summaryrefslogtreecommitdiffstats
path: root/source/winbindd/winbindd_dual.c
Commit message (Collapse)AuthorAgeFilesLines
* Fix denial of service - memory corruption.Karolin Seeger2011-02-271-0/+7
| | | | | | | | | | | | | | | | | | | | | | CVE-2011-0719 Fix bug #7949 (DoS in Winbind and smbd with many file descriptors open). All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set. A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection). Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.
* More warning fixes for Solaris.Jeremy Allison2009-02-241-1/+1
| | | | | Jeremy. (cherry picked from commit aea38950ff4865f1d791cd19619fadcd59eaf480)
* Don't send message to any other child in child process.Bo Yang2009-01-201-1/+33
| | | | (cherry picked from commit d521529b3fcbcd7b183eb466bc06497998fd7e28)
* From boyang - ensure we never "return" from a forked child, always _exit().Jeremy Allison2009-01-201-2/+2
| | | | | Jeremy. (cherry picked from commit c2515026807e08c7836ef1bd6220bd7eab3a1a5b)
* Don't set child->requests to NULL in parent after forkBo Yang2009-01-121-1/+0
| | | | (cherry picked from commit e4505156522560fb0c7ee3aadd75d4fc9d446609)
* Make winbindd_cm.c use winbindd_reinit_after_fork().Jeremy Allison2009-01-081-17/+21
| | | | | Jeremy. (cherry picked from commit 77a4a3976af353f517b5193bae9cfbe0f3ad6f4c)
* Add winbindd_reinit_after_fork(), cleaning out all possible eventsJeremy Allison2009-01-081-52/+76
| | | | | | in a forked child. Jeremy. (cherry picked from commit e7433112f4f05aeaf9a3c03ec58962c4d9e16c7d)
* s3:events: change event_add_timed() prototype to match samba4Stefan Metzmacher2009-01-081-8/+3
| | | | | metze (cherry picked from commit a632a1bcd694cff03de3456dac582800e94c451e)
* s3:winbindd: cancel all ccache entry events and not just oneStefan Metzmacher2009-01-081-6/+4
| | | | | | | | cancel_named_event() is stupid by design and also only cancels one single event. metze (cherry picked from commit d605077effaf265ea4df66fcaf9007004db61acc)
* Fix broken krb5 refresh chainBo Yang2009-01-081-0/+21
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit d6eb7f1af2f4097085a4a14e9e88327f039bdf29)
* clean event context after child is forked.Bo Yang2009-01-081-16/+24
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit ada3145ffe40dfbe89f968e844bfb139a58eab5d)
* s3:winbindd: we don't need to call messaging_reinit() twiceStefan Metzmacher2009-01-021-7/+0
| | | | | | | | reinit_after_fork() already calls messaging_reinit() metze (cherry picked from commit 429276556a4930fa1bc782904447120950073190) (cherry picked from commit 6bd2276d426bb92e2fc195ea69aeeb4aa7a574e7)
* Use talloc_stackframe() in machine_password_change_handler (This used to be ↵Volker Lendecke2008-11-261-9/+5
| | | | | | commit 79103000b13c95325534db749a0da638a3eb1807) (cherry picked from commit 72a2b9615025c249c7cf1376ebeeb6a29537504f)
* Fix a memleak in calculate_next_machine_pwd_change (This used to be commit ↵Volker Lendecke2008-11-261-2/+7
| | | | | | 5314f06dcdf14ce5e038a03a3e4dfded227bd00c) (cherry picked from commit fa20fa5d243ee640f5d564525358c1f5ba2df3a7)
* s3-winbindd: for now only change machine pwd when not using a system krb5 ↵Günther Deschner2008-11-261-0/+1
| | | | | | | keytab. Guenther (cherry picked from commit 43991cd0ef972ebefabb0318a630403b9e42b67b)
* winbindd: only create machine pwd change event when in primary domain child.Günther Deschner2008-11-261-1/+1
| | | | | | Guenther (This used to be commit 543dfdc1cf6baf60bffc23c6aebc542fd58d2d2e) (cherry picked from commit 61f51d78b34f1ed80cef9758cdcded6f6fa82c19)
* winbindd: add event based machine password change.Günther Deschner2008-11-261-0/+119
| | | | | | Guenther (This used to be commit 15b72d44cbde0b8a375d8ed3d045c40ae97ec05a) (cherry picked from commit 4721049e840846c2ac4ba829c5eb669576b0fa0f)
* Coverity fix CID: 592 - null deref (can't happen but doesn't hurt to be sure).Jeremy Allison2008-11-181-1/+1
| | | | | Jeremy. (cherry picked from commit d6d41e85d4c7c041683057fb39196898c6218212)
* Fix bug #5814 - Winbindd dumping core in a strange manner while doing ↵Jeremy Allison2008-10-151-0/+23
