[cifs-protocol] RE: LSA LookupSids 3

Andrew Bartlett abartlet at samba.org
Fri Aug 29 21:59:38 GMT 2008

On Fri, 2008-08-29 at 13:32 -0700, John Dunning wrote:
> Hello Andrew,
>    I have reviewed the network capture and it clearly shows what you
> are describing. The reason that the msprc fault occurred in Frame 1695
> is that there is no Authverifier information in the
> LSARPC:LsarLookupSids3 Request in Frame 1694. Looking at a successful
> LSARPC:LsarLookupSids3 Request in a different capture I see that the
> Authverifier field is present. This field contains the
> I am theorizing that the Authverifier field is missing in your trace
> because there was not a RPC Bind exchange prior to this request.

Well, you have the full trace - see the RPC bind in packet 22

> My source code investigation indicates that if the  Authverifier field
> is present that the server will behave as described in MS-LSAT
> When the Authverifier field is absent then it will lead to an
> msrpc Fault of access denied.

We have connected with level 'connect', which does not have an
authentication verifier.  All previous packets (prepared similarly) are
processed.  Why is this call different?

> Is it the intention of your test to determine what would happen when a
> LSARPC:LsarLookupSids3 Request is made when there is no Authverifier
> information present?

The intention of this test is to run over all the calls, and test each
one.  We were expecting an error code of
an RPC fault was most unexpected.  Perhaps there is there a way certain
calls are marked in the IDL as to cause this behaviour?

> Thanks
> John
> PS: I looked into your question about running your test suites. I
> found out that some of the Interop folks have an instance of your
> Samba 4 running as a DC and that some of the SMBTorture tests have
> been run against it. More information in this area should be
> forthcoming.

That part is easy - do they have smbtorture running against Windows
servers, or your tests running against Samba?

Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080830/53e64065/attachment.bin

More information about the cifs-protocol mailing list