svn commit: samba r17183 - in branches: SAMBA_3_0/source/rpc_server SAMBA_3_0_23/source/rpc_server

Gerald (Jerry) Carter jerry at
Sun Jul 23 11:18:59 GMT 2006

Hash: SHA1

Volker Lendecke wrote:

> To me this seems rather random. Attached find a 
> sniff that shows both behaviour... w2k3ad is the DC
> I ask, it trusts w2000ad and windows, windows
> being NT4. See that although the w2000ad domain
> is mentioned in the referenced domains it
> lists the SID, with an referenced index -1, 
> whereas the same situation for Windows lists the RID
> in hex.
> Can anybody make any sense of this? And, do you want to rely
> on this???
> I'm fine with the change you made to Samba, I'll add a
> comment though.

I don't think the behavior is random (sort of) but I also
think the original bug is different that what I fixed.
Looking back at the lookupsid.pcap trace I sent you,
I noticed that we set the index to the unknown SID to be -1.
This is what caused the Win32 API call to fail.  If the
index is -1, the string has to be the full SID.  If the Sid
is within on the trusted SID list, we can just send
back the rid but we have to set the correct index.

So setting the sid string is the safest since we don't
have to worry about the looking up up the right index.

Fair enough?

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE -


More information about the samba-technical mailing list