summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-11-27 11:22:58 -0800
committerJeremy Allison <jra@samba.org>2007-11-27 11:22:58 -0800
commit3a452a15b7185dd4023c7dc8d44004c962f39d98 (patch)
tree3820baa751dde1dfa571a81753cf6ff0bd6951fb /source3/rpc_server
parent9d42af0d2447f8b344d79a67bf7181336c077ad0 (diff)
downloadsamba-3a452a15b7185dd4023c7dc8d44004c962f39d98.tar.gz
samba-3a452a15b7185dd4023c7dc8d44004c962f39d98.tar.bz2
samba-3a452a15b7185dd4023c7dc8d44004c962f39d98.zip
Remove pstring from everything in rpc_server except
srv_spoolss_nt.c and srv_srvsvc_nt.c. They're next :-). Jeremy. (This used to be commit 55b4f9d003b036af69085f7b64e0df08c5ba440d)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_eventlog_lib.c151
-rw-r--r--source3/rpc_server/srv_eventlog_nt.c162
-rw-r--r--source3/rpc_server/srv_netlog_nt.c27
-rw-r--r--source3/rpc_server/srv_samr_util.c3
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c2
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c25
-rw-r--r--source3/rpc_server/srv_winreg_nt.c256
7 files changed, 358 insertions, 268 deletions
diff --git a/source3/rpc_server/srv_eventlog_lib.c b/source3/rpc_server/srv_eventlog_lib.c
index 00afe5b05c..b9648283e1 100644
--- a/source3/rpc_server/srv_eventlog_lib.c
+++ b/source3/rpc_server/srv_eventlog_lib.c
@@ -62,17 +62,16 @@ TDB_CONTEXT *elog_init_tdb( char *tdbfilename )
and size. Caller must free memory.
********************************************************************/
-char *elog_tdbname( const char *name )
+char *elog_tdbname(TALLOC_CTX *ctx, const char *name )
{
- fstring path;
- char *tdb_fullpath;
- char *eventlogdir = state_path( "eventlog" );
-
- pstr_sprintf( path, "%s/%s.tdb", eventlogdir, name );
- strlower_m( path );
- tdb_fullpath = SMB_STRDUP( path );
-
- return tdb_fullpath;
+ char *path = talloc_asprintf(ctx, "%s/%s.tdb",
+ state_path("eventlog"),
+ name);
+ if (!path) {
+ return NULL;
+ }
+ strlower_m(path);
+ return path;
}
@@ -320,13 +319,13 @@ ELOG_TDB *elog_open_tdb( char *logname, bool force_clear )
TDB_CONTEXT *tdb = NULL;
uint32 vers_id;
ELOG_TDB *ptr;
- char *tdbfilename;
- pstring tdbpath;
+ char *tdbpath = NULL;
ELOG_TDB *tdb_node = NULL;
char *eventlogdir;
+ TALLOC_CTX *ctx = talloc_tos();
/* first see if we have an open context */
-
+
for ( ptr=open_elog_list; ptr; ptr=ptr->next ) {
if ( strequal( ptr->name, logname ) ) {
ptr->ref_count++;
@@ -345,27 +344,28 @@ ELOG_TDB *elog_open_tdb( char *logname, bool force_clear )
return ptr;
}
}
-
+
/* make sure that the eventlog dir exists */
-
+
eventlogdir = state_path( "eventlog" );
if ( !directory_exist( eventlogdir, NULL ) )
- mkdir( eventlogdir, 0755 );
-
+ mkdir( eventlogdir, 0755 );
+
/* get the path on disk */
-
- tdbfilename = elog_tdbname( logname );
- pstrcpy( tdbpath, tdbfilename );
- SAFE_FREE( tdbfilename );
- DEBUG(7,("elog_open_tdb: Opening %s...(force_clear == %s)\n",
+ tdbpath = elog_tdbname(ctx, logname);
+ if (!tdbpath) {
+ return NULL;
+ }
+
+ DEBUG(7,("elog_open_tdb: Opening %s...(force_clear == %s)\n",
tdbpath, force_clear?"True":"False" ));
-
+
/* the tdb wasn't already open or this is a forced clear open */
if ( !force_clear ) {
- tdb = tdb_open_log( tdbpath, 0, TDB_DEFAULT, O_RDWR , 0 );
+ tdb = tdb_open_log( tdbpath, 0, TDB_DEFAULT, O_RDWR , 0 );
if ( tdb ) {
vers_id = tdb_fetch_int32( tdb, EVT_VERSION );
@@ -593,9 +593,8 @@ void fixup_eventlog_entry( Eventlog_entry * ee )
bool parse_logentry( char *line, Eventlog_entry * entry, bool * eor )
{
+ TALLOC_CTX *ctx = talloc_tos();
char *start = NULL, *stop = NULL;
- pstring temp;
- int temp_len = 0;
start = line;
@@ -661,62 +660,69 @@ bool parse_logentry( char *line, Eventlog_entry * entry, bool * eor )
} else if ( 0 == strncmp( start, "USL", stop - start ) ) {
entry->record.user_sid_length = atoi( stop + 1 );
} else if ( 0 == strncmp( start, "SRC", stop - start ) ) {
- memset( temp, 0, sizeof( temp ) );
stop++;
while ( isspace( stop[0] ) ) {
stop++;
}
- temp_len = strlen( stop );
- strncpy( temp, stop, temp_len );
- rpcstr_push( ( void * ) ( entry->data_record.source_name ),
- temp, sizeof( entry->data_record.source_name ),
- STR_TERMINATE );
- entry->data_record.source_name_len =
- ( strlen_w( entry->data_record.source_name ) * 2 ) +
- 2;
+ entry->data_record.source_name_len = rpcstr_push_talloc(ctx,
+ &entry->data_record.source_name,
+ stop);
+ if (entry->data_record.source_name_len == (size_t)-1 ||
+ entry->data_record.source_name == NULL) {
+ return false;
+ }
