Created attachment 18543 [details] new smbtorture test rpc.spoolss.printerhandles run against win2k12r2 server
Created attachment 18544 [details] new smbtorture test rpc.spoolss.printerhandles run against win2k16 server
We have a customer reporting they are getting alot of "dcesrv_handle_lookup: Attempt to use invalid sid S-1-2-3-blah-blah-foo - S-1-2-3-blah-blah-blah-bar" error. Logging through the logs it seems that this scenario occurs when userA opens a printer_handle and userB closes it. Interestingly 'userB' in this case is actually the machine account (of the machine userA is logged into) I am going to add a patch set here which includes a new smbtorture test (rpc.spoolss.printhandles) This test opens a printer to get a printer_handle (with connection using the credentials passed to smbtorture) and opens a second connection which either uses anomymous credentials or credentials generated from env variables DOMAIN_USER & DOMAIN_USER_PASSWORD) I also attaching wiretraces of the same smbtorture test running against win2k12r2 and win2k16 the commands to generate the traces are as follows (win2k12r2) DOMAIN_USER=npower DOMAIN_USER_PASSWORD=1234567890 TEST_PRINTER="\\\\192.168.122.15\\\\\\tw2024\\testy" ./bin/smbtorture -d0 -USAMBAUNIVERSE\\Administrator%1234567890 //192.168.122.15/Testshare rpc.spoolss.printerhandles smbtorture 4.22.0pre1-DEVELOPERBUILD Using seed 1738159038 time: 2025-01-29 13:57:18.708959 progress: 1 test: printerpolicyhandle.opencloseprinter time: 2025-01-29 13:57:18.732446 Testing close on secondary pipe with second user time: 2025-01-29 13:57:18.739391 success: printerpolicyhandle.opencloseprinter (win2k16) DOMAIN_USER=npower DOMAIN_USER_PASSWORD=1234567890 TEST_PRINTER="\\\\WINDOZE4ME.SAMBADOMAIN.GORDY\\\\\\npsle15sp6\\testy" ./bin/smbtorture -UAdministrator%1234567890 //windoze4me.sambadomain.gordy/C$ rpc.spoolss.printerhandles This is a regression as prior to move of the s4 handle implementation to s3 the handle checking was much less strict (and didn't check the sid) I'm guessing removing the sid check could possibly introduce some security problems so this is an attempt to introduce the ability to create handles that don't require the sid check and will allow such handles to be exchanged with other users.