summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h29
-rw-r--r--source3/include/rpc_client_proto.h13
-rw-r--r--source3/include/rpc_lsa.h10
-rw-r--r--source3/rpc_client/cli_lsarpc.c526
-rw-r--r--source3/rpc_parse/parse_lsa.c142
-rw-r--r--source3/rpc_server/srv_lsa.c42
6 files changed, 276 insertions, 486 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 8765c02771..1622d336e0 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1924,18 +1924,17 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
BOOL do_lsa_open_policy(struct cli_state *cli,
char *system_name, POLICY_HND *hnd,
BOOL sec_qos);
+BOOL do_lsa_lookup_sids(struct cli_state *cli,
+ POLICY_HND *hnd,
+ int num_sids,
+ DOM_SID **sids,
+ char ***names,
+ int *num_names);
BOOL do_lsa_query_info_pol(struct cli_state *cli,
POLICY_HND *hnd, uint16 info_class,
fstring domain_name, DOM_SID *domain_sid);
BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_close(POLICY_HND *hnd);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
/*The following definitions come from rpc_client/cli_netlogon.c */
@@ -2268,8 +2267,7 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
uint32 attributes,
uint32 desired_access,
LSA_SEC_QOS *qos);
-BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps,
- int depth);
+BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth);
BOOL lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, int depth);
void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
uint32 attributes,
@@ -2288,14 +2286,15 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e,
uint32 status);
BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth);
BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth);
-void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids);
-void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
- int num_sids, DOM_SID *sids, uint16 level);
-BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s,
- prs_struct *ps, int depth);
+void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen,
+ int num_entries, DOM_SID **sids);
+void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l,
+ POLICY_HND *hnd, int num_sids, DOM_SID **sids,
+ uint16 level);
+BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth);
BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth);
void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
- int num_names, char **names);
+ int num_names, char **names);
BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth);
BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth);
void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd);
diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h
index 3b94c37d59..6a66c9d417 100644
--- a/source3/include/rpc_client_proto.h
+++ b/source3/include/rpc_client_proto.h
@@ -50,18 +50,17 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr);
BOOL do_lsa_open_policy(struct cli_state *cli,
char *system_name, POLICY_HND *hnd,
BOOL sec_qos);
+BOOL do_lsa_lookup_sids(struct cli_state *cli,
+ POLICY_HND *hnd,
+ int num_sids,
+ DOM_SID **sids,
+ char ***names,
+ int *num_names);
BOOL do_lsa_query_info_pol(struct cli_state *cli,
POLICY_HND *hnd, uint16 info_class,
fstring domain_name, DOM_SID *domain_sid);
BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd);
BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server);
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access);
-uint32 lsa_close(POLICY_HND *hnd);
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names);
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids);
/*The following definitions come from rpc_client/cli_netlogon.c */
diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h
index 0ef54587dc..adeb6d5ad4 100644
--- a/source3/include/rpc_lsa.h
+++ b/source3/include/rpc_lsa.h
@@ -96,7 +96,7 @@ typedef struct obj_attr_info
typedef struct lsa_q_open_pol_info
{
uint32 ptr; /* undocumented buffer pointer */
- uint16 system_name; /* system name BUG!!! (should be \\server!) */
+ uint16 system_name; /* 0x5c - system name */
LSA_OBJ_ATTR attr ; /* object attributes */
uint32 des_access; /* desired access attributes */
@@ -267,8 +267,8 @@ typedef struct lsa_trans_name_enum_info
uint32 ptr_trans_names;
uint32 num_entries2;
- LSA_TRANS_NAME name [MAX_LOOKUP_SIDS]; /* translated names */
- UNISTR2 uni_name[MAX_LOOKUP_SIDS];
+ LSA_TRANS_NAME *name; /* translated names */
+ UNISTR2 *uni_name;
} LSA_TRANS_NAME_ENUM;
@@ -279,8 +279,8 @@ typedef struct lsa_sid_enum_info
uint32 ptr_sid_enum;
uint32 num_entries2;
- uint32 ptr_sid[MAX_LOOKUP_SIDS]; /* domain SID pointers to be looked up. */
- DOM_SID2 sid [MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */
+ uint32 *ptr_sid; /* domain SID pointers to be looked up. */
+ DOM_SID2 *sid; /* domain SIDs to be looked up. */
} LSA_SID_ENUM;
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index df78a218b1..5fecdff264 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -1,3 +1,4 @@
+
/*
* Unix SMB/Netbios implementation.
