diff options
-rw-r--r-- | source3/include/proto.h | 29 | ||||
-rw-r--r-- | source3/include/rpc_client_proto.h | 13 | ||||
-rw-r--r-- | source3/include/rpc_lsa.h | 10 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 526 | ||||
-rw-r--r-- | source3/rpc_parse/parse_lsa.c | 142 | ||||
-rw-r--r-- | source3/rpc_server/srv_lsa.c | 42 |
6 files changed, 276 insertions, 486 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 8765c02771..1622d336e0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1924,18 +1924,17 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); BOOL do_lsa_open_policy(struct cli_state *cli, char *system_name, POLICY_HND *hnd, BOOL sec_qos); +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char ***names, + int *num_names); BOOL do_lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid); BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd); BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server); -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access); -uint32 lsa_close(POLICY_HND *hnd); -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names); -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids); /*The following definitions come from rpc_client/cli_netlogon.c */ @@ -2268,8 +2267,7 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name, uint32 attributes, uint32 desired_access, LSA_SEC_QOS *qos); -BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, - int depth); +BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth); BOOL lsa_io_r_open_pol(char *desc, LSA_R_OPEN_POL *r_p, prs_struct *ps, int depth); void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name, uint32 attributes, @@ -2288,14 +2286,15 @@ void init_r_enum_trust_dom(LSA_R_ENUM_TRUST_DOM *r_e, uint32 status); BOOL lsa_io_r_enum_trust_dom(char *desc, LSA_R_ENUM_TRUST_DOM *r_e, prs_struct *ps, int depth); BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth); -void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids); -void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, - int num_sids, DOM_SID *sids, uint16 level); -BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, - prs_struct *ps, int depth); +void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, + int num_entries, DOM_SID **sids); +void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, + POLICY_HND *hnd, int num_sids, DOM_SID **sids, + uint16 level); +BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth); BOOL lsa_io_r_lookup_sids(char *desc, LSA_R_LOOKUP_SIDS *r_s, prs_struct *ps, int depth); void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd, - int num_names, char **names); + int num_names, char **names); BOOL lsa_io_q_lookup_names(char *desc, LSA_Q_LOOKUP_NAMES *q_r, prs_struct *ps, int depth); BOOL lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps, int depth); void init_lsa_q_close(LSA_Q_CLOSE *q_c, POLICY_HND *hnd); diff --git a/source3/include/rpc_client_proto.h b/source3/include/rpc_client_proto.h index 3b94c37d59..6a66c9d417 100644 --- a/source3/include/rpc_client_proto.h +++ b/source3/include/rpc_client_proto.h @@ -50,18 +50,17 @@ BOOL cli_nt_logoff(struct cli_state *cli, NET_ID_INFO_CTR *ctr); BOOL do_lsa_open_policy(struct cli_state *cli, char *system_name, POLICY_HND *hnd, BOOL sec_qos); +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char ***names, + int *num_names); BOOL do_lsa_query_info_pol(struct cli_state *cli, POLICY_HND *hnd, uint16 info_class, fstring domain_name, DOM_SID *domain_sid); BOOL do_lsa_close(struct cli_state *cli, POLICY_HND *hnd); BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server); -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access); -uint32 lsa_close(POLICY_HND *hnd); -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names); -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids); /*The following definitions come from rpc_client/cli_netlogon.c */ diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 0ef54587dc..adeb6d5ad4 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -96,7 +96,7 @@ typedef struct obj_attr_info typedef struct lsa_q_open_pol_info { uint32 ptr; /* undocumented buffer pointer */ - uint16 system_name; /* system name BUG!!! (should be \\server!) */ + uint16 system_name; /* 0x5c - system name */ LSA_OBJ_ATTR attr ; /* object attributes */ uint32 des_access; /* desired access attributes */ @@ -267,8 +267,8 @@ typedef struct lsa_trans_name_enum_info uint32 ptr_trans_names; uint32 num_entries2; - LSA_TRANS_NAME name [MAX_LOOKUP_SIDS]; /* translated names */ - UNISTR2 uni_name[MAX_LOOKUP_SIDS]; + LSA_TRANS_NAME *name; /* translated names */ + UNISTR2 *uni_name; } LSA_TRANS_NAME_ENUM; @@ -279,8 +279,8 @@ typedef struct lsa_sid_enum_info uint32 ptr_sid_enum; uint32 num_entries2; - uint32 ptr_sid[MAX_LOOKUP_SIDS]; /* domain SID pointers to be looked up. */ - DOM_SID2 sid [MAX_LOOKUP_SIDS]; /* domain SIDs to be looked up. */ + uint32 *ptr_sid; /* domain SID pointers to be looked up. */ + DOM_SID2 *sid; /* domain SIDs to be looked up. */ } LSA_SID_ENUM; diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index df78a218b1..5fecdff264 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -1,3 +1,4 @@ + /* * Unix SMB/Netbios implementation. * Version 1.9. @@ -22,10 +23,16 @@ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + +#ifdef SYSLOG +#undef SYSLOG +#endif + #include "includes.h" extern int DEBUGLEVEL; + /**************************************************************************** do a LSA Open Policy ****************************************************************************/ @@ -96,6 +103,114 @@ BOOL do_lsa_open_policy(struct cli_state *cli, } /**************************************************************************** +do a LSA Lookup SIDs +****************************************************************************/ + +BOOL do_lsa_lookup_sids(struct cli_state *cli, + POLICY_HND *hnd, + int num_sids, + DOM_SID **sids, + char ***names, + int *num_names) +{ + prs_struct rbuf; + prs_struct buf; + LSA_Q_LOOKUP_SIDS q_l; + LSA_R_LOOKUP_SIDS r_l; + DOM_R_REF ref; + LSA_TRANS_NAME_ENUM t_names; + int i; + BOOL valid_response = False; + + if (hnd == NULL || num_sids == 0 || sids == NULL) + return False; + + prs_init(&buf , MAX_PDU_FRAG_LEN, 4, cli->mem_ctx, MARSHALL); + prs_init(&rbuf, 0, 4, cli->mem_ctx, UNMARSHALL ); + + /* create and send a MSRPC command with api LSA_LOOKUP_SIDS */ + + DEBUG(4,("LSA Lookup SIDs\n")); + + /* store the parameters */ + init_q_lookup_sids(cli->mem_ctx, &q_l, hnd, num_sids, sids, 1); + + /* turn parameters into data stream */ + if(!lsa_io_q_lookup_sids("", &q_l, &buf, 0)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + /* send the data on \PIPE\ */ + if (!rpc_api_pipe_req(cli, LSA_LOOKUPSIDS, &buf, &rbuf)) { + prs_mem_free(&buf); + prs_mem_free(&rbuf); + return False; + } + + prs_mem_free(&buf); + + r_l.dom_ref = &ref; + r_l.names = &t_names; + + if(!lsa_io_r_lookup_sids("", &r_l, &rbuf, 0)) { + DEBUG(0,("do_lsa_lookup_sids: Failed to unmarshall LSA_R_LOOKUP_SIDS\n")); + prs_mem_free(&rbuf); + return False; + } + + + if (r_l.status != 0) { + /* report error code */ + DEBUG(0,("LSA_LOOKUP_SIDS: %s\n", get_nt_error_msg(r_l.status))); + } else { + if (t_names.ptr_trans_names != 0) + valid_response = True; + } + + if(!valid_response) { + prs_mem_free(&rbuf); + return False; + } + + if (num_names != NULL) + (*num_names) = t_names.num_entries; + + for (i = 0; i < t_names.num_entries; i++) { + if (t_names.name[i].domain_idx >= ref.num_ref_doms_1) { + DEBUG(0,("LSA_LOOKUP_SIDS: domain index out of bounds\n")); + prs_mem_free(&rbuf); + return False; + } + } + + if (names != NULL && t_names.num_entries != 0) + (*names) = (char**)malloc((*num_names) * sizeof(char*)); + + if (names != NULL && (*names) != NULL) { + /* take each name, construct a \DOMAIN\name string */ + for (i = 0; i < (*num_names); i++) { + fstring name; + fstring dom_name; + fstring full_name; + uint32 dom_idx = t_names.name[i].domain_idx; + fstrcpy(dom_name, dos_unistr2(ref.ref_dom[dom_idx].uni_dom_name.buffer)); + fstrcpy(name, dos_unistr2(t_names.uni_name[i].buffer)); + + slprintf(full_name, sizeof(full_name)-1, "\\%s\\%s", + dom_name, name); + + (*names)[i] = strdup(full_name); + } + } + + prs_mem_free(&rbuf); + + return valid_response; +} + +/**************************************************************************** do a LSA Query Info Policy ****************************************************************************/ BOOL do_lsa_query_info_pol(struct cli_state *cli, @@ -287,414 +402,3 @@ BOOL cli_lsa_get_domain_sid(struct cli_state *cli, char *server) return res3; } - -/**************************************************************************** -do a LSA Open Policy -****************************************************************************/ -uint32 lsa_open_policy(const char *system_name, POLICY_HND *hnd, - BOOL sec_qos, uint32 des_access) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_OPEN_POL q_o; - LSA_SEC_QOS qos; - struct cli_connection *con = NULL; - uint32 result; - - if (!cli_connection_init(system_name, PIPE_LSARPC, &con)) { - return NT_STATUS_UNSUCCESSFUL; - } - - if (hnd == NULL) return NT_STATUS_UNSUCCESSFUL; - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); - - /* create and send a MSRPC command with api LSA_OPENPOLICY */ - - DEBUG(4, ("LSA Open Policy\n")); - - /* store the parameters */ - if (sec_qos) { - init_lsa_sec_qos(&qos, 2, 1, 0, des_access); - init_q_open_pol(&q_o, '\\', 0, des_access, &qos); - } else { - init_q_open_pol(&q_o, '\\', 0, des_access, NULL); - } - - /* turn parameters into data stream */ - if (lsa_io_q_open_pol("", &q_o, &buf, 0) && - rpc_con_pipe_req(con, LSA_OPENPOLICY, &buf, &rbuf)) { - LSA_R_OPEN_POL r_o; - BOOL p; - - lsa_io_r_open_pol("", &r_o, &rbuf, 0); - p = rbuf.data_offset != 0; - - result = r_o.status; - - if (p && r_o.status != 0) { - /* report error code */ - DEBUG(0, - ("LSA_OPENPOLICY: %s\n", - get_nt_error_msg(r_o.status))); - p = False; - } - - if (p) { - - /* Return the policy handle */ - - *hnd = r_o.pol; - - if (!RpcHndList_set_connection(hnd, con)) { - result = NT_STATUS_NO_MEMORY; - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Close -****************************************************************************/ -uint32 lsa_close(POLICY_HND *hnd) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_CLOSE q_c; - uint32 result; - - if (hnd == NULL) return False; - - /* Create and send a MSRPC command with api LSA_OPENPOLICY */ - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, NULL, False); - prs_init(&rbuf, 0, 4, NULL, True); - - DEBUG(4, ("LSA Close\n")); - - /* Store the parameters */ - - init_lsa_q_close(&q_c, hnd); - - /* Turn parameters into data stream */ - - if (lsa_io_q_close("", &q_c, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_CLOSE, &buf, &rbuf)) { - LSA_R_CLOSE r_c; - BOOL p; - - lsa_io_r_close("", &r_c, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_c.status; - - if (p && r_c.status != 0) { - - /* Report error code */ - - DEBUG(0, ("LSA_CLOSE: %s\n", - get_nt_error_msg(r_c.status))); - - p = False; - } - - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup