|
|
Hi, everyone:
If the trusted domain cannot go online, fork_child_dc_connect()
will be invoked periodically to fork() one child process, trying to
connect to DC. look, fork_child_dc_connect() ---> getdcs() --->
get_dc_name_via_netlogon() ---> cm_connect_netlogon() --->
init_dc_connection() ---> cm_open_connection ---> set_domain_online(),
here send MSG_WINBIND_ONLINE to idmap_child(). It causes
MSG_WINBIND_ONLINE being sent to idmap_child() periodically, which cause
idmap child to fork and connect to the primary domain'DC even primary
domain is already online. :-) It is very expensive, we must not want to
do that....
Please review the patches!
Thanks!
Best
Regards
BoYang
>From 4b3aaca25e969e0fac1f55c22a1f0569d503c77f Mon Sep 17 00:00:00 2001
From: Bo Yang <boyang@xxxxxxxxxx>
Date: Tue, 13 Jan 2009 17:02:13 +0800
Subject: [PATCH] Don't send MSG_WINBIND_ONLINE to idmap_child() in child
process.
Signed-off-by: Bo Yang <boyang@xxxxxxxxxx>
---
source3/lib/messages.c | 4 ++++
source3/winbindd/winbindd_cm.c | 2 +-
source3/winbindd/winbindd_dual.c | 24 ++++++++++++++++++++++++
3 files changed, 29 insertions(+), 1 deletions(-)
diff --git a/source3/winbindd/winbindd_cm.c b/source3/winbindd/winbindd_cm.c
index 4e5659d..0db502b 100644
--- a/source3/winbindd/winbindd_cm.c
+++ b/source3/winbindd/winbindd_cm.c
@@ -216,7 +216,7 @@ static bool fork_child_dc_connect(struct winbindd_domain
*domain)
if (!override_logfile) {
if (asprintf(&lfile, "%s/log.winbindd-dc-connect",
get_dyn_LOGFILEBASE()) == -1) {
DEBUG(0, ("fork_child_dc_connect: out of memory.\n"));
- return false;
+ _exit(0);
}
}
diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c
index 9f91153..79d7671 100644
--- a/source3/winbindd/winbindd_dual.c
+++ b/source3/winbindd/winbindd_dual.c
@@ -1203,6 +1203,22 @@ bool winbindd_reinit_after_fork(const char *logfilename)
TALLOC_FREE(cl->lockout_policy_event);
TALLOC_FREE(cl->machine_password_change_event);
}
+ /*
+ * This is a little tricky, we don't want child
+ * to send MSG_WINBIND_ONLINE to idmap_child().
+ * If we are in the child of trusted domain or
+ * in the process created by fork_child_dc_connect().
+ * And the trusted domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * periodically to idmap_child().
+ * look, fork_child_dc_connect() ---> getdcs() --->
+ * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
+ * ---> init_dc_connection() ---> cm_open_connection --->
+ * set_domain_online(), here send MSG_WINBIND_ONLINE to
+ * idmap_child().
+ */
+ cl = idmap_child();
+ cl->pid = 0;
return true;
}
@@ -1296,6 +1312,14 @@ static bool fork_domain_child(struct winbindd_child
*child)
}
}
}
+
+ /*
+ * We are in idmap child, make sure that we set the
+ * check_online_event to bring primary domain online.
+ */
+ if (child == idmap_child()) {
+ set_domain_online_request(primary_domain);
+ }
/* We might be in the idmap child...*/
if (child->domain && !(child->domain->internal) &&
--
1.5.3
>From b043616ee3a80eeb8ff09aa364a33eb39ed2e24e Mon Sep 17 00:00:00 2001
From: Bo Yang <boyang@xxxxxxxxxx>
Date: Tue, 13 Jan 2009 17:33:26 +0800
Subject: [PATCH] Don't send MSG_WINBIND_ONLINE to idmap_child() in child
process.
Signed-off-by: Bo Yang <boyang@xxxxxxxxxx>
---
source/nsswitch/winbindd_dual.c | 24 ++++++++++++++++++++++++
1 files changed, 24 insertions(+), 0 deletions(-)
diff --git a/source/nsswitch/winbindd_dual.c b/source/nsswitch/winbindd_dual.c
index f976eba..988984c 100644
--- a/source/nsswitch/winbindd_dual.c
+++ b/source/nsswitch/winbindd_dual.c
@@ -972,6 +972,22 @@ bool winbindd_reinit_after_fork(const char *logfile)
}
TALLOC_FREE(cl->lockout_policy_event);
}
+ /*
+ * This is a little tricky, we don't want child
+ * to send MSG_WINBIND_ONLINE to idmap_child().
+ * If we are in the child of trusted domain or
+ * in the process created by fork_child_dc_connect().
+ * And the trusted domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * periodically to idmap_child().
+ * look, fork_child_dc_connect() ---> getdcs() --->
+ * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
+ * ---> init_dc_connection() ---> cm_open_connection --->
+ * set_domain_online(), here send MSG_WINBIND_ONLINE to
+ * idmap_child().
+ */
+ cl = idmap_child();
+ cl->pid = 0;
return true;
}
@@ -1063,6 +1079,14 @@ static BOOL fork_domain_child(struct winbindd_child
*child)
}
}
+ /*
+ * We are in idmap child, make sure that we set the
+ * check_online_event to bring primary domain online.
