CVS update: samba/source/smbd

Gerald (Jerry) Carter jerry at
Sun Jul 13 02:17:38 GMT 2003

Hash: SHA1

On Sat, 12 Jul 2003, Volker Lendecke wrote:

> On Fri, Jul 11, 2003 at 02:49:44PM -0500, Gerald (Jerry) Carter wrote:
> > if we don't know a sid, then we can't do anything about it.  I 
> > know all the discussion surrounding it, but it was something we 
> > had give up to get some of the other things working.  Sorry about 
> > your article.  If you can describe a solution within the current 
> > framework, I'll gladly listen.
> That's what my patch had tried to fix. I don't know what else I broke,
> but with that patch it worked. Could you tell what part of my logic was
> wrong?

See my response to bartlet on samba-technical wrt to unknown SIDs.

I remember your patch didn't use the winbindd_sid_to_uid_query() call
like the original code, but given that the original code was wrong 
this is kind of a moot point.

I looked over your patch again and I see how it would allocate a uid
for an unknown SID, but I think this opens us up ot a DoS attack.

cheers, jerry
 Hewlett-Packard            -------------------------
 SAMBA Team                 ----------------------
 GnuPG Key                  ----
 "You can never go home again, Oatman, but I guess you can shop there."  
                            --John Cusack - "Grosse Point Blank" (1997)

Version: GnuPG v1.2.1 (GNU/Linux)
Comment: For info see


More information about the samba-technical mailing list