↵ | Dan Sledz | 1 | -1/+1 | |
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket. | |||||
2009-01-27 | s3:winbindd: handle SIG_TERM, SIGHUP, SIGCHLD and SIGUSR2 via tevent | Stefan Metzmacher | 1 | -5/+6 | |
metze | |||||
2009-01-22 | s3:winbindd: we don't need to call message_dispatch() anymore it's event ↵ | Stefan Metzmacher | 1 | -4/+0 | |
triggered now metze | |||||
2009-01-22 | s3: always call run_events() before and after sys_select() | Stefan Metzmacher | 1 | -9/+24 | |
And always setup the fd events. metze | |||||
2009-01-14 | Clean up comments a little. | Jeremy Allison | 1 | -11/+13 | |
Jeremy. | |||||
2009-01-14 | Don't send message to any other child in child process. | Bo Yang | 1 | -0/+30 | |
Signed-off-by: Bo Yang <boyang@novell.com> | |||||
2009-01-13 | From boyang - ensure we never "return" from a forked child, always _exit(). | Jeremy Allison | 1 | -2/+2 | |
Jeremy. | |||||
2009-01-10 | Don't set child->requests to NULL in parent after fork | Bo Yang | 1 | -1/+0 | |
2009-01-06 | Make winbindd_cm.c use winbindd_reinit_after_fork(). | Jeremy Allison | 1 | -17/+21 | |
Jeremy. | |||||
2009-01-06 | Add winbindd_reinit_after_fork(), cleaning out all possible events | Jeremy Allison | 1 | -52/+76 | |
in a forked child. Jeremy. | |||||
2009-01-05 | s3:events: change event_add_timed() prototype to match samba4 | Stefan Metzmacher | 1 | -8/+3 | |
metze | |||||
2009-01-05 | s3:winbindd: cancel all ccache entry events and not just one | Stefan Metzmacher | 1 | -6/+4 | |
cancel_named_event() is stupid by design and also only cancels one single event. metze | |||||
2009-01-05 | Fix broken krb5 refresh chain | Bo Yang | 1 | -0/+21 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2009-01-05 | clean event context after child is forked. | Bo Yang | 1 | -16/+24 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2008-12-31 | s3:winbindd: we don't need to call messaging_reinit() twice | Stefan Metzmacher | 1 | -7/+0 | |
reinit_after_fork() already calls messaging_reinit() metze | |||||
2008-11-21 | s3-winbindd: for now only change machine pwd when not using a system krb5 ↵ | Günther Deschner | 1 | -0/+1 | |
keytab. Guenther | |||||
2008-10-29 | Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure). | Jeremy Allison | 1 | -1/+1 | |
Jeremy. | |||||
2008-10-11 | Cope with changed signature of http_timestring(). | Jelmer Vernooij | 1 | -1/+1 | |
2008-10-08 | Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵ | Jeremy Allison | 1 | -0/+23 | |
"rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. | |||||
2008-10-06 | Log in the parent winbind log where a request is going | Volker Lendecke | 1 | -0/+4 | |
2008-09-23 | Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵ | Jeremy Allison | 1 | -5/+9 | |
patch from shargagan@novell.com Jeremy. | |||||
2008-08-31 | Fix Coverity ID 592 | Volker Lendecke | 1 | -0/+4 | |
The scanner did not figure out that we always have a primary domain, so it complained about us potentially passing a NULL pointer down to set_domain_online_request() where it is dereferenced. Make the code a bit clearer. (This used to be commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9) | |||||
2008-08-25 | winbindd: only create machine pwd change event when in primary domain child. | Günther Deschner | 1 | -1/+1 | |
Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e) | |||||
2008-08-23 | Use talloc_stackframe() in machine_password_change_handler | Volker Lendecke | 1 | -9/+5 | |
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807) |