[cifs-protocol] RE: LSA LookupSids 3

Andrew Bartlett abartlet at samba.org
Fri Aug 29 21:59:38 GMT 2008 

On Fri, 2008-08-29 at 13:32 -0700, John Dunning wrote:
> Hello Andrew,
>    I have reviewed the network capture and it clearly shows what you
> are describing. The reason that the msprc fault occurred in Frame 1695
> is that there is no Authverifier information in the
> LSARPC:LsarLookupSids3 Request in Frame 1694. Looking at a successful
> LSARPC:LsarLookupSids3 Request in a different capture I see that the
> Authverifier field is present. This field contains the
> RPC_C_AUTHN_NETLOGON and the RPC_C_AUTHN_LEVEL_INTEGRITY information.
> I am theorizing that the Authverifier field is missing in your trace
> because there was not a RPC Bind exchange prior to this request.

Well, you have the full trace - see the RPC bind in packet 22

> My source code investigation indicates that if the  Authverifier field
> is present that the server will behave as described in MS-LSAT
> 3.1.4.9. When the Authverifier field is absent then it will lead to an
> msrpc Fault of access denied.

We have connected with level 'connect', which does not have an
authentication verifier.  All previous packets (prepared similarly) are
processed.  Why is this call different?

> Is it the intention of your test to determine what would happen when a
> LSARPC:LsarLookupSids3 Request is made when there is no Authverifier
> information present?

The intention of this test is to run over all the calls, and test each
one.  We were expecting an error code of
NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED or NT_STATUS_ACCESS_DENIED.  Getting
an RPC fault was most unexpected.  Perhaps there is there a way certain
calls are marked in the IDL as to cause this behaviour?

> Thanks
> John
> 
> PS: I looked into your question about running your test suites. I
> found out that some of the Interop folks have an instance of your
> Samba 4 running as a DC and that some of the SMBTorture tests have
> been run against it. More information in this area should be
> forthcoming.

That part is easy - do they have smbtorture running against Windows
servers, or your tests running against Samba?

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/cifs-protocol/attachments/20080830/53e64065/attachment.bin

More information about the cifs-protocol mailing list