1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

serialise all domain auth requests

this is needed because W2K will send a TCP reset to any open
connections that have not done a negprot when a second connection is
made. This meant that under heavy netlogon load a Samba domain member
would fail authentications.

Jeremy, you may wish to port this to 2.2.x
This commit is contained in:
Andrew Tridgell -
parent 569505b771
commit eb196070e6
2 changed files with 40 additions and 1 deletions

View File

@ -81,11 +81,20 @@ static NTSTATUS connect_to_domain_password_server(struct cli_state **cli,
logonserver. We can avoid a 30-second timeout if the DC is down
if the SAMLOGON request fails as it is only over UDP. */
/* Attempt connection */
/* we use a mutex to prevent two connections at once - when a NT PDC gets
two connections where one hasn't completed a negprot yet it will send a
TCP reset to the first connection (tridge) */
if (!message_named_mutex(server)) {
DEBUG(1,("domain mutex failed for %s\n", server));
return NT_STATUS_UNSUCCESSFUL;
}
/* Attempt connection */
result = cli_full_connection(cli, global_myname, server,
&dest_ip, 0, "IPC$", "IPC", "", "", "", 0);
message_named_mutex_release(server);
if (!NT_STATUS_IS_OK(result)) {
return result;
}

View File

@ -458,3 +458,33 @@ BOOL message_send_all(TDB_CONTEXT *conn_tdb, int msg_type,
}
/** @} **/
/*
lock the messaging tdb based on a string - this is used as a primitive form of mutex
between smbd instances.
*/
BOOL message_named_mutex(const char *name)
{
TDB_DATA key;
if (!message_init()) return False;
key.dptr = name;
key.dsize = strlen(name)+1;
return (tdb_chainlock(tdb, key) == 0);
}
/*
unlock a named mutex
*/
void message_named_mutex_release(const char *name)
{
TDB_DATA key;
key.dptr = name;
key.dsize = strlen(name)+1;
tdb_chainunlock(tdb, key);
}