summaryrefslogtreecommitdiff
path: root/source3/winbindd/winbindd_dual.c
AgeCommit message (Collapse)AuthorFilesLines
2009-11-19s3: Avoid races to change the machine password in winbindVolker Lendecke1-0/+18
The machine password handler has code to deal with every node in the cluster trying to change the machine password at the same time. However, it is not very nice to the DC if everyone tries this simultaneously. This adds a random 0-255 second offset to our timed event. When this fires a bit later than strictly calculated, someone else might have stepped in and have already changed it. The timed event handler will handle this gracefully, it won't even try to do it again.
2009-11-19s3: Protect against flooding the DC with pwchange requestsVolker Lendecke1-14/+24
When there is a temporary problem changing passwords we flooded the DC with pwchange requests. This gives the DC a 60-second break to recover.
2009-11-19s3: Re-check the timeout in machine_password_change_handler()Volker Lendecke1-0/+6
Someone else might have come in between and changed the password since we created that timed request
2009-11-19s3: Add some debugs to the winbind machine pwchange machineryVolker Lendecke1-0/+16
2009-11-19s3: Do not kill the whole smb session if a machine pwchange failedVolker Lendecke1-1/+1
2009-10-06s3-winbindd: make sure to reset connections when machine account password ↵Günther Deschner1-0/+8
change chain was broken. Guenther
2009-10-05Revert "s3: Attempt to fix machine password change"Volker Lendecke1-33/+9
This reverts commit 20a8ea91e10af167067cc794a251265aaf489e75. Ooops, this should not have been committed.
2009-10-05s3: Attempt to fix machine password changeVolker Lendecke1-9/+33
2009-08-27s3:winbind: Add a generic cache for NDR based parent-child requestsVolker Lendecke1-2/+2
2009-08-05s3:winbind: Add NDR-based parent-child communication to winbindVolker Lendecke1-0/+13
2009-07-31Provide a mem_ctx for child requestsVolker Lendecke1-0/+1
2009-07-28Remove a duplicate prototypeVolker Lendecke1-1/+0
2009-07-18s3: don't do this, upper callbacks will check itBo Yang1-4/+0
Signed-off-by: Bo Yang <boyang@samba.org>
2009-06-14Remove "winbindd_request" and "winbindd_response" from winbindd_cli_stateVolker Lendecke1-2/+4
This shrinks the memory footprint of an idle client by 5592 bytes to 60 bytes on my 32-bit box.
2009-06-14Make winbindd_cli_state->response a pointer instead of a struct memberVolker Lendecke1-15/+16
Same comment as in baa6084378e530b: This is just a preparatory checkin. Volker
2009-06-14Fix an error message: We get the errno in "err"Volker Lendecke1-1/+1
2009-06-14Do not use "finished" in winbind childVolker Lendecke1-10/+8
2009-06-14Convert async_domain_request to wb_domain_request_sendVolker Lendecke1-20/+22
2009-06-14Add wb_domain_request_send/recvVolker Lendecke1-0/+184
2009-06-14Convert the winbind parent->child communication to wb_reqtransVolker Lendecke1-230/+156
2009-06-14Make winbindd_cli_state->request a pointer instead of a struct memberVolker Lendecke1-18/+19
In itself, this is pretty pointless. But in the next steps I'll convert the winbind internal communication to wb_reqtrans which allocates the request properly. This minimizes the later diff. Volker
2009-05-27s3: Allow child processes to exit gracefully if we are out of fdsMarc VanHeyningen1-2/+3
When we run out of file descriptors for some reason, every new connection forks a child that immediately panics causing smbd to coredump. This seems unnecessarily harsh; with this code change we now catch that error and merely log a message about it and exit without the core dump. Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-05-22s3: Fix onlinestatus msg to return status of all domain instead of omitting ↵Bo Yang1-78/+51
trusted domains Signed-off-by: Bo Yang <boyang@samba.org>
2009-05-12Convert response.extra_data.data from malloc to tallocVolker Lendecke1-2/+0
2009-05-07Fix some nonempty blank linesVolker Lendecke1-11/+10
2009-02-23More warning fixes for Solaris.Jeremy Allison1-1/+1
Jeremy.
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz1-1/+1
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-01-27s3:winbindd: handle SIG_TERM, SIGHUP, SIGCHLD and SIGUSR2 via teventStefan Metzmacher1-5/+6
metze
2009-01-22s3:winbindd: we don't need to call message_dispatch() anymore it's event ↵Stefan Metzmacher1-4/+0
triggered now metze
2009-01-22s3: always call run_events() before and after sys_select()Stefan Metzmacher1-9/+24
And always setup the fd events. metze
2009-01-14Clean up comments a little.Jeremy Allison1-11/+13
Jeremy.
2009-01-14Don't send message to any other child in child process.Bo Yang1-0/+30
Signed-off-by: Bo Yang <boyang@novell.com>
2009-01-13From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison1-2/+2
Jeremy.
2009-01-10Don't set child->requests to NULL in parent after forkBo Yang1-1/+0
2009-01-06Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison1-17/+21
Jeremy.
2009-01-06Add winbindd_reinit_after_fork(), cleaning out all possible eventsJeremy Allison1-52/+76
in a forked child. Jeremy.
2009-01-05s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher1-8/+3
metze
2009-01-05s3:winbindd: cancel all ccache entry events and not just oneStefan Metzmacher1-6/+4
cancel_named_event() is stupid by design and also only cancels one single event. metze
2009-01-05Fix broken krb5 refresh chainBo Yang1-0/+21
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-01-05clean event context after child is forked.Bo Yang1-16/+24
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2008-12-31s3:winbindd: we don't need to call messaging_reinit() twiceStefan Metzmacher1-7/+0
reinit_after_fork() already calls messaging_reinit() metze
2008-11-21s3-winbindd: for now only change machine pwd when not using a system krb5 ↵Günther Deschner1-0/+1
keytab. Guenther
2008-10-29Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure).Jeremy Allison1-1/+1
Jeremy.
2008-10-11Cope with changed signature of http_timestring().Jelmer Vernooij1-1/+1
2008-10-08Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison1-0/+23
"rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy.
2008-10-06Log in the parent winbind log where a request is goingVolker Lendecke1-0/+4
2008-09-23Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵Jeremy Allison1-5/+9
patch from shargagan@novell.com Jeremy.
2008-08-31Fix Coverity ID 592Volker Lendecke1-0/+4
The scanner did not figure out that we always have a primary domain, so it complained about us potentially passing a NULL pointer down to set_domain_online_request() where it is dereferenced. Make the code a bit clearer. (This used to be commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9)
2008-08-25winbindd: only create machine pwd change event when in primary domain child.Günther Deschner1-1/+1
Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e)
2008-08-23Use talloc_stackframe() in machine_password_change_handlerVolker Lendecke1-9/+5
(This used to be commit 79103000b13c95325534db749a0da638a3eb1807)