* Version 1.9.
@@ -22,10 +23,16 @@
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
+
+#ifdef SYSLOG
+#undef SYSLOG
+#endif
+
#include "includes.h"
extern int DEBUGLEVEL;
+
/****************************************************************************
do a LSA Open Policy
****************************************************************************/
@@ -96,6 +103,114 @@ BOOL do_lsa_open_policy(struct cli_state *cli,
}
/****************************************************************************
+do a LSA Lookup SIDs
+****************************************************************************/
+
+BOOL do_lsa_lookup_sids(struct cli_state *cli,
+ POLICY_HND *hnd,
+ int num_sids,
+ DOM_SID **sids,
+ char ***names,
+ int *num_names)
+{
+ prs_struct rbuf;
+ prs_struct buf;
+ LSA_Q_LOOKUP_SIDS q_l;
+ LSA_R_LOOKUP_SIDS r_l;
+ DOM_R_REF ref;
+ LSA_TRANS_NAME_ENUM t_names;
+ int i;
+ BOOL valid_response = False;
+
+ if (hnd == NULL || num_sids == 0 || sids == NULL)
+ return False;
+
+ prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL);
+ prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL );
+
+ /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */
+
+ DEBUG(4,("LSA Lookup SIDs\n"));
+
+ /* store the parameters */
+ init_q_lookup_sids(cli->mem_ctx, &q_l, hnd, num_sids, sids, 1);
+
+ /* turn parameters into data stream */
+ if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) {
+ prs_mem_free(&buf);
+ prs_mem_free(&rbuf);
+ return False;
+ }
+
+ /* send the data on \PIPE\ */
+ if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) {
+ prs_mem_free(&buf);
+ prs_mem_free(&rbuf);
+ return False;
+ }
+
+ prs_mem_free(&buf);
+
+ r_l.dom_ref = &ref;
+ r_l.names = &t_names;
+
+ if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) {
+ DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n"));
+ prs_mem_free(&rbuf);
+ return False;
+ }
+
+
+ if (r_l.status != 0) {
+ /* report error code */
+ DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status)));
+ } else {
+ if (t_names.ptr_trans_names != 0)
+ valid_response = True;
+ }
+
+ if(!valid_response) {
+ prs_mem_free(&rbuf);
+ return False;
+ }
+
+ if (num_names != NULL)
+ (*num_names) = t_names.num_entries;
+
+ for (i = 0; i < t_names.num_entries; i++) {
+ if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) {
+ DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
+ prs_mem_free(&rbuf);
+ return False;
+ }
+ }
+
+ if (names != NULL && t_names.num_entries != 0)
+ (*names) = (char**)malloc((*num_names) * sizeof(char*));
+
+ if (names != NULL && (*names) != NULL) {
+ /* take each name, construct a \DOMAIN\name string */
+ for (i = 0; i < (*num_names); i++) {
+ fstring name;
+ fstring dom_name;
+ fstring full_name;
+ uint32 dom_idx = t_names.name[i].domain_idx;
+ fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer));
+ fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer));
+
+ slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s",
+ dom_name, name);
+
+ (*names)[i] = strdup(full_name);
+ }
+ }
+
+ prs_mem_free(&rbuf);
+
+ return valid_response;
+}
+
+/****************************************************************************
do a LSA Query Info Policy
****************************************************************************/
BOOL do_lsa_query_info_pol(struct cli_state *cli,
@@ -287,414 +402,3 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server)
return res3;
