s3:messages: make the loop in msg_dgm_ref_recv() more robust against stale pointers

The interaction between msg_dgm_ref_recv() and msg_dgm_ref_destructor() doesn't allow two references from messaging_dgm_ref() to be free'd during the loop in msg_dgm_ref_recv(). In addition to the global 'refs' list, we also need to have a global 'next_ref' pointer, which can be adjusted in msg_dgm_ref_destructor(). As AD DC we hit this when using irpc in auth_winbind, which uses imessaging_client_init(). In addition to the main messaging_dgm_ref() in smbd, source3/auth/auth_samba4.c: prepare_gensec() and make_auth4_context_s4() also generate a temporary imessaging_context for auth_context->msg_ctx from within auth_generic_prepare(). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13514 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
author: Stefan Metzmacher <metze@samba.org> 2018-07-09 12:33:34 +0200
committer: Jeremy Allison <jra@samba.org> 2018-07-10 20:31:13 +0200
commit: 1a9d6ce58939678f88b3081fb91c3309ff3cddb7 (patch)
tree: c981e6f6e581d80c65aaa3f2a6c4245ac6b1bc62 /selftest
parent: 0503bbab958754bc8ba32da8578602927ebf25c0 (diff)
download: samba-1a9d6ce58939678f88b3081fb91c3309ff3cddb7.tar.gz
1 files changed, 0 insertions, 1 deletions
diff --git a/selftest/knownfail.d/imessaging b/selftest/knownfail.d/imessaging
deleted file mode 100644
index af8fa8d615a..00000000000
--- a/selftest/knownfail.d/imessaging
+++ /dev/null
@@ -1 +0,0 @@
-^samba4.local.messaging.multi_ctx
author	Stefan Metzmacher <metze@samba.org>	2018-07-09 12:33:34 +0200
committer	Jeremy Allison <jra@samba.org>	2018-07-10 20:31:13 +0200
commit	1a9d6ce58939678f88b3081fb91c3309ff3cddb7 (patch)
tree	c981e6f6e581d80c65aaa3f2a6c4245ac6b1bc62 /selftest
parent	0503bbab958754bc8ba32da8578602927ebf25c0 (diff)
download	samba-1a9d6ce58939678f88b3081fb91c3309ff3cddb7.tar.gz