| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
| |
|
|
|
|
| |
That will hopefully make debugging a bit easier (at least for me).
metze
|
| |
|
|
| |
Signed-off-by: Bo Yang <boyang@samba.org>
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
For me this survives the
TESTS=posix_s3 POSIX_SUBTESTS="RPC-SAMR-LARGE-DC LOCAL-NSS-WRAPPER" make test
reproducer. Günther, please check!
Volker
|
| |
|
|
|
|
|
| |
reported by valgrind
The timeval passed to event_add_to_select_args() must be initialized
as event_add_to_select_args() uses a timeval_min() on this and next_event.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This way we can endup with silently using builtin_passdb_methods
for an ad domain without an inbound trust.
This fixes bug #7170.
metze
|
| |
|
|
|
|
| |
At the formerly used process_result statement we have alone one
NT_STATUS_IS_OK() which never could be hit in our case as we only go here
if NT_STATUS_EQUAL is not ok.
|
| |
|
|
| |
Signed-off-by: Bo Yang <boyang@samba.org>
|
| |
|
|
| |
Karolin
|
| | |
|
| |
|
|
|
| |
With this command you can give winbind your password for later use by
the automatic ntlm_auth
|
| |
|
|
|
|
|
|
|
| |
WINBINDD_LIST_GROUPS
This allows to test if there's something wrong with the group list in
extra_data or if there's simply no groups in the database.
Volker, please check.
|
| |
|
|
|
| |
WINBINDD_CHECK_MACHACC used to report an NTSTATUS error and appropriate error
strings. Make this work again.
|
| |
|
|
|
|
|
| |
We have to initialize domain->backend by calling "get_cache" before doing a
query
Thanks to Christian Ambach to find this :-)
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
ntlmssp_update allocates the reply_blob as a child of ntlmssp_state. This means
with ntlmss_end() it will be gone. winbindd_dual_ccache_ntlm_auth used the blob
after the ntlmssp_end().
|
| |
|
|
| |
Signed-off-by: Bo Yang <boyang@samba.org>
|
| |
|
|
|
|
| |
backend query.
Signed-off-by: Bo Yang <boyang@samba.org>
|
| |
|
|
|
|
| |
lsa_pipe_tcp is ok but network is down, then send request is ok, but select() on writeable fds loops forever since there is no response.
Signed-off-by: Bo Yang <boyang@samba.org>
|
| |
|
|
| |
data_blob_const can't fail
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
If we found a match with sid==NULL, we ended up adding the domain twice
|
| | |
|
| |
|
|
| |
Hopefully this makes the flag tests a bit more understandable
|
| | |
|
| |
|
|
| |
This avoids one walk of the domain list
|
| |
|
|
| |
winbindd_getgrgid was not protected by this.
|
| |
|
|
| |
(*trusted_domains)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No real code change, this just removes an indentation by turning
if ( NT_STATUS_IS_OK(result) && trusts.count) {
into
if (!NT_STATUS_IS_OK(result)) {
return result;
}
if (trusts.count == 0) {
return NT_STATUS_OK;
}
|
| |
|
|
| |
Watch the #if 0 -- we never stored this in the cache anymore
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