}
-
-/****************************************************************************
-do a LSA Open Policy
-****************************************************************************/
-uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd,
- BOOL sec_qos, uint32 des_access)
-{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_OPEN_POL q_o;
- LSA_SEC_QOS qos;
- struct cli_connection *con = NULL;
- uint32 result;
-
- if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) {
- return NT_STATUS_UNSUCCESSFUL;
- }
-
- if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL;
-
- prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False);
- prs_init(&rbuf, 0, 4, NULL, True);
-
- /* create and send a MSRPC command with api LSA_OPENPOLICY */
-
- DEBUG(4, ("LSA Open Policy\n"));
-
- /* store the parameters */
- if (sec_qos) {
- init_lsa_sec_qos(&qos, 2, 1, 0, des_access);
- init_q_open_pol(&q_o, '\\', 0, des_access, &qos);
- } else {
- init_q_open_pol(&q_o, '\\', 0, des_access, NULL);
- }
-
- /* turn parameters into data stream */
- if (lsa_io_q_open_pol("", &q_o, &buf, 0) &&
- rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) {
- LSA_R_OPEN_POL r_o;
- BOOL p;
-
- lsa_io_r_open_pol("", &r_o, &rbuf, 0);
- p = rbuf.data_offset != 0;
-
- result = r_o.status;
-
- if (p && r_o.status != 0) {
- /* report error code */
- DEBUG(0,
- ("LSA_OPENPOLICY: %s\n",
- get_nt_error_msg(r_o.status)));
- p = False;
- }
-
- if (p) {
-
- /* Return the policy handle */
-
- *hnd = r_o.pol;
-
- if (!RpcHndList_set_connection(hnd, con)) {
- result = NT_STATUS_NO_MEMORY;
- }
- }
- }
-
- prs_mem_free(&rbuf);
- prs_mem_free(&buf);
-
- return result;
-}
-
-/****************************************************************************
-do a LSA Close
-****************************************************************************/
-uint32 lsa_close(POLICY_HND *hnd)
-{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_CLOSE q_c;
- uint32 result;
-
- if (hnd == NULL) return False;
-
- /* Create and send a MSRPC command with api LSA_OPENPOLICY */
-
- prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False);
- prs_init(&rbuf, 0, 4, NULL, True);
-
- DEBUG(4, ("LSA Close\n"));
-
- /* Store the parameters */
-
- init_lsa_q_close(&q_c, hnd);
-
- /* Turn parameters into data stream */
-
- if (lsa_io_q_close("", &q_c, &buf, 0) &&
- rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) {
- LSA_R_CLOSE r_c;
- BOOL p;
-
- lsa_io_r_close("", &r_c, &rbuf, 0);
- p = rbuf.data_offset != 0;
- result = r_c.status;
-
- if (p && r_c.status != 0) {
-
- /* Report error code */
-
- DEBUG(0, ("LSA_CLOSE: %s\n",
- get_nt_error_msg(r_c.status)));
-
- p = False;
- }
-
- }
-
- prs_mem_free(&rbuf);
- prs_mem_free(&buf);
-
- return result;
-}
-
-/****************************************************************************
-do a LSA Lookup SIDs
-****************************************************************************/
-uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids,
- char ***names, uint32 **types, int *num_names)
-{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_LOOKUP_SIDS q_l;
- TALLOC_CTX *ctx = talloc_init();
- uint32 result;
-
- ZERO_STRUCT(q_l);
-
- if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
-
- if (num_names != NULL) {
- *num_names = 0;
- }
-
- if (types != NULL) {
- *types = NULL;
- }
-
- if (names != NULL) {
- *names = NULL;
- }
-
- prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False);
- prs_init(&rbuf, 0, 4, ctx, True);
-
- /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */
-
- DEBUG(4, ("LSA Lookup SIDs\n"));
-
- /* Store the parameters */
-
- init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1);
-
- /* turn parameters into data stream */
- if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) &&
- rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) {
- LSA_R_LOOKUP_SIDS r_l;
- DOM_R_REF ref;
- LSA_TRANS_NAME_ENUM t_names;
- BOOL p, valid_response;
-
- r_l.dom_ref = &ref;
- r_l.names = &t_names;
-
- lsa_io_r_lookup_sids("", &r_l, &rbuf, 0);
- p = rbuf.data_offset != 0;
- result = r_l.status;
-
- if (p && r_l.status != 0 &&
- r_l.status != 0x107 &&
- r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) {
-
- /* Report error code */
-
- DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n",
- get_nt_error_msg(r_l.status)));
-
- return r_l.status;
- }
-
- result = NT_STATUS_NOPROBLEMO;
-
- if (p) {
- if (t_names.ptr_trans_names != 0
- && r_l.ptr_dom_ref != 0) {
- valid_response = True;
- }
- }
-
- if (num_names != NULL && valid_response) {
- (*num_names) = t_names.num_entries;
- }
-
- if (valid_response) {
- uint32 i;
-
- for (i = 0; i < t_names.num_entries; i++) {
- if ((t_names.name[i].domain_idx >=
- ref.num_ref_doms_1)
- && (t_names.name[i].domain_idx !=
- 0xffffffff)) {
- DEBUG(0,
- ("LSA_LOOKUP_SIDS: domain index out of bounds\n"));
- valid_response = False;
- break;
- }
- }
- }
-
- if (types != NULL && valid_response && (*num_names) != 0) {
- (*types) = (uint32 *) malloc((*num_names) *
- sizeof(uint32));
- }
-
- if (names != NULL && valid_response && (*num_names) != 0) {
- (*names) = (char **)malloc((*num_names) *
- sizeof(char *));
- }
-
- if (names != NULL && (*names) != NULL) {
- int i;
-
- /* Take each name, construct a \DOMAIN\name string */
-
- for (i = 0; i < (*num_names); i++) {
- fstring name;
- fstring dom_name;
- fstring full_name;
- uint32 dom_idx = t_names.name[i].domain_idx;
-
- if (dom_idx != 0xffffffff) {
- unistr2_to_ascii(dom_name,
- &ref.
- ref_dom[dom_idx].
- uni_dom_name,
- sizeof(dom_name) -
- 1);
- unistr2_to_ascii(name,
- &t_names.uni_name[i],
- sizeof(name) - 1);
-
- memset(full_name, 0,
- sizeof(full_name));
-
- slprintf(full_name,
- sizeof(full_name) - 1,
- "%s\\%s", dom_name, name);
-
- (*names)[i] = strdup(full_name);
- if (types != NULL &&
- (*types) != NULL) {
- (*types)[i] = t_names.name[i].sid_name_use;
- }
- } else {
- (*names)[i] = NULL;
- if (types != NULL &&
- (*types) != NULL) {
- (*types)[i] = SID_NAME_UNKNOWN;
- }
- }
- }
- }
- }
-
- prs_mem_free(&rbuf);
- prs_mem_free(&buf);
-
- return result;
-}
-
-/****************************************************************************
-do a LSA Lookup Names
-****************************************************************************/
-uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names,
- DOM_SID **sids, uint32 **types, int *num_sids)
-{
- prs_struct rbuf;
- prs_struct buf;
- LSA_Q_LOOKUP_NAMES q_l;
- BOOL valid_response = False;
- TALLOC_CTX *ctx = talloc_init();
- uint32 result;
-
- if (hnd == NULL || num_sids == 0 || sids == NULL) return False;
-
- prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False);
- prs_init(&rbuf, 0, 4, ctx, True);
-
- /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */
-
- DEBUG(4, ("LSA Lookup NAMEs\n"));
-
- /* store the parameters */