} else if ( 0 == strncmp( start, "SRN", stop - start ) ) {
- memset( temp, 0, sizeof( temp ) );
stop++;
while ( isspace( stop[0] ) ) {
stop++;
}
- temp_len = strlen( stop );
- strncpy( temp, stop, temp_len );
- rpcstr_push( ( void * ) ( entry->data_record.computer_name ),
- temp, sizeof( entry->data_record.computer_name ),
- STR_TERMINATE );
- entry->data_record.computer_name_len =
- ( strlen_w( entry->data_record.computer_name ) * 2 ) +
- 2;
+ entry->data_record.computer_name_len = rpcstr_push_talloc(ctx,
+ &entry->data_record.computer_name,
+ stop);
+ if (entry->data_record.computer_name_len == (size_t)-1 ||
+ entry->data_record.computer_name == NULL) {
+ return false;
+ }
} else if ( 0 == strncmp( start, "SID", stop - start ) ) {
- memset( temp, 0, sizeof( temp ) );
stop++;
while ( isspace( stop[0] ) ) {
stop++;
}
- temp_len = strlen( stop );
- strncpy( temp, stop, temp_len );
- rpcstr_push( ( void * ) ( entry->data_record.sid ), temp,
- sizeof( entry->data_record.sid ),
- STR_TERMINATE );
- entry->record.user_sid_length =
- ( strlen_w( entry->data_record.sid ) * 2 ) + 2;
+ entry->record.user_sid_length = rpcstr_push_talloc(ctx,
+ &entry->data_record.sid,
+ stop);
+ if (entry->record.user_sid_length == (size_t)-1 ||
+ entry->data_record.sid == NULL) {
+ return false;
+ }
} else if ( 0 == strncmp( start, "STR", stop - start ) ) {
+ smb_ucs2_t *temp = NULL;
+ size_t tmp_len;
+ uint32_t old_len;
/* skip past initial ":" */
stop++;
/* now skip any other leading whitespace */
- while ( isspace( stop[0] ) ) {
+ while ( isspace(stop[0])) {
stop++;
}
- temp_len = strlen( stop );
- memset( temp, 0, sizeof( temp ) );
- strncpy( temp, stop, temp_len );
- rpcstr_push( ( void * ) ( entry->data_record.strings +
- ( entry->data_record.strings_len / 2 ) ),
- temp,
- sizeof( entry->data_record.strings ) -
- ( entry->data_record.strings_len / 2 ), STR_TERMINATE );
- entry->data_record.strings_len += ( temp_len * 2 ) + 2;
+ tmp_len = rpcstr_push_talloc(ctx,
+ &temp,
+ stop);
+ if (tmp_len == (size_t)-1 || !temp) {
+ return false;
+ }
+ old_len = entry->data_record.strings_len;
+ entry->data_record.strings = (smb_ucs2_t *)TALLOC_REALLOC_ARRAY(ctx,
+ entry->data_record.strings,
+ char,
+ old_len + tmp_len);
+ if (!entry->data_record.strings) {
+ return false;
+ }
+ memcpy(entry->data_record.strings + old_len,
+ temp,
+ tmp_len);
+ entry->data_record.strings_len += tmp_len;
entry->record.num_strings++;
} else if ( 0 == strncmp( start, "DAT", stop - start ) ) {
/* skip past initial ":" */
@@ -725,25 +731,18 @@ bool parse_logentry( char *line, Eventlog_entry * entry, bool * eor )
while ( isspace( stop[0] ) ) {
stop++;
}
- entry->data_record.user_data_len = strlen( stop );
- memset( entry->data_record.user_data, 0,
- sizeof( entry->data_record.user_data ) );
- if ( entry->data_record.user_data_len > 0 ) {
- /* copy no more than the first 1024 bytes */
- if ( entry->data_record.user_data_len >
- sizeof( entry->data_record.user_data ) )
- entry->data_record.user_data_len =
- sizeof( entry->data_record.
- user_data );
- memcpy( entry->data_record.user_data, stop,
- entry->data_record.user_data_len );
+ entry->data_record.user_data_len = strlen(stop);
+ entry->data_record.user_data = talloc_strdup(ctx,
+ stop);
+ if (!entry->data_record.user_data) {
+ return false;
}
} else {
/* some other eventlog entry -- not implemented, so dropping on the floor */
DEBUG( 10, ( "Unknown entry [%s]. Ignoring.\n", line ) );
/* For now return true so that we can keep on parsing this mess. Eventually
we will return False here. */
- return True;
+ return true;
}
- return True;
+ return true;
}
diff --git a/source3/rpc_server/srv_eventlog_nt.c b/source3/rpc_server/srv_eventlog_nt.c
index d86da9054c..cd06be1984 100644
--- a/source3/rpc_server/srv_eventlog_nt.c
+++ b/source3/rpc_server/srv_eventlog_nt.c
@@ -69,7 +69,7 @@ static EVENTLOG_INFO *find_eventlog_info_by_hnd( pipes_struct * p,
static bool elog_check_access( EVENTLOG_INFO *info, NT_USER_TOKEN *token )
{
- char *tdbname = elog_tdbname( info->logname );
+ char *tdbname = elog_tdbname(talloc_tos(), info->logname );
SEC_DESC *sec_desc;
bool ret;
NTSTATUS ntstatus;
@@ -280,22 +280,28 @@ static int elog_size( EVENTLOG_INFO *info )
}
/********************************************************************
- For the given tdb, get the next eventlog record into the passed
+ For the given tdb, get the next eventlog record into the passed
Eventlog_entry. returns NULL if it can't get the record for some reason.
