winbindd background process and privileged request
Qiao Yang
qyang at stbernard.com
Mon Oct 18 19:09:19 GMT 2004
I found a problem with winbindd dual process model. Currently there are two winbindd processes (foreground and background) running. If the foreground process needs something from the cache and the entry is expired, it will use the expired entry but ask background process to update it by sending the whole request to background process though a pipe.
There are some requests (e.g. auth_crap) are required to be from a privileged socket, otherwise winbindd will deny the request. The problem is that the background process always reads requests from the pipe so the requests that background process gets are never privileged. As the result, background process always denies these requests. It means that in some scenarios, the cache entry may never be updated.
What do you think about this problem? One simple solution is probably to always set the privileged flag for the requests in background process, because if the request is from an unprivileged port and needs to be privileged, the request will be denied in the first place and can never get to the background process.
--Qiao
St Bernard Software
More information about the samba-technical
mailing list