| | | | | | | | | | | | | | | | | "rescan_trusted_domain". From analysis by hargagan <shargagan@novell.com> : "The winbindd_child_died() is also getting called from process_loop() in case of SIGCHLD signal. In this case it doesn't make the timeout_handler to NULL for the first request. It then initiate a new request using schedule_async_request() which installs a new timeout handler for the same request. In such a case, for a badly unresponsive system both the timeout handler can be called. For the first call the "private_data" will be cleared and for another call the timeout handler will be detecting the double free. So, for such a case as well, the winbindd_child_died() should make the timeout_handler to NULL." Jeremy. (cherry picked from commit 6be98cbb23f4cdb65353a426ae5edbf0290774d8)
* Log in the parent winbind log where a request is goingVolker Lendecke2008-10-151-0/+4
| | | | (cherry picked from commit 8d82a75ec9875137928c69370bbaf621bf4fc3fb)
* Fix winbindd crash in an unusual failure mode. Bug #5737. Based on original ↵Jeremy Allison2008-09-291-5/+9
| | | | | | | patch from shargagan@novell.com Jeremy. (cherry picked from commit d5c490d79024ee41544512f7968999a6b3a313dc)
* Fix Coverity ID 592Volker Lendecke2008-09-011-0/+4
| | | | | | | | | | The scanner did not figure out that we always have a primary domain, so it complained about us potentially passing a NULL pointer down to set_domain_online_request() where it is dereferenced. Make the code a bit clearer. (cherry picked from commit e6e8d108f95ed974f98f3f57adcfbbde4e00fad9) (cherry picked from commit 70dbc13aaef893b25e3164fdcf187a01ec27b392)
* idmap rewriteVolker Lendecke2008-08-121-0/+2
|
* Fix a race condition in winbind leading to a crashVolker Lendecke2008-07-251-4/+3
| | | | | | | | | | | | | | | When SIGCHLD handling is delayed for some reason, sending a request to a child can fail early because the child has died already. In this case async_main_request_sent() directly called the continuation function without properly removing the malfunctioning child process and the requests in the queue. The next request would then crash in the DLIST_ADD_END() in async_request() because the request pending for the child had been talloc_free()'ed and yet still was referenced in the list. This one is *old*... Volker (cherry picked from commit 8691709626b0d461de91b8fc9d10c730d1f183dd)
* From Jim McDonoughJeremy Allison2008-07-171-1/+2
| | | | | | | | In reloading the smb.conf, if a "log file" is specified in smb.conf, winbind children will overwrite the logfile name to be the same as the parent. Jeremy.
* MSG_DEBUG now forwarded to all the winbindd children by parent.Darshan Purandare2008-07-011-0/+34
| | | | | | | | smbcontrol winbindd debug level would only set the debug level of the parent winbindd process and not the child processes. This patch adds the functionality of broadcasting the debug message to all winbindd children. Now the debug level message is propagated to all the winbindd processes that includes parent and children.
* Fix by Bo Yang <boyang@novell.com> for bug with winbindd trusted domain childJeremy Allison2008-06-021-2/+18
| | | | | not keeping primary domain online status up to date. Jeremy.
* Fix bug #5504. winbindd children and parent were handing SIGTERM in the same ↵Jeremy Allison2008-05-301-1/+1
| | | | | | way - deleting the socket! Jeremy.
* Fix winbindd on a PDC by reverting : ↵Jeremy Allison2008-05-291-9/+0
| | | | | | | | 83b04c60fac76ccd2d5aecb14f8896a07d488b1f..6e66512d5beb256a44c6703cdb8c7fa7e0fd8537. We still need to address https://bugzilla.redhat.com/show_bug.cgi?id=429024, but this will come later. Jeremy.
* Fix bug #5464. Pointed out by Herb @ Connectathon. In fork_domain_child() we ↵Jeremy Allison2008-05-141-3/+3
| | | | | | | | | | | | | | call : CatchChild(); *before* we fork the domain child. This call establishes a signal handler that eats SIGCLD signals and doesn't call sys_select_signal() as the main daemon SIGCLD handler should do. This causes the parent to ignore dead children and time out, instead of calling winbind_child_died() on receipt of the signal. The correct fix is to move the CatchChild call into the child code after the fork. Jeremy.