********************************************************************/
-static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb,
- int recno, Eventlog_entry * ee )
+static Eventlog_entry *get_eventlog_record(prs_struct *ps,
+ TDB_CONTEXT *tdb,
+ int recno)
{
+ Eventlog_entry *ee = NULL;
TDB_DATA ret, key;
int srecno;
int reclen;
int len;
- pstring *wpsource, *wpcomputer, *wpsid, *wpstrs, *puserdata;
+ char *wpsource = NULL;
+ char *wpcomputer = NULL;
+ char *wpsid = NULL;
+ char *wpstrs = NULL;
+ char *puserdata = NULL;
- key.dsize = sizeof( int32 );
+ key.dsize = sizeof(int32);
srecno = recno;
key.dptr = ( uint8 * ) &srecno;
@@ -316,10 +322,11 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb,
if ( !len )
return NULL;
- /* ee = PRS_ALLOC_MEM(ps, Eventlog_entry, 1); */
-
- if ( !ee )
+ ee = TALLOC_ARRAY(ps->mem_ctx, Eventlog_entry, 1);
+ if (!ee) {
return NULL;
+ }
+ ZERO_STRUCTP(ee);
len = tdb_unpack( ret.dptr, ret.dsize, "ddddddwwwwddddddBBdBBBd",
&ee->record.length, &ee->record.reserved1,
@@ -347,36 +354,67 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb,
/* have to do the following because the tdb_unpack allocs a buff, stuffs a pointer to the buff
into it's 2nd argment for 'B' */
- if ( wpcomputer )
- memcpy( ee->data_record.computer_name, wpcomputer,
- ee->data_record.computer_name_len );
- if ( wpsource )
- memcpy( ee->data_record.source_name, wpsource,
- ee->data_record.source_name_len );
-
- if ( wpsid )
- memcpy( ee->data_record.sid, wpsid,
- ee->record.user_sid_length );
- if ( wpstrs )
- memcpy( ee->data_record.strings, wpstrs,
- ee->data_record.strings_len );
-
- /* note that userdata is a pstring */
- if ( puserdata )
- memcpy( ee->data_record.user_data, puserdata,
- ee->data_record.user_data_len );
-
- SAFE_FREE( wpcomputer );
- SAFE_FREE( wpsource );
- SAFE_FREE( wpsid );
- SAFE_FREE( wpstrs );
- SAFE_FREE( puserdata );
+ if (wpcomputer) {
+ ee->data_record.computer_name = TALLOC_MEMDUP(ee,
+ wpcomputer,
+ ee->data_record.computer_name_len);
+ if (!ee->data_record.computer_name) {
+ TALLOC_FREE(ee);
+ goto out;
+ }
+ }
+ if (wpsource) {
+ ee->data_record.source_name = TALLOC_MEMDUP(ee,
+ wpsource,
+ ee->data_record.source_name_len);
+ if (!ee->data_record.source_name) {
+ TALLOC_FREE(ee);
+ goto out;
+ }
+ }
+
+ if (wpsid) {
+ ee->data_record.sid = TALLOC_MEMDUP(ee,
+ wpsid,
+ ee->record.user_sid_length);
+ if (!ee->data_record.sid) {
+ TALLOC_FREE(ee);
+ goto out;
+ }
+ }
+ if (wpstrs) {
+ ee->data_record.strings = TALLOC_MEMDUP(ee,
+ wpstrs,
+ ee->data_record.strings_len);
+ if (!ee->data_record.strings) {
+ TALLOC_FREE(ee);
+ goto out;
+ }
+ }
+
+ if (puserdata) {
+ ee->data_record.user_data = TALLOC_MEMDUP(ee,
+ puserdata,
+ ee->data_record.user_data_len);
+ if (!ee->data_record.user_data) {
+ TALLOC_FREE(ee);
+ goto out;
+ }
+ }
+
+ out:
+
+ SAFE_FREE(wpcomputer);
+ SAFE_FREE(wpsource);
+ SAFE_FREE(wpsid);
+ SAFE_FREE(wpstrs);
+ SAFE_FREE(puserdata);
DEBUG( 10, ( "get_eventlog_record: read back %d\n", len ) );
DEBUG( 10,
( "get_eventlog_record: computer_name %d is ",
ee->data_record.computer_name_len ) );
- SAFE_FREE( ret.dptr );
+ SAFE_FREE(ret.dptr);
return ee;
}
@@ -387,7 +425,7 @@ static Eventlog_entry *get_eventlog_record( prs_struct * ps, TDB_CONTEXT * tdb,
static bool sync_eventlog_params( EVENTLOG_INFO *info )
{
- pstring path;
+ char *path = NULL;
uint32 uiMaxSize;
uint32 uiRetention;
REGISTRY_KEY *keyinfo;
@@ -395,6 +433,7 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
REGVAL_CTR *values;
WERROR wresult;
char *elogname = info->logname;
+ TALLOC_CTX *ctx = talloc_tos();
DEBUG( 4, ( "sync_eventlog_params with %s\n", elogname ) );
@@ -412,7 +451,10 @@ static bool sync_eventlog_params( EVENTLOG_INFO *info )
to use the same fetch/store api that we use in
srv_reg_nt.c */
- pstr_sprintf( path, "%s/%s", KEY_EVENTLOG, elogname );
+ path = talloc_asprintf(ctx, "%s/%s", KEY_EVENTLOG, elogname );
+ if (!path) {
+ return false;
+ }
wresult = regkey_open_internal( NULL, &keyinfo, path,
get_root_nt_token( ), REG_KEY_READ );
@@ -624,16 +666,20 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p,
EVENTLOG_R_CLEAR_EVENTLOG * r_u )
{
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
- pstring backup_file_name;
+ char *backup_file_name = NULL;
if ( !info )
return NT_STATUS_INVALID_HANDLE;
