From c4c984d97d45964e91625f69d7216cc68444ba3f Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Thu, 19 Nov 2009 17:22:27 +0100 Subject: s3: Avoid races to change the machine password in winbind The machine password handler has code to deal with every node in the cluster trying to change the machine password at the same time. However, it is not very nice to the DC if everyone tries this simultaneously. This adds a random 0-255 second offset to our timed event. When this fires a bit later than strictly calculated, someone else might have stepped in and have already changed it. The timed event handler will handle this gracefully, it won't even try to do it again. --- source3/winbindd/winbindd_dual.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/source3/winbindd/winbindd_dual.c b/source3/winbindd/winbindd_dual.c index ae8f236cb49..376d7c73090 100644 --- a/source3/winbindd/winbindd_dual.c +++ b/source3/winbindd/winbindd_dual.c @@ -1051,6 +1051,24 @@ static bool calculate_next_machine_pwd_change(const char *domain, DEBUG(10,("machine password still valid until: %s\n", http_timestring(talloc_tos(), next_change))); *t = timeval_set(next_change, 0); + + if (lp_clustering()) { + uint8_t randbuf; + /* + * When having a cluster, we have several + * winbinds racing for the password change. In + * the machine_password_change_handler() + * function we check if someone else was + * faster when the event triggers. We add a + * 255-second random delay here, so that we + * don't run to change the password at the + * exact same moment. + */ + generate_random_buffer(&randbuf, sizeof(randbuf)); + DEBUG(10, ("adding %d seconds randomness\n", + (int)randbuf)); + t->tv_sec += randbuf; + } return true; } -- cgit v1.2.1