On Thu, Jan 16, 2003 at 12:07:38PM +1100, Andrew Bartlett wrote: > On Thu, 2003-01-16 at 11:51, [EMAIL PROTECTED] wrote: > > On Thu, Jan 16, 2003 at 11:50:55AM +1100, Andrew Bartlett wrote: > > > On Thu, 2003-01-16 at 11:27, [EMAIL PROTECTED] wrote: > > > > > > > > Date: Thu Jan 16 00:27:30 2003 > > > > Author: jra > > > > > > > > Update of /data/cvs/samba/source/nsswitch > > > > In directory dp.samba.org:/tmp/cvs-serv16834/nsswitch > > > > > > > > Modified Files: > > > > winbindd_cm.c > > > > Log Message: > > > > Add mutex protection around auth calls. > > > > Jeremy. > > > > > > You just removed all mutex protection from SAMR, LSA, etc. These will > > > attempt to session setup to the Win2k DC, and could now fail... > > > > > > The mutex on the netlogon is fine - but the rest either should not exist > > > here at all - put it in cli_full_connection() or should be back in the > > > connection cache code... > > > > Hang on a minute - I thought we'd determined that it was the > > challange/auth/netlogon that needed protecting. Not the connection. > > > > Are you saying it's both ? If so, I can change this to be the same as > > in APP-HEAD (where it does protect both). > > Win2k has a bug (feature?) where there is a connection reset if there is > a second connection from the SAME IP, before the first session-setup. > > Separate to this, it has been determined that there is also a bug on the > netlogon pipe, unrelated to the first. > > On the netlogon pipe, there is a race between the ReqChal and Auth2. > > Both races need to be protected be separate mutexes. The first should > be protected in as generic a manner as possible, due to the fact that it > is *any* connection from the IP. > > The second should be dealt with inside our libsmb/cli_netlogon.c code, > so as to ensure that any user of NETLOGON observes that mutex.
Ok, I'll fix this. Jeremy.
