sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-07-23 20:59:10 +03:00
Code Activity

s4:server: avoid calling into nss_winbind from within 'samba'

Browse Source 
The most important part is that the 'winbind_server' doesn't
recurse into itself. This could happen if the krb5 libraries
call getlogin().

As we may run in single process mode, we need to set
_NO_WINBINDD=1 everywhere, the only exception is the forked
'smbd'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul 10 23:18:06 CEST 2013 on sn-devel-104
This commit is contained in:
Stefan Metzmacher
2013-07-10 14:48:18 +02:00
parent 1573638212
commit 596b51c666
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
file_server/file_server.c
View File

@ -28,6 +28,7 @@
#include "source4/smbd/process_model.h"
#include "file_server/file_server.h"
#include "dynconfig.h"
#include "nsswitch/winbind_client.h"
/*
called if smbd exits
@ -64,6 +65,8 @@ static void s3fs_task_init(struct task_server *task)
smbd_path = talloc_asprintf(task, "%s/smbd", dyn_SBINDIR);
smbd_cmd[0] = smbd_path;
/* the child should be able to call through nss_winbind */
(void)winbind_on();
/* start it as a child process */
subreq = samba_runcmd_send(task, task->event_ctx, timeval_zero(), 1, 0,
smbd_cmd,
@ -72,6 +75,12 @@ static void s3fs_task_init(struct task_server *task)
"--foreground",
debug_get_output_is_stdout()?"--log-stdout":NULL,
NULL);
/* the parent should not be able to call through nss_winbind */
if (!winbind_off()) {
DEBUG(0,("Failed to re-disable recursive winbindd calls after forking smbd\n"));
task_server_terminate(task, "Failed to re-disable recursive winbindd calls", true);
return;
}
if (subreq == NULL) {
DEBUG(0, ("Failed to start smbd as child daemon\n"));
task_server_terminate(task, "Failed to startup s3fs smb task", true);

7
source4/smbd/server.c
View File

@ -43,6 +43,7 @@
#include "cluster/cluster.h"
#include "dynconfig/dynconfig.h"
#include "lib/util/samba_modules.h"
#include "nsswitch/winbind_client.h"
/*
recursively delete a directory tree
@ -402,6 +403,12 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
}
}
/* make sure we won't go through nss_winbind */
if (!winbind_off()) {
DEBUG(0,("Failed to disable recusive winbindd calls. Exiting.\n"));
exit(1);
}
gensec_init(); /* FIXME: */
ntptr_init(); /* FIXME: maybe run this in the initialization function