On Thu, 2003-01-16 at 11:51, [EMAIL PROTECTED] wrote: > On Thu, Jan 16, 2003 at 11:50:55AM +1100, Andrew Bartlett wrote: > > On Thu, 2003-01-16 at 11:27, [EMAIL PROTECTED] wrote: > > > > > > Date: Thu Jan 16 00:27:30 2003 > > > Author: jra > > > > > > Update of /data/cvs/samba/source/nsswitch > > > In directory dp.samba.org:/tmp/cvs-serv16834/nsswitch > > > > > > Modified Files: > > > winbindd_cm.c > > > Log Message: > > > Add mutex protection around auth calls. > > > Jeremy. > > > > You just removed all mutex protection from SAMR, LSA, etc. These will > > attempt to session setup to the Win2k DC, and could now fail... > > > > The mutex on the netlogon is fine - but the rest either should not exist > > here at all - put it in cli_full_connection() or should be back in the > > connection cache code... > > Hang on a minute - I thought we'd determined that it was the > challange/auth/netlogon that needed protecting. Not the connection. > > Are you saying it's both ? If so, I can change this to be the same as > in APP-HEAD (where it does protect both).
Win2k has a bug (feature?) where there is a connection reset if there is a second connection from the SAME IP, before the first session-setup. Separate to this, it has been determined that there is also a bug on the netlogon pipe, unrelated to the first. On the netlogon pipe, there is a race between the ReqChal and Auth2. Both races need to be protected be separate mutexes. The first should be protected in as generic a manner as possible, due to the fact that it is *any* connection from the IP. The second should be dealt with inside our libsmb/cli_netlogon.c code, so as to ensure that any user of NETLOGON observes that mutex. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Manager, Authentication Subsystems, Samba Team [EMAIL PROTECTED] Student Network Administrator, Hawker College [EMAIL PROTECTED] http://samba.org http://build.samba.org http://hawkerc.net
signature.asc
Description: This is a digitally signed message part
