Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
We're in a child, the parent already has chosen the domain by
picking the right child to connect to.
Metze, you've done work on winbind lately, so it goes to you:
Please check :-)
|
|
|
|
|
|
commit 73577205cf81644e7fe853eaf3e6459f7f443096
(s3:winbindd: fix problems with SIGCHLD handling (bug #7317))
broke this.
metze
|
|
|
|
metze
|
|
The main problem is that we call CatchChild() within the
parent winbindd, which overwrites the signal handler
that was registered by winbindd_setup_sig_chld_handler().
That means winbindd_sig_chld_handler() and winbind_child_died()
are never triggered when a winbindd domain child dies.
As a result will get "broken pipe" for all requests to that domain.
To reduce the risk of similar bugs in future we call
CatchChild() in winbindd_reinit_after_fork() now.
We also use a full winbindd_reinit_after_fork() in the
cache validation child now instead instead of just resetting
the SIGCHLD handler by hand. This will also fix possible
tdb problems on systems without pread/pwrite and disabled mmap
as we now correctly reopen the tdb handle for the child.
metze
|
|
|
|
|
|
There're maybe additional TCP connection for ncacn_ip_tcp.
metze
|
|
metze
|
|
This makes sure we don't crash while trying to dereference domain->conn.cli->foo
while trying to establish a rpc connection to the server.
metze
|
|
|
|
|
|
|
|
|
|
|
|
logon call
This fixes hopefully the last part of bug #7295.
metze
|
|
metze
|
|
metze
|
|
connection
metze
|
|
metze
|
|
metze
|
|
|
|
|
|
Inspired by the NTLMSSP merge work by Andrew Bartlett.
metze
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
That will hopefully make debugging a bit easier (at least for me).
metze
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
|
|
For me this survives the
TESTS=posix_s3 POSIX_SUBTESTS="RPC-SAMR-LARGE-DC LOCAL-NSS-WRAPPER" make test
reproducer. Günther, please check!
Volker
|
|
reported by valgrind
The timeval passed to event_add_to_select_args() must be initialized
as event_add_to_select_args() uses a timeval_min() on this and next_event.
|
|
|
|
|
|
This way we can endup with silently using builtin_passdb_methods
for an ad domain without an inbound trust.
This fixes bug #7170.
metze
|
|
At the formerly used process_result statement we have alone one
NT_STATUS_IS_OK() which never could be hit in our case as we only go here
if NT_STATUS_EQUAL is not ok.
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Karolin
|
|
|
|
With this command you can give winbind your password for later use by
the automatic ntlm_auth
|
|
WINBINDD_LIST_GROUPS
This allows to test if there's something wrong with the group list in
extra_data or if there's simply no groups in the database.
Volker, please check.
|
|
WINBINDD_CHECK_MACHACC used to report an NTSTATUS error and appropriate error
strings. Make this work again.
|
|
We have to initialize domain->backend by calling "get_cache" before doing a
query
Thanks to Christian Ambach to find this :-)
|
|
|
|
|
|
|
|
|