CVS update: samba/source/nsswitch
Andrew Bartlett
abartlet at samba.org
Thu Jan 16 12:07:38 EST 2003
On Thu, 2003-01-16 at 11:51, jra at dp.samba.org wrote:
> On Thu, Jan 16, 2003 at 11:50:55AM +1100, Andrew Bartlett wrote:
> > On Thu, 2003-01-16 at 11:27, jra at samba.org wrote:
> > >
> > > Date: Thu Jan 16 00:27:30 2003
> > > Author: jra
> > >
> > > Update of /data/cvs/samba/source/nsswitch
> > > In directory dp.samba.org:/tmp/cvs-serv16834/nsswitch
> > >
> > > Modified Files:
> > > winbindd_cm.c
> > > Log Message:
> > > Add mutex protection around auth calls.
> > > Jeremy.
> >
> > You just removed all mutex protection from SAMR, LSA, etc. These will
> > attempt to session setup to the Win2k DC, and could now fail...
> >
> > The mutex on the netlogon is fine - but the rest either should not exist
> > here at all - put it in cli_full_connection() or should be back in the
> > connection cache code...
>
> Hang on a minute - I thought we'd determined that it was the
> challange/auth/netlogon that needed protecting. Not the connection.
>
> Are you saying it's both ? If so, I can change this to be the same as
> in APP-HEAD (where it does protect both).
Win2k has a bug (feature?) where there is a connection reset if there is
a second connection from the SAME IP, before the first session-setup.
Separate to this, it has been determined that there is also a bug on the
netlogon pipe, unrelated to the first.
On the netlogon pipe, there is a race between the ReqChal and Auth2.
Both races need to be protected be separate mutexes. The first should
be protected in as generic a manner as possible, due to the fact that it
is *any* connection from the IP.
The second should be dealt with inside our libsmb/cli_netlogon.c code,
so as to ensure that any user of NETLOGON observes that mutex.
Andrew Bartlett
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030116/18a17ea7/attachment.bin
More information about the samba-cvs
mailing list