svn commit: samba r17183 - in branches: SAMBA_3_0/source/rpc_server SAMBA_3_0_23/source/rpc_server

[Gerald (Jerry) Carter]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Volker Lendecke wrote:

> To me this seems rather random. Attached find a 
> sniff that shows both behaviour... w2k3ad is the DC
> I ask, it trusts w2000ad and windows, windows
> being NT4. See that although the w2000ad domain
> is mentioned in the referenced domains it
> lists the SID, with an referenced index -1, 
> whereas the same situation for Windows lists the RID
> in hex.
> 
> Can anybody make any sense of this? And, do you want to rely
> on this???
> 
> I'm fine with the change you made to Samba, I'll add a
> comment though.

I don't think the behavior is random (sort of) but I also
think the original bug is different that what I fixed.
Looking back at the lookupsid.pcap trace I sent you,
I noticed that we set the index to the unknown SID to be -1.
This is what caused the Win32 API call to fail.  If the
index is -1, the string has to be the full SID.  If the Sid
is within on the trusted SID list, we can just send
back the rid but we have to set the correct index.

So setting the sid string is the safest since we don't
have to worry about the looking up up the right index.

Fair enough?




cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFEw1sjIR7qMdg1EfYRArvTAJ4tVCNG21EqmYtOVOZZVT8ZynUmBgCgmTq1
oinghE75/6/s+P8UuZJPPgE=
=wGQd
-----END PGP SIGNATURE-----