The changes for error injection in Samba AD-DC MSRPC requests

Richard Sharpe realrichardsharpe at
Tue Aug 29 16:48:30 UTC 2023

Hi folks,

Attached are two patches to provide early access and solicit feedback
on the error injection changes I have made so far. I suspect there are
mistakes I have made and there may be better ways to do this, so I
would appreciate feedback.

Since the code is under the GPL these patches must also be regarded as being so.

The changes allow you to add things like the following to the smb.conf:

"lsarpc error inject = lsa_LookupSids error NT_STATUS_RPC_CALL_FAILED
5; lsa_LookupSids delay 3000 5"

The meaning of this is inject the specified error into LookupSids
responses very five requests and also delay them for 2 seconds.

The changes modify Pidl to generate code to:

1. Parse the error injection parameter. This has to handle multiple
RPC requests etc and may be an issue in that there may be a limit to
the amount of text you can include. This is handled when the RPC
interface is initialized.
2. Check and inject the errors when needed.

The potential problems I see:

1. If I have not defined an smb.conf parameter for an MSRPC interface
you cannot inject errors for it. I see that during domain join LSA and
SAMR are used, but I have only enabled error injection for LSA. This
is easy to fix but requires a rebuild.
2. I have done really ugly things in
3. The code changes in librpc/rpc/dcesrv_core.c needs to be looked at carefully.

The good news is that it seems to work and is now async. The second
change was to ensure that if more than one client was calling MSRPC
requests and the first one required a delay the others would also not
hit a delay. In that respect you need to apply both changes.

The changes are based on 4.19.0rc1 but probably will apply cleanly to
other builds. I started with mainline but then dropped back to 4.19.0.
Also, there is an RPM SPEC file in the patch that you can possibly

Any feedback at all is welcome.

Richard Sharpe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-HS-10380-Allow-error-injection-into-Samba-as-an-AD-D.patch
Type: application/octet-stream
Size: 12265 bytes
Desc: not available
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-HS-20380-Add-a-spec-file-and-handle-delay-correctly.patch
Type: application/octet-stream
Size: 172095 bytes
Desc: not available
URL: <>

More information about the samba-technical mailing list