Using /dev/urandom for determining an ldap server backoff is a waste of system

entropy - use sys_random() instead.

Andrew Bartlett
(This used to be commit 640462a365235aa7ce6f817778f022530a25d909)

diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 6a609b3670400090006a6b0d684152634f547056..e9c6093e26a9bf1d81af9f88a91e606169b4095e 100644 (file)
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -519,9 +519,10 @@ static int ldapsam_retry_open(struct ldapsam_privates *ldap_state, int *attempts
                
        if (*attempts != 0) {
                unsigned int sleep_time;
-               uint8 rand_byte = 128; /* a reasonable place to start */
+               uint8 rand_byte;
 
-               generate_random_buffer(&rand_byte, 1, False);
+               /* Sleep for a random timeout */
+               rand_byte = (char)(sys_random());
 
                sleep_time = (((*attempts)*(*attempts))/2)*rand_byte*2; 
                /* we retry after (0.5, 1, 2, 3, 4.5, 6) seconds
@@ -3157,6 +3158,9 @@ static NTSTATUS pdb_init_ldapsam(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_met
 
        (*pdb_method)->free_private_data = free_private_data;
 
+       /* setup random, for our backoffs */
+       sys_srandom(sys_getpid() ^ time(NULL));
+
        return NT_STATUS_OK;
 }