- init_q_lookup_names(&q_l, hnd, num_names, names);
-
- /* turn parameters into data stream */
- if (lsa_io_q_lookup_names("", &q_l, &buf, 0) &&
- rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) {
- LSA_R_LOOKUP_NAMES r_l;
- DOM_R_REF ref;
- DOM_RID2 t_rids[MAX_LOOKUP_SIDS];
- BOOL p;
-
- ZERO_STRUCT(ref);
- ZERO_STRUCT(t_rids);
-
- r_l.dom_ref = &ref;
- r_l.dom_rid = t_rids;
-
- lsa_io_r_lookup_names("", &r_l, &rbuf, 0);
- p = rbuf.data_offset != 0;
-
- if (p && r_l.status != 0) {
- /* report error code */
- DEBUG(1,
- ("LSA_LOOKUP_NAMES: %s\n",
- get_nt_error_msg(r_l.status)));
- p = False;
-
- return r_l.status;
- }
-
- result = r_l.status;
-
- if (p) {
- if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) {
- valid_response = True;
- }
- }
-
- if (num_sids != NULL && valid_response) {
- (*num_sids) = r_l.num_entries;
- }
-
- if (valid_response) {
- uint32 i;
-
- for (i = 0; i < r_l.num_entries; i++) {
- if (t_rids[i].rid_idx >= ref.num_ref_doms_1 &&
- t_rids[i].rid_idx != 0xffffffff) {
- DEBUG(0,
- ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n",
- t_rids[i].rid_idx));
- valid_response = False;
- break;
- }
- }
- }
-
- if (types != NULL && valid_response && r_l.num_entries != 0) {
- (*types) = (uint32 *) malloc((*num_sids) *
- sizeof(uint32));
- }
-
- if (sids != NULL && valid_response && r_l.num_entries != 0) {
- (*sids) = (DOM_SID *) malloc((*num_sids) *
- sizeof(DOM_SID));
- }
-
- if (sids != NULL && (*sids) != NULL) {
- int i;
-
- /* Take each name, construct a SID */
-
- for (i = 0; i < (*num_sids); i++) {
- uint32 dom_idx = t_rids[i].rid_idx;
- uint32 dom_rid = t_rids[i].rid;
- DOM_SID *sid = &(*sids)[i];
-
- if (dom_idx != 0xffffffff) {
-
- sid_copy(sid,
- &ref.ref_dom[dom_idx].
- ref_dom.sid);
-
- if (dom_rid != 0xffffffff) {
- sid_append_rid(sid, dom_rid);
- }
-
- if (types != NULL &&
- (*types) != NULL) {
- (*types)[i] = t_rids[i].type;
- }
-
- } else {
- ZERO_STRUCTP(sid);
-
- if (types != NULL &&
- (*types) != NULL) {
- (*types)[i] = SID_NAME_UNKNOWN;
- }
- }
- }
- }
- }
-
- prs_mem_free(&rbuf);
- prs_mem_free(&buf);
-
- return result;
-}
diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c
index a53c07366e..6a2e504f79 100644
--- a/source3/rpc_parse/parse_lsa.c
+++ b/source3/rpc_parse/parse_lsa.c
@@ -297,10 +297,10 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name,
Reads or writes an LSA_Q_OPEN_POL structure.
********************************************************************/
-BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps,
- int depth)
+BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth)
{
- if (r_q == NULL) return False;
+ if (r_q == NULL)
+ return False;
prs_debug(ps, depth, desc, "lsa_io_q_open_pol");
depth++;
@@ -309,7 +309,7 @@ BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps,
return False;
if(!prs_uint16("system_name", ps, depth, &r_q->system_name))
return False;
- if(!prs_align(ps))
+ if(!prs_align( ps ))
return False;
if(!lsa_io_obj_attr("", &r_q->attr, ps, depth))
@@ -353,7 +353,7 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name,
uint32 desired_access,
LSA_SEC_QOS *qos)
{
- DEBUG(5, ("init_open_pol2: attr:%d da:%d\n", attributes,
+ DEBUG(5, ("init_q_open_pol2: attr:%d da:%d\n", attributes,
desired_access));
r_q->ptr = 1; /* undocumented pointer */
@@ -648,21 +648,43 @@ BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth
Inits a LSA_SID_ENUM structure.
