[Patches] AD DC and lsa lookup sids/names for trusts

Andreas Schneider asn at samba.org
Tue Feb 20 15:42:07 UTC 2018

On Monday, 19 February 2018 22:51:50 CET Stefan Metzmacher via samba-technical 
> Hi,
> here're some patches, which are currently being reviewed by Ralph.
> They allow transitive forwarding of lsa lookup sids/names to trusted
> domains and forests, when acting as AD DC.
> The most important reason to have this is, that Samba domain member
> servers rely on lsa lookup sids/names to work for a successful
> authentication.
> The bug references need to we updated...
> The meta bug is https://bugzilla.samba.org/show_bug.cgi?id=13287

Beside the things which Ralph found:


s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lo...
s3:cli_lsarpc: use talloc_zero_array() in dcerpc_lsa_lo...

could you please split the 'if' in two lines while at it?

  names = talloc_zero_array(mem_ctx, char *, num_sids);
  if (name == NULL) {


rpcclient: add lookupsids_level command

The pointers are not initialized with NULL

Also if-clause for-loop miss brackets { } ... CVE-2014-1266


s4:rpc_server/lsa: base dcesrv_lsa_LookupNames2() on 

struct lsa_LookupNames3 r2;

Use struct lsa_LookupNames3 r2 = {0}; and remove the ZERO_STRUCT(r2) then.

Andreas Schneider                   GPG-ID: CC014E3D
Samba Team                             asn at samba.org

More information about the samba-technical mailing list