- pstrcpy( backup_file_name, "" );
- if ( q_u->backupfile.string ) {
- rpcstr_pull( backup_file_name, q_u->backupfile.string->buffer,
- sizeof( backup_file_name ),
- q_u->backupfile.string->uni_str_len * 2, 0 );
+ if (q_u->backupfile.string) {
+ size_t len = rpcstr_pull_talloc(p->mem_ctx,
+ &backup_file_name,
+ q_u->backupfile.string->buffer,
+ q_u->backupfile.string->uni_str_len * 2,
+ 0 );
+ if (len == (size_t)-1 || !backup_file_name) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
DEBUG(8,( "_eventlog_clear_eventlog: Using [%s] as the backup "
"file name for log [%s].",
@@ -647,7 +693,7 @@ NTSTATUS _eventlog_clear_eventlog( pipes_struct * p,
/* Force a close and reopen */
- elog_close_tdb( info->etdb, True );
+ elog_close_tdb( info->etdb, True );
become_root();
info->etdb = elog_open_tdb( info->logname, True );
unbecome_root();
@@ -674,7 +720,7 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
EVENTLOG_R_READ_EVENTLOG * r_u )
{
EVENTLOG_INFO *info = find_eventlog_info_by_hnd( p, &q_u->handle );
- Eventlog_entry entry, *ee_new;
+ Eventlog_entry *entry = NULL, *ee_new = NULL;
uint32 num_records_read = 0;
prs_struct *ps;
int bytes_left, record_number;
@@ -689,9 +735,9 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
bytes_left = q_u->max_read_size;
- if ( !info->etdb )
+ if ( !info->etdb )
return NT_STATUS_ACCESS_DENIED;
-
+
/* check for valid flags. Can't use the sequential and seek flags together */
elog_read_type = q_u->flags & (EVENTLOG_SEQUENTIAL_READ|EVENTLOG_SEEK_READ);
@@ -708,37 +754,39 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
if ( elog_read_type & EVENTLOG_SEQUENTIAL_READ )
record_number = info->current_record;
- else
+ else
record_number = q_u->offset;
while ( bytes_left > 0 ) {
/* assume that when the record fetch fails, that we are done */
- if ( !get_eventlog_record ( ps, ELOG_TDB_CTX(info->etdb), record_number, &entry ) )
+ entry = get_eventlog_record (ps, ELOG_TDB_CTX(info->etdb), record_number);
+ if (!entry) {
break;
+ }
DEBUG( 8, ( "Retrieved record %d\n", record_number ) );
-
+
/* Now see if there is enough room to add */
- if ( !(ee_new = read_package_entry( ps, q_u, r_u,&entry )) )
+ if ( !(ee_new = read_package_entry( ps, q_u, r_u, entry )) )
return NT_STATUS_NO_MEMORY;
if ( r_u->num_bytes_in_resp + ee_new->record.length > q_u->max_read_size ) {
r_u->bytes_in_next_record = ee_new->record.length;
/* response would be too big to fit in client-size buffer */
-
+
bytes_left = 0;
break;
}
-
+
add_record_to_resp( r_u, ee_new );
bytes_left -= ee_new->record.length;
- ZERO_STRUCT( entry );
+ TALLOC_FREE(entry);
num_records_read = r_u->num_records - num_records_read;
-
+
DEBUG( 10, ( "_eventlog_read_eventlog: read [%d] records for a total "
"of [%d] records using [%d] bytes out of a max of [%d].\n",
num_records_read, r_u->num_records,
@@ -749,13 +797,13 @@ NTSTATUS _eventlog_read_eventlog( pipes_struct * p,
record_number++;
else
record_number--;
-
+
/* update the eventlog record pointer */
-
+
info->current_record = record_number;
}
- /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to
+ /* crazy by WinXP uses NT_STATUS_BUFFER_TOO_SMALL to
say when there are no more records */
return (num_records_read ? NT_STATUS_OK : NT_STATUS_BUFFER_TOO_SMALL);
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index b6ae104d1c..29c60e07b5 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -948,16 +948,16 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
/* This is the point at which, if the login was successful, that
the SAM Local Security Authority should record that the user is
logged in to the domain. */
-
+
{
DOM_GID *gids = NULL;
const DOM_SID *user_sid = NULL;
const DOM_SID *group_sid = NULL;
DOM_SID domain_sid;
- uint32 user_rid, group_rid;
+ uint32 user_rid, group_rid;
int num_gids = 0;
- pstring my_name;
+ const char *my_name;
fstring user_sid_string;
fstring group_sid_string;
unsigned char user_session_key[16];
@@ -985,19 +985,18 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
DEBUG(1, ("_net_sam_logon: user %s\\%s has user sid "
"%s\n but group sid %s.\n"
"The conflicting domain portions are not "
- "supported for NETLOGON calls\n",
+ "supported for NETLOGON calls\n",
pdb_get_domain(sampw),
pdb_get_username(sampw),
sid_to_string(user_sid_string, user_sid),
sid_to_string(group_sid_string, group_sid)));