********************************************************************/
-void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids)
+void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen,
+ int num_entries, DOM_SID **sids)
{
- int i;
+ int i, i2;
DEBUG(5, ("init_lsa_sid_enum\n"));
sen->num_entries = num_entries;
- sen->ptr_sid_enum = num_entries != 0;
+ sen->ptr_sid_enum = (num_entries != 0);
sen->num_entries2 = num_entries;
- SMB_ASSERT_ARRAY(sen->sid, sen->num_entries);
+ /* Allocate memory for sids and sid pointers */
+
+ if (num_entries == 0) return;
+
+ if ((sen->ptr_sid = (uint32 *)talloc(mem_ctx, num_entries *
+ sizeof(uint32))) == NULL) {
+ DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n"));
+ return;
+ }
+
+ if ((sen->sid = (DOM_SID2 *)talloc(mem_ctx, num_entries *
+ sizeof(DOM_SID2))) == NULL) {
+ DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n"));
+ return;
+ }
+
+ /* Copy across SIDs and SID pointers */
- for (i = 0; i < num_entries; i++) {
- sen->ptr_sid[i] = 1;
- init_dom_sid2(&sen->sid[i], &sids[i]);
+ for (i = 0, i2 = 0; i < num_entries; i++) {
+ if (sids[i] != NULL) {
+ sen->ptr_sid[i] = 1;
+ init_dom_sid2(&sen->sid[i2], sids[i]);
+ i2++;
+ } else {
+ sen->ptr_sid[i] = 0;
+ }
}
}
@@ -670,13 +692,12 @@ void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids)
Reads or writes a LSA_SID_ENUM structure.
********************************************************************/
-static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
- prs_struct *ps, int depth)
+static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
+ prs_struct *ps, int depth)
{
int i;
- if (sen == NULL)
- return False;
+ if (sen == NULL) return False;
prs_debug(ps, depth, desc, "lsa_io_sid_enum");
depth++;
@@ -691,22 +712,40 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
if(!prs_uint32("num_entries2", ps, depth, &sen->num_entries2))
return False;
- SMB_ASSERT_ARRAY(sen->ptr_sid, sen->num_entries);
+ /* Mallocate memory if we're unpacking from the wire */
+
+ if (UNMARSHALLING(ps)) {
+ if ((sen->ptr_sid = (uint32 *)malloc(
+ sen->num_entries * sizeof(uint32))) == NULL) {
+ DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
+ "ptr_sid\n"));
+ return False;
+ }
+
+ if ((sen->sid = (DOM_SID2 *)malloc(
+ sen->num_entries * sizeof(DOM_SID2))) == NULL) {
+ DEBUG(3, ("init_lsa_sid_enum(): out of memory for "
+ "sids\n"));
+ return False;
+ }
+ }
for (i = 0; i < sen->num_entries; i++) {
fstring temp;
+
slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i);
- if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) /* domain SID pointers to be looked up. */
+ if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) {
return False;
+ }
}
- SMB_ASSERT_ARRAY(sen->sid, sen->num_entries);
-
for (i = 0; i < sen->num_entries; i++) {
fstring temp;
+
slprintf(temp, sizeof(temp) - 1, "sid[%d]", i);
- if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) /* domain SIDs to be looked up. */
+ if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) {
return False;
+ }
}
return True;
@@ -716,19 +755,17 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen,
Inits an LSA_R_ENUM_TRUST_DOM structure.
********************************************************************/
-void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
- int num_sids, DOM_SID *sids, uint16 level)
+void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l,
+ POLICY_HND *hnd, int num_sids, DOM_SID **sids,
+ uint16 level)
{
- DEBUG(5, ("init_q_lookup_sids\n"));
-
- q_l->pol = *hnd;
-
- init_lsa_sid_enum(&q_l->sids, num_sids, sids);
+ DEBUG(5, ("init_r_enum_trust_dom\n"));
- q_l->names.num_entries = 0;
- q_l->names.ptr_trans_names = 0;
- q_l->names.num_entries2 = 0;
+ ZERO_STRUCTP(q_l);
+ memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
+ init_lsa_sid_enum(mem_ctx, &q_l->sids, num_sids, sids);
+
q_l->level.value = level;
}
@@ -736,8 +773,7 @@ void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd,
Reads or writes a LSA_Q_LOOKUP_SIDS structure.
