summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-06-09 00:13:07 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:23:13 -0500
commit2e6deee0208aba89fb3ecc7ead62d867e4da20ea (patch)
treea04a2125eca2571cedbbfee9b2d608495d3b486c /source3
parentbde0642ab43b92b780bd60cc889116154110c878 (diff)
downloadsamba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.tar.gz
samba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.tar.bz2
samba-2e6deee0208aba89fb3ecc7ead62d867e4da20ea.zip
r23400: Fix lsa crash bug #4683. The "names" enum struct
in a lookup_sidX reply isn't optional - like the lookup_sidX query it needs to be defined in the struct. All this will go away with PIDL (thank goodness....). Jerry - I think this is a showstopper to be merged for 3.0.25b. I'll be watching the build farm to see if anything broke. Jeremy. (This used to be commit 9300b92f7a51eb80fdc039d8dad23ea9ce82aa8f)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/rpc_lsa.h6
-rw-r--r--source3/rpc_client/cli_lsarpc.c20
-rw-r--r--source3/rpc_parse/parse_lsa.c6
-rw-r--r--source3/rpc_server/srv_lsa_nt.c35
4 files changed, 23 insertions, 44 deletions
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 28dea21977..1d575c8955 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -515,7 +515,7 @@ typedef struct lsa_r_lookup_sids
uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */
- LSA_TRANS_NAME_ENUM *names;
+ LSA_TRANS_NAME_ENUM names;
uint32 mapped_count;
NTSTATUS status; /* return code */
@@ -541,7 +541,7 @@ typedef struct lsa_r_lookup_sids2
uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */
- LSA_TRANS_NAME_ENUM2 *names;
+ LSA_TRANS_NAME_ENUM2 names;
uint32 mapped_count;
NTSTATUS status; /* return code */
@@ -566,7 +566,7 @@ typedef struct lsa_r_lookup_sids3
uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */
- LSA_TRANS_NAME_ENUM2 *names;
+ LSA_TRANS_NAME_ENUM2 names;
uint32 mapped_count;
NTSTATUS status; /* return code */
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index a6410b4954..ed70bc1752 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -145,7 +145,6 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
LSA_Q_LOOKUP_SIDS q;
LSA_R_LOOKUP_SIDS r;
DOM_R_REF ref;
- LSA_TRANS_NAME_ENUM t_names;
NTSTATUS result = NT_STATUS_OK;
TALLOC_CTX *tmp_ctx = NULL;
int i;
@@ -163,10 +162,8 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
init_q_lookup_sids(tmp_ctx, &q, pol, num_sids, sids, 1);
ZERO_STRUCT(ref);
- ZERO_STRUCT(t_names);
r.dom_ref = &ref;
- r.names = &t_names;
CLI_DO_RPC( cli, tmp_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
q, r,
@@ -192,7 +189,7 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
for (i = 0; i < num_sids; i++) {
fstring name, dom_name;
- uint32 dom_idx = t_names.name[i].domain_idx;
+ uint32 dom_idx = r.names.name[i].domain_idx;
/* Translate optimised name through domain index array */
@@ -201,14 +198,14 @@ static NTSTATUS rpccli_lsa_lookup_sids_noalloc(struct rpc_pipe_client *cli,
rpcstr_pull_unistr2_fstring(
dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
rpcstr_pull_unistr2_fstring(
- name, &t_names.uni_name[i]);
+ name, &r.names.uni_name[i]);
(names)[i] = talloc_strdup(mem_ctx, name);
(domains)[i] = talloc_strdup(mem_ctx, dom_name);
- (types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use;
+ (types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use;
if (((names)[i] == NULL) || ((domains)[i] == NULL)) {
- DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