return NT_STATUS_UNSUCCESSFUL;
}
-
-
+
if(server_info->login_server) {
- pstrcpy(my_name, server_info->login_server);
+ my_name = server_info->login_server;
} else {
- pstrcpy(my_name, global_myname());
+ my_name = global_myname();
}
status = nt_token_to_group_list(p->mem_ctx, &domain_sid,
@@ -1011,7 +1010,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
if (server_info->user_session_key.length) {
memcpy(user_session_key,
- server_info->user_session_key.data,
+ server_info->user_session_key.data,
MIN(sizeof(user_session_key),
server_info->user_session_key.length));
if (process_creds) {
@@ -1029,7 +1028,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
}
if (server_info->lm_session_key.length) {
memcpy(lm_session_key,
- server_info->lm_session_key.data,
+ server_info->lm_session_key.data,
MIN(sizeof(lm_session_key),
server_info->lm_session_key.length));
if (process_creds) {
@@ -1045,10 +1044,10 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
SamOEMhash(lm_session_key, pipe_session_key, 16);
memset(pipe_session_key, '\0', 16);
}
-
- init_net_user_info3(p->mem_ctx, usr_info,
+
+ init_net_user_info3(p->mem_ctx, usr_info,
user_rid,
- group_rid,
+ group_rid,
pdb_get_username(sampw),
pdb_get_fullname(sampw),
pdb_get_homedir(sampw),
@@ -1071,7 +1070,7 @@ static NTSTATUS _net_sam_logon_internal(pipes_struct *p,
server_info->lm_session_key.length ? lm_session_key : NULL,
my_name , /* char *logon_srv */
pdb_get_domain(sampw),
- &domain_sid); /* DOM_SID *dom_sid */
+ &domain_sid); /* DOM_SID *dom_sid */
ZERO_STRUCT(user_session_key);
ZERO_STRUCT(lm_session_key);
}
diff --git a/source3/rpc_server/srv_samr_util.c b/source3/rpc_server/srv_samr_util.c
index f7e20797a7..bde7936343 100644
--- a/source3/rpc_server/srv_samr_util.c
+++ b/source3/rpc_server/srv_samr_util.c
@@ -235,7 +235,8 @@ void copy_id21_to_sam_passwd(struct samu *to, SAM_USER_INFO_21 *from)
}
if (from->fields_present & ACCT_LOGON_HOURS) {
- pstring oldstr, newstr;
+ char oldstr[44]; /* hours strings are 42 bytes. */
+ char newstr[44];
DEBUG(15,("INFO_21 LOGON_DIVS: %08X -> %08X\n",pdb_get_logon_divs(to),from->logon_divs));
if (from->logon_divs != pdb_get_logon_divs(to)) {
pdb_set_logon_divs(to, from->logon_divs, PDB_CHANGED);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 51dffb8904..9788eb5bcc 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1472,7 +1472,7 @@ char *valid_share_pathname(TALLOC_CTX *ctx, const char *dos_pathname)
}
/* Convert any '\' paths to '/' */
unix_format(ptr);
- ptr = unix_clean_name(talloc_tos(), ptr);
+ ptr = unix_clean_name(ctx, ptr);
if (!ptr) {
return NULL;
}
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index a6a9c855aa..7d81033264 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -288,29 +288,34 @@ WERROR _svcctl_open_service(pipes_struct *p, SVCCTL_Q_OPEN_SERVICE *q_u, SVCCTL_
SEC_DESC *sec_desc;
uint32 access_granted = 0;
NTSTATUS status;
- pstring service;
-
- rpcstr_pull(service, q_u->servicename.buffer, sizeof(service), q_u->servicename.uni_str_len*2, 0);
-
+ char *service = NULL;
+ size_t ret = rpcstr_pull_talloc(p->mem_ctx,
+ &service,
+ q_u->servicename.buffer,
+ q_u->servicename.uni_str_len*2,
+ 0);
+
+ if (ret == (size_t)-1 || !service) {
+ return WERR_NOMEM;
+ }
DEBUG(5, ("_svcctl_open_service: Attempting to open Service [%s], \n", service));
-
/* based on my tests you can open a service if you have a valid scm handle */
-
+
if ( !find_service_info_by_hnd( p, &q_u->handle ) )
return WERR_BADFID;
-
+
/* perform access checks. Use the root token in order to ensure that we
retrieve the security descriptor */
-
+
if ( !(sec_desc = svcctl_get_secdesc( p->mem_ctx, service, get_root_nt_token() )) )
return WERR_NOMEM;
-
+
se_map_generic( &q_u->access, &svc_generic_map );
status = svcctl_access_check( sec_desc, p->pipe_user.nt_user_token, q_u->access, &access_granted );
if ( !NT_STATUS_IS_OK(status) )
return ntstatus_to_werror( status );
-
+
return create_open_service_handle( p, &r_u->handle, SVC_HANDLE_IS_SERVICE, service, access_granted );
}
diff --git a/source3/rpc_server/srv_winreg_nt.c b/source3/rpc_server/srv_winreg_nt.c
index 4b268dda19..631386c078 100644
--- a/source3/rpc_server/srv_winreg_nt.c
+++ b/source3/rpc_server/srv_winreg_nt.c
@@ -494,21 +494,23 @@ WERROR _winreg_InitiateSystemShutdown(pipes_struct *p, struct winreg_InitiateSys
WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateSystemShutdownEx *r)
{
- pstring shutdown_script;
+ char *shutdown_script = NULL;
char *msg = NULL;
- pstring chkmsg;
+ char *chkmsg = NULL;
fstring str_timeout;
fstring str_reason;
fstring reboot;
fstring f;
int ret;
bool can_shutdown;
-
- pstrcpy(shutdown_script, lp_shutdown_script());
-
- if ( !*shutdown_script )
+ shutdown_script = talloc_strdup(p->mem_ctx, lp_shutdown_script());
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
+ if (!*shutdown_script) {
return WERR_ACCESS_DENIED;
+ }
/* pull the message string and perform necessary sanity checks on it */
@@ -518,66 +520,86 @@ WERROR _winreg_InitiateSystemShutdownEx(pipes_struct *p, struct winreg_InitiateS
if ( (msg = talloc_strdup(p->mem_ctx, r->in.message->name->name )) == NULL ) {
return WERR_NOMEM;
}
- alpha_strcpy (chkmsg, msg, NULL, sizeof(chkmsg));
- }
-
+ chkmsg = TALLOC_ARRAY(p->mem_ctx, char, strlen(msg)+1);
+ if (!chkmsg) {
+ return WERR_NOMEM;
+ }
+ alpha_strcpy(chkmsg, msg, NULL, strlen(msg)+1);
+ }
+
fstr_sprintf(str_timeout, "%d", r->in.timeout);
fstr_sprintf(reboot, r->in.reboot ? SHUTDOWN_R_STRING : "");
fstr_sprintf(f, r->in.force_apps ? SHUTDOWN_F_STRING : "");
fstr_sprintf(str_reason, "%d", r->in.reason );
- all_string_sub( shutdown_script, "%z", chkmsg, sizeof(shutdown_script) );
- all_string_sub( shutdown_script, "%t", str_timeout, sizeof(shutdown_script) );
- all_string_sub( shutdown_script, "%r", reboot, sizeof(shutdown_script) );
- all_string_sub( shutdown_script, "%f", f, sizeof(shutdown_script) );
- all_string_sub( shutdown_script, "%x", str_reason, sizeof(shutdown_script) );
+ shutdown_script = talloc_all_string_sub(p->mem_ctx,
+ shutdown_script, "%z", chkmsg ? chkmsg : "");
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
+ shutdown_script = talloc_all_string_sub(p->mem_ctx,
+ shutdown_script, "%t", str_timeout);
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
+ shutdown_script = talloc_all_string_sub(p->mem_ctx,
+ shutdown_script, "%r", reboot);
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
+ shutdown_script = talloc_all_string_sub(p->mem_ctx,
+ shutdown_script, "%f", f);
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
+ shutdown_script = talloc_all_string_sub(p->mem_ctx,
+ shutdown_script, "%x", str_reason);
+ if (!shutdown_script) {
+ return WERR_NOMEM;
+ }
can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
-
+
/* IF someone has privs, run the shutdown script as root. OTHERWISE run it as not root
Take the error return from the script and provide it as the Windows return code. */
-
+
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
-
- if ( can_shutdown )
+
+ if ( can_shutdown )
become_root();
ret = smbrun( shutdown_script, NULL );
-
+
if ( can_shutdown )
unbecome_root();
/********** END SeRemoteShutdownPrivilege BLOCK **********/
-
+
DEBUG(3,("_reg_shutdown_ex: Running the command `%s' gave %d\n",
shutdown_script, ret));
-
return (ret == 0) ? WERR_OK : WERR_ACCESS_DENIED;
}
-
-
-
/*******************************************************************
reg_abort_shutdwon
********************************************************************/
WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShutdown *r)
{
- pstring abort_shutdown_script;
+ const char *abort_shutdown_script;
int ret;
bool can_shutdown;
- pstrcpy(abort_shutdown_script, lp_abort_shutdown_script());
+ abort_shutdown_script = lp_abort_shutdown_script();
- if ( !*abort_shutdown_script )
+ if (!*abort_shutdown_script)
return WERR_ACCESS_DENIED;
-
+
can_shutdown = user_has_privileges( p->pipe_user.nt_user_token, &se_remote_shutdown );
-
+
/********** BEGIN SeRemoteShutdownPrivilege BLOCK **********/
-
+
if ( can_shutdown )
become_root();
@@ -597,49 +619,45 @@ WERROR _winreg_AbortSystemShutdown(pipes_struct *p, struct winreg_AbortSystemShu
/*******************************************************************
********************************************************************/
-static int validate_reg_filename( pstring fname )
+static int validate_reg_filename(TALLOC_CTX *ctx, char **pp_fname )
{
- char *p;
+ char *p = NULL;
int num_services = lp_numservices();
- int snum;
- pstring share_path;
- pstring unix_fname;
+ int snum = -1;
+ const char *share_path;
+ char *fname = *pp_fname;
