summaryrefslogtreecommitdiff
path: root/source3/auth/auth_server.c
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-06-15 11:15:31 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-06-15 11:15:31 +0000
commitb075458ee7f7632dfa57c1ad8e35d5818f1bcc12 (patch)
treee7609caba5d706b8418b897b5800610cabb50caf /source3/auth/auth_server.c
parent209fcbfb92dadbe82c7355a7104d4dbd3398096b (diff)
downloadsamba-b075458ee7f7632dfa57c1ad8e35d5818f1bcc12.tar.gz
samba-b075458ee7f7632dfa57c1ad8e35d5818f1bcc12.tar.bz2
samba-b075458ee7f7632dfa57c1ad8e35d5818f1bcc12.zip
This patch does 2 things:
It extends the 'server mutex' to conver security=server, becouse the connection race condition exists here too, and while people *should* use security=domain, some sites don't.... (This probably should be done in 2.2 as well). Also, start to actually extract and use the information that the remote server returns in the info3 struct. The server mutex code is now in a new file. Andrew Bartlett (This used to be commit 9b0dabdf4ec3bb45879caae76e03b57ccdad8b4b)
Diffstat (limited to 'source3/auth/auth_server.c')
-rw-r--r--source3/auth/auth_server.c39
1 files changed, 36 insertions, 3 deletions
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 0e650aa6e3..919cc8d3d8 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -62,6 +62,15 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
continue;
}
+ /* we use a mutex to prevent two connections at once - when a
+ Win2k PDC get two connections where one hasn't completed a
+ session setup yet it will send a TCP reset to the first
+ connection (tridge) */
+
+ if (!grab_server_mutex(desthost)) {
+ return NULL;
+ }
+
if (cli_connect(cli, desthost, &dest_ip)) {
DEBUG(3,("connected to password server %s\n",desthost));
connected_ok = True;
@@ -70,13 +79,19 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
}
if (!connected_ok) {
+ release_server_mutex();
DEBUG(0,("password server not available\n"));
cli_shutdown(cli);
return NULL;
}
-
- if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip))
+
+ if (!attempt_netbios_session_request(cli, global_myname,
+ desthost, &dest_ip)) {
+ release_server_mutex();
+ DEBUG(1,("password server fails session request\n"));
+ cli_shutdown(cli);
return NULL;
+ }
if (strequal(desthost,myhostname())) {
exit_server("Password server loop!");
@@ -86,6 +101,7 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
if (!cli_negprot(cli)) {
DEBUG(1,("%s rejected the negprot\n",desthost));
+ release_server_mutex();
cli_shutdown(cli);
return NULL;
}
@@ -93,12 +109,29 @@ static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx)
if (cli->protocol < PROTOCOL_LANMAN2 ||
!(cli->sec_mode & NEGOTIATE_SECURITY_USER_LEVEL)) {
DEBUG(1,("%s isn't in user level security mode\n",desthost));
+ release_server_mutex();
cli_shutdown(cli);
return NULL;
}
- DEBUG(3,("password server OK\n"));
+ /* Get the first session setup done quickly, to avoid silly
+ Win2k bugs. (The next connection to the server will kill
+ this one...
+ */
+ if (!cli_session_setup(cli, "", "", 0, "", 0,
+ "")) {
+ DEBUG(0,("%s rejected the initial session setup (%s)\n",
+ desthost, cli_errstr(cli)));
+ release_server_mutex();
+ cli_shutdown(cli);
+ return NULL;
+ }
+
+ release_server_mutex();
+
+ DEBUG(3,("password server OK\n"));
+
return cli;
}