[PATCH]Authentication failures with security=server
Juergen Hasch
Hasch at t-online.de
Fri Jun 21 05:32:02 GMT 2002
Hi,
this is a simple backport of Andrew Bartlett's mutex fix from HEAD to 2.2.5.
It fixes spurious authentication failures when using security=server.
...Juergen
--- smbd/password.c.orig Fri Jun 21 13:05:46 2002
+++ smbd/password.c Fri Jun 21 13:13:36 2002
@@ -1010,6 +1010,30 @@
/****************************************************************************
Support for server level security.
****************************************************************************/
+static char *mutex_server_name;
+
+static BOOL grab_server_mutex(const char *name)
+{
+ mutex_server_name = strdup(name);
+ if (!mutex_server_name) {
+ DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
+ return False;
+ }
+ if (!message_named_mutex(name, 20)) {
+ DEBUG(10,("grab_server_mutex: failed for %s\n", name));
+ SAFE_FREE(mutex_server_name);
+ return False;
+ }
+ return True;
+}
+
+static void release_server_mutex(void)
+{
+ if (mutex_server_name) {
+ message_named_mutex_release(mutex_server_name);
+ SAFE_FREE(mutex_server_name);
+ }
+}
struct cli_state *server_cryptkey(void)
{
@@ -1041,6 +1065,15 @@
continue;
}
+ /* we use a mutex to prevent two connections at once - when a
+ Win2k PDC get two connections where one hasn't completed a
+ session setup yet it will send a TCP reset to the first
+ connection (tridge) */
+
+ if (!grab_server_mutex(desthost)) {
+ return NULL;
+ }
+
if (cli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server
%s\n",desthost));
connected_ok = True;
@@ -1053,17 +1086,24 @@
if (!connected_ok) {
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
+ release_server_mutex();
return NULL;
}
- if (!attempt_netbios_session_request(cli, global_myname, desthost,
&dest_ip))
+ if (!attempt_netbios_session_request(cli, global_myname, desthost,
&dest_ip)) {
+ release_server_mutex();
+ DEBUG(1,("password server fails session request\n"));
+ cli_shutdown(cli);
+ release_server_mutex();
return NULL;
+ }
DEBUG(3,("got session\n"));
if (!cli_negprot(cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
cli_shutdown(cli);
+ release_server_mutex();
return NULL;
}
@@ -1071,9 +1111,11 @@
!(cli->sec_mode & 1)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
cli_shutdown(cli);
+ release_server_mutex();
return NULL;
}
+ release_server_mutex();
DEBUG(3,("password server OK\n"));
return cli;
@@ -1186,31 +1228,6 @@
return(True);
}
-static char *mutex_server_name;
-
-static BOOL grab_server_mutex(const char *name)
-{
- mutex_server_name = strdup(name);
- if (!mutex_server_name) {
- DEBUG(0,("grab_server_mutex: malloc failed for %s\n", name));
- return False;
- }
- if (!message_named_mutex(name, 20)) {
- DEBUG(10,("grab_server_mutex: failed for %s\n", name));
- SAFE_FREE(mutex_server_name);
- return False;
- }
-
- return True;
-}
-
-static void release_server_mutex(void)
-{
- if (mutex_server_name) {
- message_named_mutex_release(mutex_server_name);
- SAFE_FREE(mutex_server_name);
- }
-}
/***********************************************************************
Connect to a remote machine for domain security authentication
More information about the samba-technical
mailing list