Handle leak in Windows 2003 Authorization Manager?

From: Stefan Cuypers (stefan.cuypers_at_nospam.nospam)
Date: 12/02/04

Next message: C.Aroonyingmongkol: "Hash OID"

Previous message: mikec: "LogonUser() fails when executed from a workgroup 2003 server"
Next in thread: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Reply: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Reply: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 2 Dec 2004 01:11:04 +0100

I'm currently developping a server application that uses Authorization
Manager on Windows 2003 Server. During testing we noticed that the handle
count for the process goes up all the time (performance monitor) and that
the handles that are added are all security tokens (as witnessed by
sysinternals process viewer).
After some debugging we found out that the InitializeClientContextFromName
call in Authorization manager creates 2 tokens, but only releases one when
it gets destroyed. Does anyone know if this is a known problem and if there
is a solution for it?
The problem can be seen by the following sample Visual Basic 6.0 code. If
you call the sub 1300 times you'll see the handle count for the process
exceed 1300.

Private Sub test()
  Dim AuthStore As AzAuthorizationStore
  Dim AuthApp As IAzApplication
  Dim AuthContext As IAzClientContext

  Set AuthStore = New AzAuthorizationStore
  AuthStore.Initialize 0, "msldap://CN=Test,CN=Program Data,DC=cc,DC=local"
  Set AuthApp = AuthStore.OpenApplication("CCBarcodeScanners")
  Set AuthContext = AuthApp.InitializeClientContextFromName("Stefan", "CC")
End Sub

regards,
Stefan Cuypers

Next message: C.Aroonyingmongkol: "Hash OID"

Previous message: mikec: "LogonUser() fails when executed from a workgroup 2003 server"
Next in thread: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Reply: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Reply: Gary Chang[MSFT]: "RE: Handle leak in Windows 2003 Authorization Manager?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Wscript.shell app is not visible
... > manager) but it is not visible on the server. ... > dim wShell ... that has not a permission to interact with the desktop. ...
(microsoft.public.inetserver.asp.general)
Can Not connect to IPC$ Share while processing a CCR
... CCM log shows the SMS server successfully connecting to the Admin$ share, but the attempt to connect to the IPC$ shares of these systems fails with an error 5. ... Logical Disk Manager Administrative Service ... Network Associates Task Manager ... Remote Access Auto Connection Manager ...
(microsoft.public.sms.setup)
RE: Download connection Manager through RWW
... with Conn Manager on existing clients - just cannot download the manager. ... I've sent the required files to your email address - not done the ISA stuff ... Clear the IIS server files: ...
(microsoft.public.windows.server.sbs)
Re: Kerberized authorization service
... You could backend such a thing with LDAP or whatever you want ... the mail server could have an shell group with one ... While this could no doubt be made to work, it would tie the authorization ... I only have a very basic understanding of Kerberos but I'd love to help or at ...
(comp.protocols.kerberos)
Re: DNS CORRUPT AND ALL SYSTEMS DOWN
... DHCP Server ... Remote Access Connection Manager ... Windows Internet Name Service ...
(microsoft.public.windows.server.dns)