+ */
+ if (child == idmap_child()) {
+ set_domain_online_request(primary_domain);
+ }
+
/* We might be in the idmap child...*/
if (child->domain && !(child->domain->internal) &&
lp_winbind_offline_logon()) {
--
1.5.3
>From e53067765ee317eff364646e8c53666bb371be3b Mon Sep 17 00:00:00 2001
From: Bo Yang <boyang@xxxxxxxxxx>
Date: Tue, 13 Jan 2009 17:49:14 +0800
Subject: [PATCH] Don't send MSG_WINBIND_ONLINE to idmap_child() in child
process.
Signed-off-by: Bo Yang <boyang@xxxxxxxxxx>
---
source/winbindd/winbindd_cm.c | 2 +-
source/winbindd/winbindd_dual.c | 24 ++++++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletions(-)
diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index 3996e48..4d21147 100644
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -203,7 +203,7 @@ static bool fork_child_dc_connect(struct winbindd_domain
*domain)
if (!override_logfile) {
if (asprintf(&lfile, "%s/log.winbindd-dc-connect",
get_dyn_LOGFILEBASE()) == -1) {
DEBUG(0, ("fork_child_dc_connect: out of memory!\n"));
- return false;
+ _exit(0);
}
}
diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
index c0a62eb..9d326e5 100644
--- a/source/winbindd/winbindd_dual.c
+++ b/source/winbindd/winbindd_dual.c
@@ -1102,6 +1102,22 @@ bool winbindd_reinit_after_fork(const char *logfilename)
}
TALLOC_FREE(cl->lockout_policy_event);
}
+ /*
+ * This is a little tricky, we don't want child
+ * to send MSG_WINBIND_ONLINE to idmap_child().
+ * If we are in the child of trusted domain or
+ * in the process created by fork_child_dc_connect().
+ * And the trusted domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * periodically to idmap_child().
+ * look, fork_child_dc_connect() ---> getdcs() --->
+ * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
+ * ---> init_dc_connection() ---> cm_open_connection --->
+ * set_domain_online(), here send MSG_WINBIND_ONLINE to
+ * idmap_child().
+ */
+ cl = idmap_child();
+ cl->pid = 0;
return true;
}
@@ -1194,6 +1210,14 @@ static bool fork_domain_child(struct winbindd_child
*child)
}
}
}
+
+ /*
+ * We are in idmap child, make sure that we set the
+ * check_online_event to bring primary domain online.
+ */
+ if (child == idmap_child()) {
+ set_domain_online_request(primary_domain);
+ }
/* We might be in the idmap child...*/
if (child->domain && !(child->domain->internal) &&
--
1.5.3
>From 74c19866c12b9d13e04921464658c0ed0bb001b0 Mon Sep 17 00:00:00 2001
From: Bo Yang <boyang@xxxxxxxxxx>
Date: Tue, 13 Jan 2009 17:37:59 +0800
Subject: [PATCH] Don't send MSG_WINBIND_ONLINE to idmap_child() in child
process.
Signed-off-by: Bo Yang <boyang@xxxxxxxxxx>
---
source/winbindd/winbindd_cm.c | 2 +-
source/winbindd/winbindd_dual.c | 24 ++++++++++++++++++++++++
2 files changed, 25 insertions(+), 1 deletions(-)
diff --git a/source/winbindd/winbindd_cm.c b/source/winbindd/winbindd_cm.c
index fa28bfa..70a1392 100644
--- a/source/winbindd/winbindd_cm.c
+++ b/source/winbindd/winbindd_cm.c
@@ -216,7 +216,7 @@ static bool fork_child_dc_connect(struct winbindd_domain
*domain)
if (!override_logfile) {
if (asprintf(&lfile, "%s/log.winbindd-dc-connect",
get_dyn_LOGFILEBASE()) == -1) {
DEBUG(0, ("fork_child_dc_connect: out of memory.\n"));
- return false;
+ _exit(0);
}
}
diff --git a/source/winbindd/winbindd_dual.c b/source/winbindd/winbindd_dual.c
index a20b628..69f66c0 100644
--- a/source/winbindd/winbindd_dual.c
+++ b/source/winbindd/winbindd_dual.c
@@ -1203,6 +1203,22 @@ bool winbindd_reinit_after_fork(const char *logfilename)
TALLOC_FREE(cl->lockout_policy_event);
TALLOC_FREE(cl->machine_password_change_event);
}
+ /*
+ * This is a little tricky, we don't want child
+ * to send MSG_WINBIND_ONLINE to idmap_child().
+ * If we are in the child of trusted domain or
+ * in the process created by fork_child_dc_connect().
+ * And the trusted domain cannot go online,
+ * fork_child_dc_connection() sends MSG_WINBIND_ONLINE
+ * periodically to idmap_child().
+ * look, fork_child_dc_connect() ---> getdcs() --->
+ * get_dc_name_via_netlogon() ---> cm_connect_netlogon()
+ * ---> init_dc_connection() ---> cm_open_connection --->
+ * set_domain_online(), here send MSG_WINBIND_ONLINE to
+ * idmap_child().
+ */
+ cl = idmap_child();
+ cl->pid = 0;
return true;
}
@@ -1296,6 +1312,14 @@ static bool fork_domain_child(struct winbindd_child
*child)
}
}
}
+
+ /*
+ * We are in idmap child, make sure that we set the
+ * check_online_event to bring primary domain online.
+ */
+ if (child == idmap_child()) {
+ set_domain_online_request(primary_domain);
+ }
/* We might be in the idmap child...*/
if (child->domain && !(child->domain->internal) &&
--
1.5.3
boyang.vcf
Description: Vcard
|
|