SCHANNEL crypto failures with s3-dcerpc: avoid talloc_move on schannel creds in cli_rpc_pipe_open_schannel_with_key().

Jeremy Allison jra at
Fri Aug 27 18:26:04 MDT 2010

On Fri, Aug 27, 2010 at 05:25:05PM -0700, Jeremy Allison wrote:
> On Sat, Aug 28, 2010 at 10:20:00AM +1000, Andrew Bartlett wrote:
> > 
> > Can you please look into this before we loose the context here?  I fear
> > that if we leave the code like this, we will be back here again to fix
> > it up in just another few months, with more weird 'credential check
> > failure' messages. 
> > 
> > The cryptographic state MUST be shared between all callers that use the
> > same netbios name.  If we do not share this on the memory pointers we
> > will instead have to share it in a TDB or similar instead.
> Ultimately it has to be in a tdb. As Guenther pointed out
> to me over IRC, what happens when someone does "net rpc testjoin"
> while winbindd is running....
> talloc_refence would be another band-aid here.

As would my suggestion of a reference count wrapper :-). Which
is why I didn't go ahead and implement it.


More information about the samba-technical mailing list