diff options
author | Volker Lendecke <vl@samba.org> | 2015-10-02 00:27:22 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2015-10-13 04:25:38 +0200 |
commit | e73ccc06efc3b489cac33e99b2cb86e022aabd7f (patch) | |
tree | f18c65e4950d2c96bbc60fc04ae60802a12185c2 /source4/smbd | |
parent | 5380f7b63648e505d6da25dc75d2487658998fdb (diff) | |
download | samba-e73ccc06efc3b489cac33e99b2cb86e022aabd7f.tar.gz |
Rely on /dev/urandom
This removes quite a bit of code. All reasonable systems have /dev/urandom
these days. Linux, Solaris and the BSDs do. In case we find a system
without /dev/urandom, we will have to go hunting in other libraries.
The main reason for this is speed: On Ubuntu 14.04 doing direct reads from
/dev/urandom is 2-3 times faster than our md4 based code. On virtualized
FreeBSD 10 the difference is even larger.
My first approach was to use fopen/fread. It was even faster, but less
than twice as fast. So I thought we could save the additional complexity
when having to deal with throwing away buffers when forking and the
additional memory footprint per process.
With this simple generate_random_buffer it will be easier to adapt new
syscalls to get randomness.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 04:25:39 CEST 2015 on sn-devel-104
Diffstat (limited to 'source4/smbd')
-rw-r--r-- | source4/smbd/process_standard.c | 6 | ||||
-rw-r--r-- | source4/smbd/server.c | 6 |
2 files changed, 0 insertions, 12 deletions
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c index b55a1a7f309..d223776d0e9 100644 --- a/source4/smbd/process_standard.c +++ b/source4/smbd/process_standard.c @@ -277,9 +277,6 @@ static void standard_accept_connection(struct tevent_context *ev, child_pipe[1] = -1; } - /* Ensure that the forked children do not expose identical random streams */ - set_need_random_reseed(); - /* setup the process title */ c = socket_get_peer_addr(sock2, ev); s = socket_get_my_addr(sock2, ev); @@ -356,9 +353,6 @@ static void standard_new_task(struct tevent_context *ev, child_pipe[1] = -1; } - /* Ensure that the forked children do not expose identical random streams */ - set_need_random_reseed(); - setproctitle("task %s server_id[%d]", service_name, (int)pid); /* setup this new task. Cluster ID is PID based for this process model */ diff --git a/source4/smbd/server.c b/source4/smbd/server.c index b0f67c97f07..cb1a20b4ecc 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -392,12 +392,6 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[ pidfile_create(lpcfg_pid_directory(cmdline_lp_ctx), binary_name); - /* Set up a database to hold a random seed, in case we don't - * have /dev/urandom */ - if (!randseed_init(talloc_autofree_context(), cmdline_lp_ctx)) { - return 1; - } - if (lpcfg_server_role(cmdline_lp_ctx) == ROLE_ACTIVE_DIRECTORY_DC) { if (!open_schannel_session_store(talloc_autofree_context(), cmdline_lp_ctx)) { exit_daemon("Samba cannot open schannel store for secured NETLOGON operations.", EACCES); |