CVS update: samba/source/nsswitch

Andrew Bartlett abartlet at samba.org
Thu Jan 16 12:07:38 EST 2003 

On Thu, 2003-01-16 at 11:51, jra at dp.samba.org wrote:
> On Thu, Jan 16, 2003 at 11:50:55AM +1100, Andrew Bartlett wrote:
> > On Thu, 2003-01-16 at 11:27, jra at samba.org wrote:
> > > 
> > > Date:	Thu Jan 16 00:27:30 2003
> > > Author:	jra
> > > 
> > > Update of /data/cvs/samba/source/nsswitch
> > > In directory dp.samba.org:/tmp/cvs-serv16834/nsswitch
> > > 
> > > Modified Files:
> > > 	winbindd_cm.c 
> > > Log Message:
> > > Add mutex protection around auth calls.
> > > Jeremy.
> > 
> > You just removed all mutex protection from SAMR, LSA, etc.  These will
> > attempt to session setup to the Win2k DC, and could now fail...  
> > 
> > The mutex on the netlogon is fine - but the rest either should not exist
> > here at all - put it in cli_full_connection() or should be back in the
> > connection cache code...
> 
> Hang on a minute - I thought we'd determined that it was the
> challange/auth/netlogon that needed protecting. Not the connection.
> 
> Are you saying it's both ? If so, I can change this to be the same as
> in APP-HEAD (where it does protect both).

Win2k has a bug (feature?) where there is a connection reset if there is
a second connection from the SAME IP, before the first session-setup.  

Separate to this, it has been determined that there is also a bug on the
netlogon pipe, unrelated to the first.

On the netlogon pipe, there is a race between the ReqChal and Auth2.

Both races need to be protected be separate mutexes.  The first should
be protected in as generic a manner as possible, due to the fact that it
is *any* connection from the IP.

The second should be dealt with inside our libsmb/cli_netlogon.c code,
so as to ensure that any user of NETLOGON observes that mutex.  

Andrew Bartlett

-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-cvs/attachments/20030116/18a17ea7/attachment.bin

More information about the samba-cvs mailing list