SCHANNEL crypto failures with s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().
Jeremy Allison
jra at samba.org
Fri Aug 27 18:26:04 MDT 2010
On Fri, Aug 27, 2010 at 05:25:05PM -0700, Jeremy Allison wrote:
> On Sat, Aug 28, 2010 at 10:20:00AM +1000, Andrew Bartlett wrote:
> >
> > Can you please look into this before we loose the context here? I fear
> > that if we leave the code like this, we will be back here again to fix
> > it up in just another few months, with more weird 'credential check
> > failure' messages.
> >
> > The cryptographic state MUST be shared between all callers that use the
> > same netbios name. If we do not share this on the memory pointers we
> > will instead have to share it in a TDB or similar instead.
>
> Ultimately it has to be in a tdb. As Guenther pointed out
> to me over IRC, what happens when someone does "net rpc testjoin"
> while winbindd is running....
>
> talloc_refence would be another band-aid here.
As would my suggestion of a reference count wrapper :-). Which
is why I didn't go ahead and implement it.
Jeremy.
More information about the samba-technical
mailing list