Re: Handle leak in Windows 2003 Authorization Manager?

From: Stefan Cuypers (stefan.cuypers_at_nospam.nospam)
Date: 12/07/04 

Date: Tue, 7 Dec 2004 10:11:45 +0100

Gary,

Assigning Nothing does not help. Since the sample is in VB6, VB6 itself
releases it's objects when the sub terminates. Just to be sure I tested
again with the code below, but the result was the same. Since the program
I'm developping right now does a call to authorization manager on each web
service call coming in, this poses a serious problem for us on server
resource usage!
If it is a known problem, is there a fix planned for it?

Adjusted sample code:
Private Sub test()
  Dim AuthStore As AzAuthorizationStore
  Dim AuthApp As IAzApplication
  Dim AuthContext As IAzClientContext

  Set AuthStore = New AzAuthorizationStore
  AuthStore.Initialize 0, "msldap://CN=Test,CN=Program Data,DC=cc,DC=local"
  Set AuthApp = AuthStore.OpenApplication("CCBarcodeScanners")
  Set AuthContext = AuthApp.InitializeClientContextFromName("Stefan", "CC")
  Set AuthContext = Nothing
  Set AuthApp = Nothing
  Set AuthStore = Nothing
End Sub

Note: the problem originally popped up in a web service we're developping in
C#. Since we suspected the problem had to do with not releasing the COM
object until garbagge collection, we added
System.Runtime.InteropServices.Marshal.ReleaseComObject calls to release the
objects, but that did not help. So we tried the sample test code above in
VB6 proving garbagge collection is not the problem.

regards,
Stefan Cuypers

"Gary Chang[MSFT]" <v-garych@online.microsoft.com> wrote in message
news:BLKcDVa2EHA.2732@cpmsftngxa10.phx.gbl...
> Hi Stefan,
>
> I have consulted our security experts on this issue, they confirmed there
> is no known problem in such scenario(leaks a *token* handle), the
> InitializeCleintContextFromName will call S4U and get an NT token (when
s4u
> available) and then create an authz context from the NT token (which
> shouldn't be confused for a NT token) and then free the NT token. It would
> keep the Authz context around as long as the app keeps the AzMan context
> around.
>
> In regard to your code sample, it appears you forget to Assign Nothing to
> the object variables in order to release the references those variables
> hold:
>
> AuthContext = Nothing
>
>
> Thanks!
>
> Best regards,
>
> Gary Chang
> Microsoft Online Partner Support
>
> Get Secure! - www.microsoft.com/security
> This posting is provided "AS IS" with no warranties, and confers no
rights.
> --------------------
>

Relevant Pages

  • Re: About Sub Main( )
    ... Best regards, ... Anyone know about sub mainVBA in MS Access. ... differences from VB6. ...
    (microsoft.public.access.modulesdaovba)
  • Re: ComClass + Events
    ... verwende statt Events lieber Callback. ... erstelle eine Klasse in der du die Referenz vom VB6 Objekt merkst, ... ' A creatable COM class must have a Public Sub New() ...
    (microsoft.public.de.german.entwickler.dotnet.vb)
  • Re: ComClass + Events
    ... verwende statt Events lieber Callback. ... erstelle eine Klasse in der du die Referenz vom VB6 Objekt merkst, ... ' A creatable COM class must have a Public Sub New() ...
    (microsoft.public.de.german.entwickler.dotnet.vb)
  • VB6 + VC++ : how to avoid flicker?
    ... I create a simple VB6 Window application (a void form) and I define ... Private Sub Form_Load ... VB6 draws on the screen. ...
    (microsoft.public.dotnet.languages.vc)
  • VB6 + VC++ : how to avoid flicker?
    ... I create a simple VB6 Window application (a void form) and I define ... Private Sub Form_Load ... VB6 draws on the screen. ...
    (microsoft.public.vb.general.discussion)