SCHANNEL crypto failures with s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
jra at samba.org
Fri Aug 27 18:25:05 MDT 2010
On Sat, Aug 28, 2010 at 10:20:00AM +1000, Andrew Bartlett wrote:
> Can you please look into this before we loose the context here? I fear
> that if we leave the code like this, we will be back here again to fix
> it up in just another few months, with more weird 'credential check
> failure' messages.
> The cryptographic state MUST be shared between all callers that use the
> same netbios name. If we do not share this on the memory pointers we
> will instead have to share it in a TDB or similar instead.
Ultimately it has to be in a tdb. As Guenther pointed out
to me over IRC, what happens when someone does "net rpc testjoin"
while winbindd is running....
talloc_refence would be another band-aid here.
More information about the samba-technical