diff options
| author | Jeremy Allison <jra@samba.org> | 2000-07-27 00:47:19 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2000-07-27 00:47:19 +0000 |
| commit | 5ec1642809d9de83da8c88c65d6595c6eb0270f5 (patch) | |
| tree | f6f4f1e0b3678394fca8b7c37f71084a1b166671 /source3/rpc_server/srv_pipe_hnd.c | |
| parent | 134a4b86548db77cba292c50fbd6b91ecaa69f14 (diff) | |
| download | samba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.tar.gz samba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.tar.bz2 samba-5ec1642809d9de83da8c88c65d6595c6eb0270f5.zip | |
Ok - this is a *BIG* change - but it fixes the problems with static strings
in the RPC code. This change was prompted by trying to save a long (>256)
character comment in the printer properties page.
The new system associates a TALLOC_CTX with the pipe struct, and frees
the pool on return of a complete PDU.
A global TALLOC_CTX is used for the odd buffer allocated in the BUFFERxx
code, and is freed in the main loop.
This code works with insure, and seems to be free of memory leaks and
crashes (so far) but there are probably the occasional problem with
code that uses UNISTRxx structs on the stack and expects them to contain
storage without doing a init_unistrXX().
This means that rpcclient will probably be horribly broken.
A TALLOC_CTX also needed associating with the struct cli_state also,
to make the prs_xx code there work.
The main interface change is the addition of a TALLOC_CTX to the
prs_init calls - used for dynamic allocation in the prs_XXX calls.
Now this is in place it should make dynamic allocation of all RPC
memory on unmarshall *much* easier to fix.
Jeremy.
(This used to be commit 0ff2ce543ee54f7364e6d839db6d06e7ef1edcf4)
Diffstat (limited to 'source3/rpc_server/srv_pipe_hnd.c')
| -rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 210 |
1 files changed, 46 insertions, 164 deletions
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index faba41b925..e51bc5ae4d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -78,8 +78,10 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data) +static BOOL pipe_init_outgoing_data(pipes_struct *p) { + output_data *o_data = &p->out_data; + /* Reset the offset counters. */ o_data->data_sent_length = 0; o_data->current_pdu_len = 0; @@ -94,7 +96,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -103,60 +105,6 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) } /**************************************************************************** - Attempt to find a remote process to communicate RPC's with. -****************************************************************************/ - -#if 0 - -static void attempt_remote_rpc_connect(pipes_struct *p) -{ - struct user_creds usr; - user_struct *vuser = get_valid_user_struct(p->vuid); - - p->m = NULL; - - if (vuser == NULL) { - DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid)); - return; - } - - ZERO_STRUCT(usr); - - /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, - vuser->user.full_name, vuser->guest); - usr.ptr_uxc = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_uxs = 1; - - usr.ptr_ssk = 1; - DEBUG(10,("user session key not available (yet).\n")); - DEBUG(10,("password-change operations may fail.\n")); - -#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT - memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); -#else - memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); -#endif - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - - become_root(); /* to connect to pipe */ - p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); - unbecome_root(); - - if (p->m == NULL) - DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); -} - -#endif - -/**************************************************************************** Find first available pipe slot. ****************************************************************************/ @@ -196,6 +144,12 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ZERO_STRUCTP(p); + if ((p->mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + free(p); + return NULL; + } + DLIST_ADD(Pipes, p); /* @@ -205,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } @@ -250,7 +204,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, 4, MARSHALL); + prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL); ZERO_STRUCT(p->pipe_user); @@ -332,7 +286,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], p->in_data.pdu_received_len, False); @@ -344,6 +298,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -354,6 +309,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(p->hdr.major != 5 && p->hdr.minor != 0) { DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -366,6 +322,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -376,6 +333,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -394,6 +352,8 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + prs_mem_free(&rpc_in); + return 0; /* No extra data processed. */ } @@ -505,7 +465,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); /* @@ -536,6 +496,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) char *data_p = (char *)&p->in_data.current_in_pdu[0]; BOOL reply = False; + if (p->mem_ctx) { + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } + if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); @@ -544,7 +512,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) return (ssize_t)data_len; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); DEBUG(10,("process_complete_pdu: processing packet type %u\n", @@ -556,14 +524,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -578,6 +546,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); setup_fault_pdu(p); + prs_mem_free(&rpc_in); } else { /* * Reset the lengths. We're ready for a new pdu. @@ -586,6 +555,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) p->in_data.pdu_received_len = 0; } + prs_mem_free(&rpc_in); return (ssize_t)data_len; } @@ -687,14 +657,7 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); - /* - * Deal with the redirect to the remote RPC daemon. - */ - - if(p->m) - data_used = write(p->m->fd, data, data_left); - else - data_used = process_incoming_data(p, data, data_left); + data_used = process_incoming_data(p, data, data_left); DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); @@ -709,70 +672,6 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) } /**************************************************************************** - Gets data from a remote TNG daemon. Gets data from the remote daemon into - the outgoing prs_struct. - - NB. Note to Luke : This code will be broken until Luke implements a length - field before reply data... - -****************************************************************************/ - -static BOOL read_from_remote(pipes_struct *p) -{ - uint32 data_len; - uint32 data_len_left; - - if(prs_offset(&p->out_data.rdata) == 0) { - - ssize_t len = 0; - - /* - * Read all the reply data as a stream of pre-created - * PDU's from the remote deamon into the rdata struct. - */ - - /* - * Create the response data buffer. - */ - - if(!pipe_init_outgoing_data(&p->out_data)) { - DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); - return False; - } - - /* Read from remote here. */ - if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) { - DEBUG(0,("read_from_remote: failed to read from external daemon.\n")); - prs_mem_free(&p->out_data.rdata); - return False; - } - - /* Set the length we got. */ - prs_set_offset(&p->out_data.rdata, (uint32)len); - } - - /* - * The amount we send is the minimum of the available - * space and the amount left to send. - */ - - data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; - - /* - * Ensure there really is data left to send. - */ - - if(!data_len_left) { - DEBUG(0,("read_from_remote: no data left to send !\n")); - return False; - } - - data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN); - - return False; /* Notfinished... */ -} - -/**************************************************************************** Replies to a request to read data from a pipe. Headers are interspersed with the data at PDU intervals. By the time @@ -844,28 +743,16 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, return 0; } - if(p->m) { - /* - * Remote to the RPC daemon. - */ - if(!read_from_remote(p)) { - DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name )); - return -1; - } - - } else { - - /* - * We need to create a new PDU from the data left in p->rdata. - * Create the header/data/footers. This also sets up the fields - * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length - * and stores the outgoing PDU in p->current_pdu. - */ + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ - if(!create_next_pdu(p)) { - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); - return -1; - } + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; } data_returned = MIN(n, p->out_data.current_pdu_len); @@ -937,18 +824,13 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) prs_mem_free(&p->out_data.rdata); prs_mem_free(&p->in_data.data); + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; - if (p->m != NULL) { - DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - DEBUG(4,("OK\n")); - else - DEBUG(4,("FAILED\n")); - } - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); |