SID related debug messages

Michael Steffens michael.steffens at hp.com
Mon Mar 31 11:56:45 GMT 2003


Hi,

the attached enhancements of SID related debug messages were quite
useful for me for tracking down where "strange" SIDs winbindd
complained about are coming from.

Being there I found that my suspicous SIDs are included in the
user token from DC on domain client validation, in the "other
sids" section. Is this the place where W2k SID history lives?

Cheers!
Michael
-------------- next part --------------
Index: source/nsswitch/winbindd_group.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_group.c,v
retrieving revision 1.3.4.25
diff -u -r1.3.4.25 winbindd_group.c
--- source/nsswitch/winbindd_group.c	14 Oct 2002 03:00:14 -0000	1.3.4.25
+++ source/nsswitch/winbindd_group.c	31 Mar 2003 11:46:32 -0000
@@ -290,7 +290,10 @@
 	sid_append_rid(&group_sid, group_rid);
 
 	if (!winbindd_lookup_name_by_sid(&group_sid, dom_name, group_name, &name_type)) {
-		DEBUG(1, ("could not lookup sid\n"));
+		fstring temp;
+
+		sid_to_string(temp, &group_sid);
+		DEBUG(1, ("could not lookup sid %s\n", temp));
 		return WINBINDD_ERROR;
 	}
 
Index: source/nsswitch/winbindd_util.c
===================================================================
RCS file: /cvsroot/samba/source/nsswitch/winbindd_util.c,v
retrieving revision 1.7.4.26
diff -u -r1.7.4.26 winbindd_util.c
--- source/nsswitch/winbindd_util.c	4 Mar 2003 23:35:50 -0000	1.7.4.26
+++ source/nsswitch/winbindd_util.c	31 Mar 2003 11:46:32 -0000
@@ -262,7 +262,7 @@
 	domain = find_domain_from_sid(sid);
 
 	if (!domain) {
-		DEBUG(1,("Can't find domain from sid\n"));
+		DEBUG(1,("Can't find domain from sid %s\n", sid_string_static(sid)));
 		return False;
 	}
 
Index: source/smbd/password.c
===================================================================
RCS file: /cvsroot/samba/source/smbd/password.c,v
retrieving revision 1.186.2.71
diff -u -r1.186.2.71 password.c
--- source/smbd/password.c	4 Mar 2003 23:36:00 -0000	1.186.2.71
+++ source/smbd/password.c	31 Mar 2003 11:46:32 -0000
@@ -1667,6 +1667,16 @@
 			sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid);
 		}
 
+		if (DEBUGLVL(10)) {
+			dbgtext("info3 group sids for %s in domain %s\n", user, domain);
+			for (i = 0; i < info3.num_groups2; i++) {
+				fstring temp;
+
+				sid_to_string(temp, &ptok->user_sids[i]);
+				dbgtext("        [%d] %s\n", i, temp);
+			}
+		}
+
 		/* Universal group memberships for other domains are
 		   stored in the info3.other_sids field.  We also need to
 		   do sid filtering here. */
@@ -1674,6 +1684,16 @@
 		for (i = 0; i < info3.num_other_sids; i++)
 			sid_copy(&ptok->user_sids[info3.num_groups2 + i], 
 				 &info3.other_sids[i].sid);
+
+		if (DEBUGLVL(10)) {
+			dbgtext("info3 other sids for %s in domain %s\n", user, domain);
+			for (i = 0; i < info3.num_other_sids; i++) {
+				fstring temp;
+
+				sid_to_string(temp, &ptok->user_sids[info3.num_groups2 + i]);
+				dbgtext("        [%d] %s\n", i, temp);
+			}
+		}
 
 		*pptoken = ptok;
 	}


More information about the samba-technical mailing list