+ DEBUG(0, ("cli_lsa_lookup_sids_noalloc(): out of memory\n"));
result = NT_STATUS_UNSUCCESSFUL;
goto done;
}
@@ -350,7 +347,6 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
LSA_Q_LOOKUP_SIDS q;
LSA_R_LOOKUP_SIDS r;
DOM_R_REF ref;
- LSA_TRANS_NAME_ENUM t_names;
NTSTATUS result = NT_STATUS_OK;
int i;
@@ -360,10 +356,8 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
init_q_lookup_sids(mem_ctx, &q, pol, num_sids, sids, 1);
ZERO_STRUCT(ref);
- ZERO_STRUCT(t_names);
r.dom_ref = &ref;
- r.names = &t_names;
CLI_DO_RPC( cli, mem_ctx, PI_LSARPC, LSA_LOOKUPSIDS,
q, r,
@@ -414,7 +408,7 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
for (i = 0; i < num_sids; i++) {
fstring name, dom_name;
- uint32 dom_idx = t_names.name[i].domain_idx;
+ uint32 dom_idx = r.names.name[i].domain_idx;
/* Translate optimised name through domain index array */
@@ -423,11 +417,11 @@ NTSTATUS rpccli_lsa_lookup_sids(struct rpc_pipe_client *cli,
rpcstr_pull_unistr2_fstring(
dom_name, &ref.ref_dom[dom_idx].uni_dom_name);
rpcstr_pull_unistr2_fstring(
- name, &t_names.uni_name[i]);
+ name, &r.names.uni_name[i]);
(*names)[i] = talloc_strdup(mem_ctx, name);
(*domains)[i] = talloc_strdup(mem_ctx, dom_name);
- (*types)[i] = (enum lsa_SidType)t_names.name[i].sid_name_use;
+ (*types)[i] = (enum lsa_SidType)r.names.name[i].sid_name_use;
if (((*names)[i] == NULL) || ((*domains)[i] == NULL)) {
DEBUG(0, ("cli_lsa_lookup_sids(): out of memory\n"));
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index 0add8b2bb0..0c07e7fe22 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -1476,7 +1476,7 @@ BOOL lsa_io_r_lookup_sids(const char *desc, LSA_R_LOOKUP_SIDS *r_s,
if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
return False;
- if(!lsa_io_trans_names("names ", r_s->names, ps, depth)) /* translated names */
+ if(!lsa_io_trans_names("names ", &r_s->names, ps, depth)) /* translated names */
return False;
if(!prs_align(ps))
@@ -1511,7 +1511,7 @@ BOOL lsa_io_r_lookup_sids2(const char *desc, LSA_R_LOOKUP_SIDS2 *r_s,
if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
return False;
- if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */
+ if(!lsa_io_trans_names2("names ", &r_s->names, ps, depth)) /* translated names */
return False;
if(!prs_align(ps))
@@ -1547,7 +1547,7 @@ BOOL lsa_io_r_lookup_sids3(const char *desc, LSA_R_LOOKUP_SIDS3 *r_s,
if(!lsa_io_dom_r_ref ("dom_ref", r_s->dom_ref, ps, depth)) /* domain reference info */
return False;
- if(!lsa_io_trans_names2("names ", r_s->names, ps, depth)) /* translated names */
+ if(!lsa_io_trans_names2("names ", &r_s->names, ps, depth)) /* translated names */
return False;
if(!prs_align(ps))
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index bde1ef81da..f9b86d0c67 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -380,12 +380,10 @@ static void init_reply_lookup_names4(LSA_R_LOOKUP_NAMES4 *r_l,
static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
DOM_R_REF *ref,
- LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = names;
r_l->mapped_count = mapped_count;
}
@@ -395,12 +393,10 @@ static void init_reply_lookup_sids2(LSA_R_LOOKUP_SIDS2 *r_l,
static void init_reply_lookup_sids3(LSA_R_LOOKUP_SIDS3 *r_l,
DOM_R_REF *ref,
- LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = names;
r_l->mapped_count = mapped_count;
}
@@ -414,11 +410,7 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
LSA_TRANS_NAME_ENUM2 *names,
uint32 mapped_count)
{
- LSA_TRANS_NAME_ENUM *oldnames = TALLOC_ZERO_P(mem_ctx, LSA_TRANS_NAME_ENUM);
