summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-06-09 00:13:07 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:23:13 -0500
commit2e6deee0208aba89fb3ecc7ead62d867e4da20ea (patch)
treea04a2125eca2571cedbbfee9b2d608495d3b486c /source3/rpc_server
parentbde0642ab43b92b780bd60cc889116154110c878 (diff)
downloadsamba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.tar.gz
samba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.tar.bz2
samba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.zip
r23400: Fix lsa crash bug #4683. The "names" enum struct
in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_lsa_nt.c35
1 files changed, 10 insertions, 25 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index bde1ef81da..f9b86d0c67 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -380,12 +380,10 @@ static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l,
static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
DOM_R_REF *ref,
- LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = names;
r_l->mapped_count = mapped_count;
}
@@ -395,12 +393,10 @@ static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
DOM_R_REF *ref,
- LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = names;
r_l->mapped_count = mapped_count;
}
@@ -414,11 +410,7 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
- LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM);
-
- if (!oldnames) {
- return NT_STATUS_NO_MEMORY;
- }
+ LSA_TRANS_NAME_ENUM *oldnames = &r_l->names;
oldnames->num_entries = names->num_entries;
oldnames->ptr_trans_names = names->ptr_trans_names;
@@ -442,7 +434,6 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = oldnames;
r_l->mapped_count = mapped_count;
return NT_STATUS_OK;
}
@@ -810,13 +801,12 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
int num_sids, /* input */
const DOM_SID2 *sid, /* input */
DOM_R_REF **pp_ref, /* output */
- LSA_TRANS_NAME_ENUM2 **pp_names, /* output */
+ LSA_TRANS_NAME_ENUM2 *names, /* input/output */
uint32 *pp_mapped_count)
{
NTSTATUS status;
int i;
const DOM_SID **sids = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
DOM_R_REF *ref = NULL;
uint32 mapped_count = 0;
struct lsa_dom_info *dom_infos = NULL;
@@ -824,17 +814,16 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
*pp_mapped_count = 0;
*pp_ref = NULL;
- *pp_names = NULL;
+ ZERO_STRUCTP(names);
if (num_sids == 0) {
return NT_STATUS_OK;
}
- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (sids == NULL || names == NULL || ref == NULL) {
+ if (sids == NULL || ref == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -907,7 +896,6 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
*pp_mapped_count = mapped_count;
*pp_ref = ref;
- *pp_names = names;
return status;
}
@@ -924,7 +912,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p,
int num_sids = q_u->sids.num_entries;
uint32 mapped_count = 0;
DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
+ LSA_TRANS_NAME_ENUM2 names;
NTSTATUS status;
if ((q_u->level < 1) || (q_u->level > 6)) {
@@ -956,7 +944,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p,
/* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
- status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count);
+ status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -975,7 +963,6 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
int num_sids = q_u->sids.num_entries;
uint32 mapped_count = 0;
DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
if ((q_u->level < 1) || (q_u->level > 6)) {
return NT_STATUS_INVALID_PARAMETER;
@@ -1001,10 +988,10 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
num_sids,
q_u->sids.sid,
&ref,
- &names,
+ &r_u->names,
&mapped_count);
- init_reply_lookup_sids2(r_u, ref, names, mapped_count);
+ init_reply_lookup_sids2(r_u, ref, mapped_count);
return r_u->status;
}
@@ -1022,7 +1009,6 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
{
uint32 mapped_count = 0;
DOM_R_REF *ref;
- LSA_TRANS_NAME_ENUM2 *names;
if ((q_u->level < 1) || (q_u->level > 6)) {
return NT_STATUS_INVALID_PARAMETER;
@@ -1031,15 +1017,14 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
r_u->status = NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED;
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
- if ((ref == NULL) || (names == NULL)) {
+ if (ref == NULL) {
/* We would segfault later on in lsa_io_r_lookup_sids3 anyway,
* so do a planned exit here. We NEEEED pidl! */
smb_panic("talloc failed");
}
- init_reply_lookup_sids3(r_u, ref, names, mapped_count);
+ init_reply_lookup_sids3(r_u, ref, mapped_count);
return r_u->status;
}