SCHANNEL crypto failures with s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().

Jeremy Allison jra at
Fri Aug 27 18:25:05 MDT 2010

On Sat, Aug 28, 2010 at 10:20:00AM +1000, Andrew Bartlett wrote:
> Can you please look into this before we loose the context here?  I fear
> that if we leave the code like this, we will be back here again to fix
> it up in just another few months, with more weird 'credential check
> failure' messages. 
> The cryptographic state MUST be shared between all callers that use the
> same netbios name.  If we do not share this on the memory pointers we
> will instead have to share it in a TDB or similar instead.

Ultimately it has to be in a tdb. As Guenther pointed out
to me over IRC, what happens when someone does "net rpc testjoin"
while winbindd is running....

talloc_refence would be another band-aid here.


More information about the samba-technical mailing list