[SAMBA_TNG] netlogond implementation flaw

Luke Kenneth Casson Leighton lkcl at samba.org
Fri Jan 21 00:59:30 GMT 2000


OK, i fixed it.  for details, please check
http://samba.org/listproc/samba-cvs.

this was _really_ obscure, but fortunately i was expecting there to be
this kind of problem, so i knew what was wrong from the reliability
failure symptoms.

NOTE NOTE NOTE to cvs main / samba_tng users: give me a couple of hours to
go home, update the portable, get some food, and then update cvs main's
msrpc loopback interface to be compatible with the samba_tng changes i
just had to make.

luke

On Fri, 21 Jan 2000, Luke Kenneth Casson Leighton wrote:

> i created a credential-store database for internal use in samba to fix the
> case where an SMB connection is dropped and reestablished in between
> NetrReqChal / NetrAuth2 and NetrSamLogons.
> 
> the database key is "workstation name\0domain name".
> 
> this is insufficient.
> 
> consider the case where two users of rpcclient log in from the same
> workstation, or two smbd processes wish to verify users' passwords.  both
> will use the same database key, and one will overwrite the other's
> credentials, including the session key.
> 
> i have a solution: use the pid of the smbd process or rpcclient process in
> the database key.
> 
> symptoms: erratic access to SAMBA_TNG files and erratic login access.
> 
> give me a few hours to fix this.
> 
> thx,
> 
> luke
> 
> 

<a href="mailto:lkcl at samba.org"   > Luke Kenneth Casson Leighton    </a>
<a href="http://www.cb1.com/~lkcl"> Samba and Network Development   </a>
<a href="http://samba.org"        > Samba Web site                  </a>
<a href="http://www.iss.net"      > Internet Security Systems, Inc. </a>
<a href="http://mcp.com"          > Macmillan Technical Publishing  </a>

 ISBN1578701503 DCE/RPC over SMB: Samba and Windows NT Domain Internals



More information about the samba-ntdom mailing list