-
- if (!oldnames) {
- return NT_STATUS_NO_MEMORY;
- }
+ LSA_TRANS_NAME_ENUM *oldnames = &r_l->names;
oldnames->num_entries = names->num_entries;
oldnames->ptr_trans_names = names->ptr_trans_names;
@@ -442,7 +434,6 @@ static NTSTATUS init_reply_lookup_sids(TALLOC_CTX *mem_ctx,
r_l->ptr_dom_ref = ref ? 1 : 0;
r_l->dom_ref = ref;
- r_l->names = oldnames;
r_l->mapped_count = mapped_count;
return NT_STATUS_OK;
}
@@ -810,13 +801,12 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
int num_sids, /* input */
const DOM_SID2 *sid, /* input */
DOM_R_REF **pp_ref, /* output */
- LSA_TRANS_NAME_ENUM2 **pp_names, /* output */
+ LSA_TRANS_NAME_ENUM2 *names, /* input/output */
uint32 *pp_mapped_count)
{
NTSTATUS status;
int i;
const DOM_SID **sids = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
DOM_R_REF *ref = NULL;
uint32 mapped_count = 0;
struct lsa_dom_info *dom_infos = NULL;
@@ -824,17 +814,16 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
*pp_mapped_count = 0;
*pp_ref = NULL;
- *pp_names = NULL;
+ ZERO_STRUCTP(names);
if (num_sids == 0) {
return NT_STATUS_OK;
}
- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
sids = TALLOC_ARRAY(p->mem_ctx, const DOM_SID *, num_sids);
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- if (sids == NULL || names == NULL || ref == NULL) {
+ if (sids == NULL || ref == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -907,7 +896,6 @@ static NTSTATUS _lsa_lookup_sids_internal(pipes_struct *p,
*pp_mapped_count = mapped_count;
*pp_ref = ref;
- *pp_names = names;
return status;
}
@@ -924,7 +912,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p,
int num_sids = q_u->sids.num_entries;
uint32 mapped_count = 0;
DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
+ LSA_TRANS_NAME_ENUM2 names;
NTSTATUS status;
if ((q_u->level < 1) || (q_u->level > 6)) {
@@ -956,7 +944,7 @@ NTSTATUS _lsa_lookup_sids(pipes_struct *p,
/* Convert from LSA_TRANS_NAME_ENUM2 to LSA_TRANS_NAME_ENUM */
- status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, names, mapped_count);
+ status = init_reply_lookup_sids(p->mem_ctx, r_u, ref, &names, mapped_count);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -975,7 +963,6 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
int num_sids = q_u->sids.num_entries;
uint32 mapped_count = 0;
DOM_R_REF *ref = NULL;
- LSA_TRANS_NAME_ENUM2 *names = NULL;
if ((q_u->level < 1) || (q_u->level > 6)) {
return NT_STATUS_INVALID_PARAMETER;
@@ -1001,10 +988,10 @@ NTSTATUS _lsa_lookup_sids2(pipes_struct *p,
num_sids,
q_u->sids.sid,
&ref,
- &names,
+ &r_u->names,
&mapped_count);
- init_reply_lookup_sids2(r_u, ref, names, mapped_count);
+ init_reply_lookup_sids2(r_u, ref, mapped_count);
return r_u->status;
}
@@ -1022,7 +1009,6 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
{
uint32 mapped_count = 0;
DOM_R_REF *ref;
- LSA_TRANS_NAME_ENUM2 *names;
if ((q_u->level < 1) || (q_u->level > 6)) {
return NT_STATUS_INVALID_PARAMETER;
@@ -1031,15 +1017,14 @@ NTSTATUS _lsa_lookup_sids3(pipes_struct *p,
r_u->status = NT_STATUS_RPC_PROTSEQ_NOT_SUPPORTED;
ref = TALLOC_ZERO_P(p->mem_ctx, DOM_R_REF);
- names = TALLOC_ZERO_P(p->mem_ctx, LSA_TRANS_NAME_ENUM2);
- if ((ref == NULL) || (names == NULL)) {
+ if (ref == NULL) {
/* We would segfault later on in lsa_io_r_lookup_sids3 anyway,
* so do a planned exit here. We NEEEED pidl! */
smb_panic("talloc failed");
}
- init_reply_lookup_sids3(r_u, ref, names, mapped_count);
+ init_reply_lookup_sids3(r_u, ref, mapped_count);
return r_u->status;
}