********************************************************************/
-BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s,
- prs_struct *ps, int depth)
+BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth)
{
if (q_s == NULL)
return False;
@@ -787,9 +823,23 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
return False;
if (trn->ptr_trans_names != 0) {
- if(!prs_uint32("num_entries2 ", ps, depth, &trn->num_entries2))
+ if(!prs_uint32("num_entries2 ", ps, depth,
+ &trn->num_entries2))
return False;
- SMB_ASSERT_ARRAY(trn->name, trn->num_entries);
+
+ if (UNMARSHALLING(ps)) {
+ if ((trn->name = (LSA_TRANS_NAME *)
+ malloc(trn->num_entries *
+ sizeof(LSA_TRANS_NAME))) == NULL) {
+ return False;
+ }
+
+ if ((trn->uni_name = (UNISTR2 *)
+ malloc(trn->num_entries *
+ sizeof(UNISTR2))) == NULL) {
+ return False;
+ }
+ }
for (i = 0; i < trn->num_entries2; i++) {
fstring t;
@@ -808,6 +858,16 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn,
if(!prs_align(ps))
return False;
}
+
+ /* Free memory if we've sent it */
+
+ if (MARSHALLING(ps)) {
+ safe_free(trn->name);
+ safe_free(trn->uni_name);
+
+ trn->name = NULL;
+ trn->uni_name = NULL;
+ }
}
return True;
@@ -855,22 +915,22 @@ makes a structure.
********************************************************************/
void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd,
- int num_names, char **names)
+ int num_names, char **names)
{
int i;
- DEBUG(5,("init_q_lookup_names\n"));
+ DEBUG(5, ("init_q_lookup_names\n"));
+
+ memcpy(&q_l->pol, hnd, sizeof(q_l->pol));
- q_l->pol = *hnd;
q_l->num_entries = num_names;
q_l->num_entries2 = num_names;
SMB_ASSERT_ARRAY(q_l->uni_name, q_l->num_entries);
for (i = 0; i < num_names; i++) {
- char *name = names[i];
- int len = strlen(name);
-
+ char* name = names[i];
+ int len = strlen(name)+1;
init_uni_hdr(&q_l->hdr_name[i], len);
init_unistr2(&q_l->uni_name[i], name, len);
}
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 7e6417f276..38f4936209 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -277,13 +277,26 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
***************************************************************************/
static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
- int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count)
+ int num_entries, DOM_SID2 *sid,
+ uint32 *mapped_count)
{
int i;
int total = 0;
*mapped_count = 0;
- SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS);
+ /* Allocate memory for list of names */
+
+ if (!(trn->name = (LSA_TRANS_NAME *)malloc(sizeof(LSA_TRANS_NAME) *
+ num_entries))) {
+ DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
+ return;
+ }
+
+ if (!(trn->uni_name = (UNISTR2 *)malloc(sizeof(UNISTR2) *
+ num_entries))) {
+ DEBUG(0, ("init_lsa_trans_names(): out of memory\n"));
+ return;
+ }
for (i = 0; i < num_entries; i++) {
BOOL status = False;
@@ -318,7 +331,8 @@ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn,
dom_idx = init_dom_ref(ref, dom_name, &find_sid);
- DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name ));
+ DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to "
+ "referenced list.\n", dom_name, name ));
(*mapped_count)++;
@@ -376,6 +390,11 @@ static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entr
return False;
}
+ /* Free memory - perhaps this should be done using talloc()? */
+
+ safe_free(names.name);
+ safe_free(names.uni_name);
+
return True;
}
@@ -551,20 +570,29 @@ static BOOL api_lsa_lookup_sids(pipes_struct *p)
LSA_Q_LOOKUP_SIDS q_l;
prs_struct *data = &p->in_data.data;
prs_struct *rdata = &p->out_data.rdata;
+ BOOL result = True;
ZERO_STRUCT(q_l);
/* grab the info class and policy handle */
if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) {
DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n"));
- return False;
+ result = False;
+ goto done;
}
/* construct reply. return status is always 0x0 */
- if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries))
- return False;
+ if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) {
+ result = False;
+ goto done;
+ }
- return True;
+
+ done:
+ safe_free(q_l.sids.ptr_sid);
+ safe_free(q_l.sids.sid);
+
+ return result;
}
/***************************************************************************