IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We often loop over the array of domain children. However, the size of
the array is calculated as lp_winbind_max_domain_connections() which can
change (it is based on smb.conf). The fix is the talloc_array_length().
Reproducer:
winbind max domain connections = 100
smbcontrol all reload-config
smbcontrol all debug 10
/var/log/samba/log.winbindd shows many lines with random garbage pid:
[2023/08/25 10:03:49.898994, 10, pid=158296, effective(0, 0), real(0, 0), class=winbind] ../../source3/winbindd/winbindd_dual.c:885(winbind_msg_relay_fn)
winbind_msg_relay_fn: sending message to pid 1037686087.
[2023/08/25 10:03:49.899010, 3, pid=158296, effective(0, 0), real(0, 0)] ../../source3/lib/util_procid.c:53(pid_to_procid)
pid_to_procid: messaging_dgm_get_unique failed: No such file or directory
In this scenario we dereference only a garbage PID, but if we would
dereference some garbage pointer we would segfault.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Done already in setup_child(): child->domain = domain
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
By using NDR we avoid manual marshalling (netr_DomainTrust array
to text string) and unmarshalling (parse the received text string
back to a netr_DomainTrust array).
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes us scale better with many simultaneous winbind requests,
some of which might be slow.
This implementation breaks offline logons, as the cached credentials are
maintained in a child (this needs fixing). So, if the offline logons are
active, only allow one DC connection.
Probably the offline logon and the scalable file server cases are
separate enough so that this patch is useful even with the restriction.
* Adds wbcGetSidAliases that calls the lookup_useraliases function.
* Updates wbinfo and winbind_util.c to call the new function.
* Also added winbind_get_groups helper function.
Attached is the companion patch to
(037b9689d9), which
made handling of WINBINDD_LIST_GROUPS asynchronous.
Because most all of the list_groups code was reusable, I abstracted it,
and implemented both list_groups and list_users on top of it.
On my large test domain a "wbinfo -u" call went from 70 seconds to 30
seconds with this patch. Plus, the parent process is no longer blocked
from receiving new requests during that time.
Steven Danneman | Software Development Engineer
Isilon Systems P +1-206-315-7500 F +1-206-315-7501
www.isilon.com
(This used to be commit 5188f28611)
Previously WINBINDD_LIST_GROUPS requests (ex: wbinfo -g) were handled by the
winbindd parent process in a sequential fashion. This patch, delegates the work
to the winbindd children so that the request is handled much faster in large
domain topologies, and doesn't block the parent from receiving new requests.
The core group enumeration and conversion that was handled in
winbindd_list_groups() has been moved into winbindd_dual_list_groups() to be
done by the child.
The parent winbindd_list_groups() simply calls each of the children
asynchronously.
listgroups_recv() aggregates the final group list that will be returned to the
client and tracks how many of the children have returned their lists.
The domain name of the child is passed back through the callbacks to be used in
debugging messages.
There are also several fixes to typos in various comments.
(This used to be commit 037b9689d9)
