From f607197054436a8195e3d0a695fe31574b418059 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 14 Jul 2004 12:14:07 +0000 Subject: r1498: (merge from 3.0) Rework our random number generation system. On systems with /dev/urandom, this avoids a change to secrets.tdb for every fork(). For other systems, we now only re-seed after a fork, and on startup. No need to do it per-operation. This removes the 'need_reseed' parameter from generate_random_buffer(). This also requires that we start the secrets subsystem, as that is where the reseed value is stored, for systems without /dev/urandom. In order to aviod identical streams in forked children, the random state is re-initialised after the fork(), at the same point were we do that to the tdbs. Andrew Bartlett (This used to be commit b97d3cb2efd68310b1aea8a3ac40a64979c8cdae) --- source4/smbd/process_standard.c | 4 ++++ source4/smbd/rewrite.c | 7 +++++++ 2 files changed, 11 insertions(+) (limited to 'source4/smbd') diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index cc02e84d57..5c2a0a3410 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -74,6 +74,10 @@ static void standard_accept_connection(struct event_context *ev, struct fd_event DEBUG(0,("standard_accept_connection: tdb_reopen_all failed.\n")); } + /* Ensure that the forked children do not expose identical random streams */ + + set_need_random_reseed(); + mem_ctx = talloc_init("server_service_connection"); if (!mem_ctx) { DEBUG(0,("talloc_init(server_service_connection) failed\n")); diff --git a/source4/smbd/rewrite.c b/source4/smbd/rewrite.c index d0a4bad374..ac241958c7 100644 --- a/source4/smbd/rewrite.c +++ b/source4/smbd/rewrite.c @@ -70,6 +70,13 @@ void smbd_process_init(void) if (!init_change_notify()) exit(1); + /* Start old-style secrets subsystem */ + + /* We must perform secrets_init(), as it sets up important + * seeding for the random number generator. + */ + secrets_init(); + talloc_destroy(mem_ctx); } -- cgit