serialise all domain auth requests

this is needed because W2K will send a TCP reset to any open
connections that have not done a negprot when a second connection is
made. This meant that under heavy netlogon load a Samba domain member
would fail authentications.

Jeremy, you may wish to port this to 2.2.x
(This used to be commit eb196070e6)

source3/auth/auth_domain.c

@@ -81,10 +81,19 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
 	   logonserver.  We can avoid a 30-second timeout if the DC is down
 	   if the SAMLOGON request fails as it is only over UDP. */
 
+	/* we use a mutex to prevent two connections at once - when a NT PDC gets
+	   two connections where one hasn't completed a negprot yet it will send a 
+	   TCP reset to the first connection (tridge) */
+	if (!message_named_mutex(server)) {
+		DEBUG(1,("domain mutex failed for %s\n", server));
+		return NT_STATUS_UNSUCCESSFUL;
+	}
+	
 	/* Attempt connection */
-
 	result = cli_full_connection(cli, global_myname, server,
 				     &dest_ip, 0, "IPC$", "IPC", "", "", "", 0);
+
+	message_named_mutex_release(server);
 	
 	if (!NT_STATUS_IS_OK(result)) {
 		return result;

source3/lib/messages.c

@@ -458,3 +458,33 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
 }
 
 /** @} **/
+
+
+/*
+  lock the messaging tdb based on a string - this is used as a primitive form of mutex
+  between smbd instances. 
+*/
+BOOL message_named_mutex(const char *name)
+{
+	TDB_DATA key;
+
+	if (!message_init()) return False;
+
+	key.dptr = name;
+	key.dsize = strlen(name)+1;
+
+	return (tdb_chainlock(tdb, key) == 0);
+}
+
+/*
+  unlock a named mutex
+*/
+void message_named_mutex_release(const char *name)
+{
+	TDB_DATA key;
+
+	key.dptr = name;
+	key.dsize = strlen(name)+1;
+
+	tdb_chainunlock(tdb, key);
+}