* Enable winbind child processes to do something with signals,Jim McDonough2008-05-131-0/+4
| | | | | | | | in particular closing and reopening logs on SIGHUP. Conflicts: source/winbindd/winbindd.c
* Winbind: Prevent cycle in children list when reaping dead child processes.Gerald W. Carter2008-04-301-0/+4
| | | | | | | | | | | | | | | | | | | Thanks to Glenn Curtis and Kyle Stemen @ Likewise. Their explanation is: In winbindd_dual.c, there is a list of children processes that is maintained using macros DTLIST_ADD and DTLIST_REMOVE. In the case when a scheduled_async_request fails, the particular child was located in the list, and its attributes were cleared out and it was reused for a subsequent async request. The bug was that the new request would queue the same node into the doubly-linked list and would result in list->next pointing to the same node as list itself. This would set up an infinite loop in the processing of the for loop when the list of children was referenced. Solution was to fully remove the child node from the list, such that it could be inserted without risk of being inserted twice. Note that the child is re-added to the list in fork_domain_child() again.
* Fix CLEAR_IF_FIRST handling of messages.tdbVolker Lendecke2008-04-231-1/+1
| | | | | | | We now open messages.tdb even before we do the become_daemon. become_daemon() involves a fork and an immediate exit of the parent, thus the parent_is_longlived argument must be set to false in this case. The parent is not really long lived :-)
* winbindd: call reinit_after_fork() in the child processesStefan Metzmacher2008-04-181-3/+2
| | | | metze
* Fix wbinfo -a trusted\\user%password on a Samba DC with trustsVolker Lendecke2008-03-271-1/+0
| | | | Winbind can't be allowed to connect to the local smbd.
* Use rpccli_samr_QueryDomainInfo() in winbindd.Günther Deschner2008-02-061-1/+1
| | | | Guenther
* Convert read_data() to NTSTATUSVolker Lendecke2008-02-021-9/+11
|
* Merge branch 'v3-2-test' of ssh://git.samba.org/data/git/samba into v3-2-testSimo Sorce2008-02-011-1/+91
|\
| * Add debug message: show which domain_child is being forked.Michael Adam2008-01-251-0/+7
| | | | | | | | Michael
| * Add winbind_msg_dump_domain_list to winbindd.Günther Deschner2008-01-241-0/+84
| | | | | | | | Guenther
| * Fix panic: Don't free the logfilename in winbind_child_died().Michael Adam2008-01-231-1/+0
| | | | | | | | | | | | | | The child struct is immediately reused, and this results in a panic when child->logfilename == NULL. Michael
* | Fix winbindd running on a Samba DC,Simo Sorce2008-02-011-0/+11
|/ | | | | | | This patch make sure we do not try to contact smbd in the main dameon to avoid deadlocks. All the operations that require connecting to smbd are performed in the domain child anyway.
* winbindd: move domain child specific stuff into its own fileStefan Metzmacher2007-12-141-89/+10
| | | | metze
* winbindd: rename child table struct elementsStefan Metzmacher2007-12-111-32/+80
| | | | | | | Add struct_ prefix to struct based protocol specific elemetens struct winbindd_child_dispatch_table. metze
* Remove the char[1024] strings from dynconfig. ReplaceJeremy Allison2007-12-101-2/+2
| | | | | | them with malloc'ing accessor functions. Should save a lot of static space :-). Jeremy.
* Remove more pstrings, from the winbindd protocol def andJeremy Allison2007-12-031-4/+9
| | | | | inside winbindd. Remove unused pstring types. Jeremy.
* Remove the horror that was the global smb_rw_error.Jeremy Allison2007-11-051-2/+2
| | | | | | | | | | Each cli struct has it's own local copy of this variable, so use that in client code. In the smbd server, add one static to smbd/proccess.c and use that inside smbd. Fix a bunch of places where smb_rw_error could be set by calling read_data() in places where we weren't reading from the SMB client socket (ie. winbindd). Jeremy.
* r25571: split up child_dispatch_table into domain, idmap and locator tablesStefan Metzmacher2007-10-221-31/+9
| | | | | metze (cherry picked from commit abbb36a37c1dba2218a6c7ec31739eba5f250127)
* RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison2007-10-181-16/+16
| | | | | | | bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy.
* [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.samba-misc-tags/initial-v3-2-testGerald (Jerry) Carter2007-10-101-9/+31
|
generated by cgit (git 2.34.1) at 2024-06-24 21:40:54 +0000