/* convert to a unix path, stripping the C:\ along the way */
- if ( !(p = valid_share_pathname(NULL, fname)))
+ if (!(p = valid_share_pathname(ctx, fname))) {
return -1;
+ }
/* has to exist within a valid file share */
- for ( snum=0; snum<num_services; snum++ ) {
-
- if ( !lp_snum_ok(snum) || lp_print_ok(snum) )
+ for (snum=0; snum<num_services; snum++) {
+ if (!lp_snum_ok(snum) || lp_print_ok(snum)) {
continue;
+ }
- pstrcpy( share_path, lp_pathname(snum) );
+ share_path = lp_pathname(snum);
/* make sure we have a path (e.g. [homes] ) */
-
- if ( strlen( share_path ) == 0 )
+ if (strlen(share_path) == 0) {
continue;
+ }
- if ( strncmp( share_path, p, strlen( share_path )) == 0 )
+ if (strncmp(share_path, p, strlen(share_path)) == 0) {
break;
+ }
}
- /* p and fname are overlapping memory so copy out and back in again */
-
- pstrcpy( unix_fname, p );
- pstrcpy( fname, unix_fname );
-
- TALLOC_FREE(p);
-
+ *pp_fname = p;
return (snum < num_services) ? snum : -1;
}
/*******************************************************************
- Note: topkeypat is the *full* path that this *key will be
+ Note: topkeypat is the *full* path that this *key will be
loaded into (including the name of the key)
********************************************************************/
@@ -651,11 +669,11 @@ static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
REGVAL_CTR *values;
REGSUBKEY_CTR *subkeys;
int i;
- pstring path;
+ char *path = NULL;
WERROR result = WERR_OK;
-
+
/* initialize the REGISTRY_KEY structure */
-
+
if ( !(registry_key.hook = reghook_cache_find(topkeypath)) ) {
DEBUG(0,("reg_load_tree: Failed to assigned a REGISTRY_HOOK to [%s]\n",
topkeypath ));
@@ -667,48 +685,54 @@ static WERROR reg_load_tree( REGF_FILE *regfile, const char *topkeypath,
DEBUG(0,("reg_load_tree: Talloc failed for reg_key.name!\n"));
return WERR_NOMEM;
}
-
+
/* now start parsing the values and subkeys */
if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
return WERR_NOMEM;
-
+
if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
return WERR_NOMEM;
/* copy values into the REGVAL_CTR */
-
+
for ( i=0; i<key->num_values; i++ ) {
regval_ctr_addvalue( values, key->values[i].valuename, key->values[i].type,
(char*)key->values[i].data, (key->values[i].data_size & ~VK_DATA_IN_OFFSET) );
}
/* copy subkeys into the REGSUBKEY_CTR */
-
+
key->subkey_index = 0;
while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
regsubkey_ctr_addkey( subkeys, subkey->keyname );
}
-
+
/* write this key and values out */
-
- if ( !store_reg_values( &registry_key, values )
+
+ if ( !store_reg_values( &registry_key, values )
|| !store_reg_keys( &registry_key, subkeys ) )
{
DEBUG(0,("reg_load_tree: Failed to load %s!\n", topkeypath));
result = WERR_REG_IO_FAILURE;
}
-
+
TALLOC_FREE( subkeys );
-
+
if ( !W_ERROR_IS_OK(result) )
return result;
-
+
/* now continue to load each subkey registry tree */
key->subkey_index = 0;
while ( (subkey = regfio_fetch_subkey( regfile, key )) ) {
- pstr_sprintf( path, "%s%s%s", topkeypath, "\\", subkey->keyname );
+ path = talloc_asprintf(regfile->mem_ctx,
+ "%s\\%s",
+ topkeypath,
+ subkey->keyname);
+ if (!path) {
+ return WERR_NOMEM;
+ }
result = reg_load_tree( regfile, path, subkey );
if ( !W_ERROR_IS_OK(result) )
break;
@@ -741,13 +765,13 @@ static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
regfio_close( regfile );
return WERR_REG_FILE_INVALID;
}
-
+
result = reg_load_tree( regfile, krecord->name, rootkey );
-
+
/* cleanup */
-
+
regfio_close( regfile );
-
+
return result;
}
@@ -757,28 +781,31 @@ static WERROR restore_registry_key ( REGISTRY_KEY *krecord, const char *fname )
WERROR _winreg_RestoreKey(pipes_struct *p, struct winreg_RestoreKey *r)
{
struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
- pstring fname;
+ char *fname = NULL;
int snum;
-
+
if ( !regkey )
- return WERR_BADFID;
+ return WERR_BADFID;
if ( !r->in.filename || !r->in.filename->name )
return WERR_INVALID_PARAM;
- pstrcpy( fname, r->in.filename->name );
+ fname - talloc_strdup(p->mem_ctx, r->in.filename->name);
+ if (!fname) {
+ return WERR_NOMEM;
+ }
DEBUG(8,("_winreg_RestoreKey: verifying restore of key [%s] from "
"\"%s\"\n", regkey->key->name, fname));
- if ( (snum = validate_reg_filename( fname )) == -1 )
+ if ((snum = validate_reg_filename(p->mem_ctx, &fname)) == -1)
