summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorSimo Sorce <idra@samba.org>2010-07-15 10:28:59 -0400
committerGünther Deschner <gd@samba.org>2010-07-16 01:51:18 +0200
commit100d37fc4624690423f6a932709b3f9046d05c64 (patch)
tree282b8a75e561fedef7db3bd5c27df74cd95c5ef6 /source3/rpc_server
parent8f2bfa88b5846528aa78840979a8ce8babef2cc0 (diff)
downloadsamba-100d37fc4624690423f6a932709b3f9046d05c64.tar.gz
samba-100d37fc4624690423f6a932709b3f9046d05c64.tar.bz2
samba-100d37fc4624690423f6a932709b3f9046d05c64.zip
s3-dcerpc: Use DATA_BLOB for pipes_struct input data
Signed-off-by: Günther Deschner <gd@samba.org>
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/rpc_ncacn_np_internal.c26
-rw-r--r--source3/rpc_server/srv_pipe.c19
-rw-r--r--source3/rpc_server/srv_pipe_hnd.c62
3 files changed, 25 insertions, 82 deletions
diff --git a/source3/rpc_server/rpc_ncacn_np_internal.c b/source3/rpc_server/rpc_ncacn_np_internal.c
index ceda2c781c..b79b479a08 100644
--- a/source3/rpc_server/rpc_ncacn_np_internal.c
+++ b/source3/rpc_server/rpc_ncacn_np_internal.c
@@ -144,20 +144,6 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
return NULL;
}
- /*
- * Initialize the incoming RPC data buffer with one PDU worth of memory.
- * We cheat here and say we're marshalling, as we intend to add incoming
- * data directly into the prs_struct and we want it to auto grow. We will
- * change the type to UNMARSALLING before processing the stream.
- */
-
- if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
- DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
- close_policy_by_pipe(p);
- TALLOC_FREE(p);
- return NULL;
- }
-
p->server_info = copy_serverinfo(p, server_info);
if (p->server_info == NULL) {
DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
@@ -194,8 +180,6 @@ static NTSTATUS internal_ndr_push(TALLOC_CTX *mem_ctx,
const struct ndr_interface_call *call;
struct ndr_push *push;
enum ndr_err_code ndr_err;
- DATA_BLOB blob;
- bool ret;
if (!ndr_syntax_id_equal(&table->syntax_id, &cli->abstract_syntax) ||
(opnum >= table->num_calls)) {
@@ -220,12 +204,10 @@ static NTSTATUS internal_ndr_push(TALLOC_CTX *mem_ctx,
return ndr_map_error2ntstatus(ndr_err);
}
- blob = ndr_push_blob(push);
- ret = prs_init_data_blob(&cli->pipes_struct->in_data.data, &blob, mem_ctx);
+ cli->pipes_struct->in_data.data = ndr_push_blob(push);
+ talloc_steal(cli->pipes_struct->mem_ctx,
+ cli->pipes_struct->in_data.data.data);
TALLOC_FREE(push);
- if (!ret) {
- return NT_STATUS_NO_MEMORY;
- }
return NT_STATUS_OK;
}
@@ -317,7 +299,7 @@ static NTSTATUS rpc_pipe_internal_dispatch(struct rpc_pipe_client *cli,
return status;
}
- prs_mem_free(&cli->pipes_struct->in_data.data);
+ data_blob_free(&cli->pipes_struct->in_data.data);
data_blob_free(&cli->pipes_struct->out_data.rdata);
return NT_STATUS_OK;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index 29b6d8e261..eae8a7dbf2 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -1719,7 +1719,9 @@ static bool api_rpcTNP(pipes_struct *p, struct ncacn_packet *pkt,
fstring name;
slprintf(name, sizeof(name)-1, "in_%s",
get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
- prs_dump(name, pkt->u.request.opnum, &p->in_data.data);
+ prs_dump_region(name, pkt->u.request.opnum,
+ p->in_data.data.data, 0,
+ p->in_data.data.length);
}
for (fn_num = 0; fn_num < n_cmds; fn_num++) {
@@ -1783,18 +1785,11 @@ static bool api_rpcTNP(pipes_struct *p, struct ncacn_packet *pkt,
get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
/* Check for buffer underflow in rpc parsing */
-
- if ((DEBUGLEVEL >= 10) &&
- (prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
- size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
- char *data = (char *)SMB_MALLOC(data_len);
-
+ if ((DEBUGLEVEL >= 10) &&
+ (pkt->frag_length < p->in_data.data.length)) {
DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
- if (data) {
- prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
- SAFE_FREE(data);
- }
-
+ dump_data(10, p->in_data.data.data + pkt->frag_length,
+ p->in_data.data.length - pkt->frag_length);
}
return True;
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index f2fb76ea49..3055e1a29c 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -56,7 +56,7 @@ static bool pipe_init_outgoing_data(pipes_struct *p)
static void set_incoming_fault(pipes_struct *p)
{
- prs_mem_free(&p->in_data.data);
+ data_blob_free(&p->in_data.data);
p->in_data.pdu_needed_len = 0;
p->in_data.pdu.length = 0;
p->fault_state = True;
@@ -145,21 +145,12 @@ static void free_pipe_context(pipes_struct *p)
{
data_blob_free(&p->out_data.frag);
data_blob_free(&p->out_data.rdata);
- prs_mem_free(&p->in_data.data);
+ data_blob_free(&p->in_data.data);
DEBUG(3, ("free_pipe_context: "
"destroying talloc pool of size %lu\n",
(unsigned long)talloc_total_size(p->mem_ctx)));
talloc_free_children(p->mem_ctx);
- /*
- * Re-initialize to set back to marshalling and set the
- * offset back to the start of the buffer.
- */
- if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
- DEBUG(0, ("free_pipe_context: "
- "rps_init failed!\n"));
- p->fault_state = True;
- }
}
/****************************************************************************
@@ -348,10 +339,10 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
* will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
*/
- if (prs_offset(&p->in_data.data) + data.length > MAX_RPC_DATA_SIZE) {
+ if (p->in_data.data.length + data.length > MAX_RPC_DATA_SIZE) {
DEBUG(0, ("process_request_pdu: "
"rpc data buffer too large (%u) + (%u)\n",
- (unsigned int)prs_data_size(&p->in_data.data),
+ (unsigned int)p->in_data.data.length,
(unsigned int)data.length));
set_incoming_fault(p);
return False;
@@ -361,14 +352,16 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
* Append the data portion into the buffer and return.
*/
- if (!prs_copy_data_in(&p->in_data.data,
- (char *)data.data, data.length)) {
- DEBUG(0, ("process_request_pdu: Unable to append data size %u "
- "to parse buffer of size %u.\n",
- (unsigned int)data.length,
- (unsigned int)prs_data_size(&p->in_data.data)));
- set_incoming_fault(p);
- return False;
+ if (data.length) {
+ if (!data_blob_append(p->mem_ctx, &p->in_data.data,
+ data.data, data.length)) {
+ DEBUG(0, ("Unable to append data size %u "
+ "to parse buffer of size %u.\n",
+ (unsigned int)data.length,
+ (unsigned int)p->in_data.data.length));
+ set_incoming_fault(p);
+ return False;
+ }
}
if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
@@ -379,30 +372,8 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
*/
/*
- * Ensure the internal prs buffer size is *exactly* the same
- * size as the current offset.
- */
-
- if (!prs_set_buffer_size(&p->in_data.data,
- prs_offset(&p->in_data.data))) {
- DEBUG(0, ("process_request_pdu: "
- "Call to prs_set_buffer_size failed!\n"));
- set_incoming_fault(p);
- return False;
- }
-
- /*
- * Set the parse offset to the start of the data and set the
- * prs_struct to UNMARSHALL.
- */
-
- prs_set_offset(&p->in_data.data, 0);
- prs_switch_type(&p->in_data.data, UNMARSHALL);
-
- /*
* Process the complete data stream here.
*/
-
if (pipe_init_outgoing_data(p)) {
ret = api_pipe_request(p, pkt);
}
@@ -454,7 +425,6 @@ static void process_complete_pdu(pipes_struct *p)
} else {
p->endian = RPC_BIG_ENDIAN;
}
- prs_set_endian_data(&p->in_data.data, p->endian);
DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype));
@@ -591,10 +561,6 @@ static void process_complete_pdu(pipes_struct *p)
}
done:
- /* Reset to little endian.
- * Probably don't need this but it won't hurt. */
- prs_set_endian_data(&p->in_data.data, RPC_LITTLE_ENDIAN);
-
if (!reply) {
DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
"pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),