advice for quick hack on _old_ code?

Ben Johnson ben at
Fri Jun 21 12:57:07 GMT 2002

Hi.  I'm a junior engineer (who's starting to grow up) at WatchGuard
Tech.  We use some extremely old Samba code in our firewall to provide
user authentication against an NT server.  I've been working on and off
on a number of bugs in this type of authentication for more than a year
now, and I am finally making some headway.

I have found a work around for one of our bugs earlier today, but I am
hoping to fix it the right way, if that's possible.

The bug:  if the concatenated groupnames a user is in form a string of
greater than 255 characters long, the authentication fails.

I found that the problem occurs when the first of presumably many
packets containing group names returns from the NT server with a status
code of 0x80000005.  Our code interpreted this as a failure.

I found that if I ignore it I can get a truncated list of groups from
the single packet.  Better yet, if I send a number of packets, each
asking for a small number of groups, then I can get the entire list in
chunks with no error code at all.  This seems awfully hackish though.

I've tried sending the same packet to the server more than once when I
get a 0x80000005 status.  I've tried sending a new packet that asks for
only the groups that weren't returned in the first reply.  None of this
has worked.  The result is a new error code: 0xC00000AE, which I don't
know how to interpret.

I have feeling that what I need is a transaction definition that tells
the NT server that I am ready to receive more of the group names.  I
don't know how to find that though.  And, unfortunately, all our
transaction command definitions are defined as raw byte arrays, which is
difficult to interpret.  example...

// CreateFile("\samr")
const UCHAR Transaction00[] = { // DB
0x05,0x00,0x0B,0x00,0x10,0x00,0x00,0x00, 0x48,0x00,0x00,0x00,0x67,0x00,0x68,0x00,
0x30,0x16,0x30,0x16,0x00,0x00,0x00,0x00, 0x01,0x00,0x00,0x00,0x00,0x00,0x01,0x00,
0x78,0x57,0x34,0x12,0x34,0x12,0xCD,0xAB, 0xEF,0x00,0x01,0x23,0x45,0x67,0x89,0xAC,
0x01,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A, 0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,

Can anyone help me out, or should I just go with my
ask-for-many-small-lists workaround?

Thanks a lot for any help.

- Ben

More information about the samba-technical mailing list