return WERR_OBJECT_PATH_INVALID;
-
+
/* user must posses SeRestorePrivilege for this this proceed */
-
+
if ( !user_has_privileges( p->pipe_user.nt_user_token, &se_restore ) )
return WERR_ACCESS_DENIED;
-
+
DEBUG(2,("_winreg_RestoreKey: Restoring [%s] from %s in share %s\n",
regkey->key->name, fname, lp_servicename(snum) ));
@@ -795,30 +822,33 @@ static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
REGVAL_CTR *values;
REGSUBKEY_CTR *subkeys;
int i, num_subkeys;
- pstring key_tmp;
+ char *key_tmp = NULL;
char *keyname, *parentpath;
- pstring subkeypath;
+ char *subkeypath = NULL;
char *subkeyname;
REGISTRY_KEY registry_key;
WERROR result = WERR_OK;
-
- if ( !regfile )
+
+ if (!regfile)
return WERR_GENERAL_FAILURE;
-
- if ( !keypath )
+
+ if (!keypath)
return WERR_OBJECT_PATH_INVALID;
-
+
/* split up the registry key path */
-
- pstrcpy( key_tmp, keypath );
- if ( !reg_split_key( key_tmp, &parentpath, &keyname ) )
+
+ key_tmp = talloc_strdup(regfile->mem_ctx, keypath);
+ if (!key_tmp) {
+ return WERR_NOMEM;
+ }
+ if (!reg_split_key( key_tmp, &parentpath, &keyname ) )
return WERR_OBJECT_PATH_INVALID;
if ( !keyname )
keyname = parentpath;
/* we need a REGISTRY_KEY object here to enumerate subkeys and values */
-
+
ZERO_STRUCT( registry_key );
if ( (registry_key.name = talloc_strdup(regfile->mem_ctx, keypath)) == NULL )
@@ -828,8 +858,8 @@ static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
return WERR_BADFILE;
/* lookup the values and subkeys */
-
- if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
+
+ if ( !(subkeys = TALLOC_ZERO_P( regfile->mem_ctx, REGSUBKEY_CTR )) )
return WERR_NOMEM;
if ( !(values = TALLOC_ZERO_P( subkeys, REGVAL_CTR )) )
@@ -839,7 +869,7 @@ static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
fetch_reg_values( &registry_key, values );
/* write out this key */
-
+
if ( !(key = regfio_write_key( regfile, keyname, values, subkeys, sec_desc, parent )) ) {
result = WERR_CAN_NOT_COMPLETE;
goto done;
@@ -850,7 +880,12 @@ static WERROR reg_write_tree( REGF_FILE *regfile, const char *keypath,
num_subkeys = regsubkey_ctr_numkeys( subkeys );
for ( i=0; i<num_subkeys; i++ ) {
subkeyname = regsubkey_ctr_specific_key( subkeys, i );
- pstr_sprintf( subkeypath, "%s\\%s", keypath, subkeyname );
+ subkeypath = talloc_asprintf(regfile->mem_ctx,
+ "%s\\%s", keypath, subkeyname);
+ if (!subkeypath) {
+ result = WERR_NOMEM;
+ goto done;
+ }
result = reg_write_tree( regfile, subkeypath, key, sec_desc );
if ( !W_ERROR_IS_OK(result) )
goto done;
@@ -915,26 +950,26 @@ static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
SEC_DESC *sd = NULL;
/* open the registry file....fail if the file already exists */
-
+
if ( !(regfile = regfio_open( fname, (O_RDWR|O_CREAT|O_EXCL), (S_IREAD|S_IWRITE) )) ) {
- DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
+ DEBUG(0,("backup_registry_key: failed to open \"%s\" (%s)\n",
fname, strerror(errno) ));
return ( ntstatus_to_werror(map_nt_error_from_unix( errno )) );
}
-
+
if ( !W_ERROR_IS_OK(result = make_default_reg_sd( regfile->mem_ctx, &sd )) ) {
regfio_close( regfile );
return result;
}
-
+
/* write the registry tree to the file */
-
+
result = reg_write_tree( regfile, krecord->name, NULL, sd );
-
+
/* cleanup */
-
+
regfio_close( regfile );
-
+
return result;
}
@@ -944,26 +979,29 @@ static WERROR backup_registry_key ( REGISTRY_KEY *krecord, const char *fname )
WERROR _winreg_SaveKey(pipes_struct *p, struct winreg_SaveKey *r)
{
struct registry_key *regkey = find_regkey_by_hnd( p, r->in.handle );
- pstring fname;
- int snum;
-
+ char *fname = NULL;
+ int snum = -1;
+
if ( !regkey )
- return WERR_BADFID;
+ return WERR_BADFID;
if ( !r->in.filename || !r->in.filename->name )
return WERR_INVALID_PARAM;
- pstrcpy( fname, r->in.filename->name );
+ fname = talloc_strdup(p->mem_ctx, r->in.filename->name);
+ if (!fname) {
+ return WERR_NOMEM;
+ }
DEBUG(8,("_winreg_SaveKey: verifying backup of key [%s] to \"%s\"\n",
regkey->key->name, fname));
-
- if ( (snum = validate_reg_filename( fname )) == -1 )
+
+ if ((snum = validate_reg_filename(p->mem_ctx, &fname)) == -1 )
return WERR_OBJECT_PATH_INVALID;
-
+
DEBUG(2,("_winreg_SaveKey: Saving [%s] to %s in share %s\n",
regkey->key->name, fname, lp_servicename(snum) ));
-
+
return backup_registry_key( regkey->key, fname );
}