SIDs -****************************************************************************/ -uint32 lsa_lookup_sids(POLICY_HND *hnd, int num_sids, DOM_SID *sids, - char ***names, uint32 **types, int *num_names) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_SIDS q_l; - TALLOC_CTX *ctx = talloc_init(); - uint32 result; - - ZERO_STRUCT(q_l); - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - if (num_names != NULL) { - *num_names = 0; - } - - if (types != NULL) { - *types = NULL; - } - - if (names != NULL) { - *names = NULL; - } - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); - - /* Create and send a MSRPC command with api LSA_LOOKUP_SIDS */ - - DEBUG(4, ("LSA Lookup SIDs\n")); - - /* Store the parameters */ - - init_q_lookup_sids(&q_l, hnd, num_sids, sids, 1); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_sids("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPSIDS, &buf, &rbuf)) { - LSA_R_LOOKUP_SIDS r_l; - DOM_R_REF ref; - LSA_TRANS_NAME_ENUM t_names; - BOOL p, valid_response; - - r_l.dom_ref = &ref; - r_l.names = &t_names; - - lsa_io_r_lookup_sids("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - result = r_l.status; - - if (p && r_l.status != 0 && - r_l.status != 0x107 && - r_l.status != (0xC0000000 | NT_STATUS_NONE_MAPPED)) { - - /* Report error code */ - - DEBUG(1, ("LSA_LOOKUP_SIDS: %s\n", - get_nt_error_msg(r_l.status))); - - return r_l.status; - } - - result = NT_STATUS_NOPROBLEMO; - - if (p) { - if (t_names.ptr_trans_names != 0 - && r_l.ptr_dom_ref != 0) { - valid_response = True; - } - } - - if (num_names != NULL && valid_response) { - (*num_names) = t_names.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < t_names.num_entries; i++) { - if ((t_names.name[i].domain_idx >= - ref.num_ref_doms_1) - && (t_names.name[i].domain_idx != - 0xffffffff)) { - DEBUG(0, - ("LSA_LOOKUP_SIDS: domain index out of bounds\n")); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && (*num_names) != 0) { - (*types) = (uint32 *) malloc((*num_names) * - sizeof(uint32)); - } - - if (names != NULL && valid_response && (*num_names) != 0) { - (*names) = (char **)malloc((*num_names) * - sizeof(char *)); - } - - if (names != NULL && (*names) != NULL) { - int i; - - /* Take each name, construct a \DOMAIN\name string */ - - for (i = 0; i < (*num_names); i++) { - fstring name; - fstring dom_name; - fstring full_name; - uint32 dom_idx = t_names.name[i].domain_idx; - - if (dom_idx != 0xffffffff) { - unistr2_to_ascii(dom_name, - &ref. - ref_dom[dom_idx]. - uni_dom_name, - sizeof(dom_name) - - 1); - unistr2_to_ascii(name, - &t_names.uni_name[i], - sizeof(name) - 1); - - memset(full_name, 0, - sizeof(full_name)); - - slprintf(full_name, - sizeof(full_name) - 1, - "%s\\%s", dom_name, name); - - (*names)[i] = strdup(full_name); - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_names.name[i].sid_name_use; - } - } else { - (*names)[i] = NULL; - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} - -/**************************************************************************** -do a LSA Lookup Names -****************************************************************************/ -uint32 lsa_lookup_names(POLICY_HND *hnd, int num_names, char **names, - DOM_SID **sids, uint32 **types, int *num_sids) -{ - prs_struct rbuf; - prs_struct buf; - LSA_Q_LOOKUP_NAMES q_l; - BOOL valid_response = False; - TALLOC_CTX *ctx = talloc_init(); - uint32 result; - - if (hnd == NULL || num_sids == 0 || sids == NULL) return False; - - prs_init(&buf, MAX_PDU_FRAG_LEN, 4, ctx, False); - prs_init(&rbuf, 0, 4, ctx, True); - - /* create and send a MSRPC command with api LSA_LOOKUP_NAMES */ - - DEBUG(4, ("LSA Lookup NAMEs\n")); - - /* store the parameters */ - init_q_lookup_names(&q_l, hnd, num_names, names); - - /* turn parameters into data stream */ - if (lsa_io_q_lookup_names("", &q_l, &buf, 0) && - rpc_hnd_pipe_req(hnd, LSA_LOOKUPNAMES, &buf, &rbuf)) { - LSA_R_LOOKUP_NAMES r_l; - DOM_R_REF ref; - DOM_RID2 t_rids[MAX_LOOKUP_SIDS]; - BOOL p; - - ZERO_STRUCT(ref); - ZERO_STRUCT(t_rids); - - r_l.dom_ref = &ref; - r_l.dom_rid = t_rids; - - lsa_io_r_lookup_names("", &r_l, &rbuf, 0); - p = rbuf.data_offset != 0; - - if (p && r_l.status != 0) { - /* report error code */ - DEBUG(1, - ("LSA_LOOKUP_NAMES: %s\n", - get_nt_error_msg(r_l.status))); - p = False; - - return r_l.status; - } - - result = r_l.status; - - if (p) { - if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0) { - valid_response = True; - } - } - - if (num_sids != NULL && valid_response) { - (*num_sids) = r_l.num_entries; - } - - if (valid_response) { - uint32 i; - - for (i = 0; i < r_l.num_entries; i++) { - if (t_rids[i].rid_idx >= ref.num_ref_doms_1 && - t_rids[i].rid_idx != 0xffffffff) { - DEBUG(0, - ("LSA_LOOKUP_NAMES: domain index %d out of bounds\n", - t_rids[i].rid_idx)); - valid_response = False; - break; - } - } - } - - if (types != NULL && valid_response && r_l.num_entries != 0) { - (*types) = (uint32 *) malloc((*num_sids) * - sizeof(uint32)); - } - - if (sids != NULL && valid_response && r_l.num_entries != 0) { - (*sids) = (DOM_SID *) malloc((*num_sids) * - sizeof(DOM_SID)); - } - - if (sids != NULL && (*sids) != NULL) { - int i; - - /* Take each name, construct a SID */ - - for (i = 0; i < (*num_sids); i++) { - uint32 dom_idx = t_rids[i].rid_idx; - uint32 dom_rid = t_rids[i].rid; - DOM_SID *sid = &(*sids)[i]; - - if (dom_idx != 0xffffffff) { - - sid_copy(sid, - &ref.ref_dom[dom_idx]. - ref_dom.sid); - - if (dom_rid != 0xffffffff) { - sid_append_rid(sid, dom_rid); - } - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = t_rids[i].type; - } - - } else { - ZERO_STRUCTP(sid); - - if (types != NULL && - (*types) != NULL) { - (*types)[i] = SID_NAME_UNKNOWN; - } - } - } - } - } - - prs_mem_free(&rbuf); - prs_mem_free(&buf); - - return result; -} diff --git a/source3/rpc_parse/parse_lsa.c b/source3/rpc_parse/parse_lsa.c index a53c07366e..6a2e504f79 100644 --- a/source3/rpc_parse/parse_lsa.c +++ b/source3/rpc_parse/parse_lsa.c @@ -297,10 +297,10 @@ void init_q_open_pol(LSA_Q_OPEN_POL *r_q, uint16 system_name, Reads or writes an LSA_Q_OPEN_POL structure. ********************************************************************/ -BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, - int depth) +BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, int depth) { - if (r_q == NULL) return False; + if (r_q == NULL) + return False; prs_debug(ps, depth, desc, "lsa_io_q_open_pol"); depth++; @@ -309,7 +309,7 @@ BOOL lsa_io_q_open_pol(char *desc, LSA_Q_OPEN_POL *r_q, prs_struct *ps, return False; if(!prs_uint16("system_name", ps, depth, &r_q->system_name)) return False; - if(!prs_align(ps)) + if(!prs_align( ps )) return False; if(!lsa_io_obj_attr("", &r_q->attr, ps, depth)) @@ -353,7 +353,7 @@ void init_q_open_pol2(LSA_Q_OPEN_POL2 *r_q, char *server_name, uint32 desired_access, LSA_SEC_QOS *qos) { - DEBUG(5, ("init_open_pol2: attr:%d da:%d\n", attributes, + DEBUG(5, ("init_q_open_pol2: attr:%d da:%d\n", attributes, desired_access)); r_q->ptr = 1; /* undocumented pointer */ @@ -648,21 +648,43 @@ BOOL lsa_io_r_query(char *desc, LSA_R_QUERY_INFO *r_q, prs_struct *ps, int depth Inits a LSA_SID_ENUM structure. ********************************************************************/ -void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids) +void init_lsa_sid_enum(TALLOC_CTX *mem_ctx, LSA_SID_ENUM *sen, + int num_entries, DOM_SID **sids) { - int i; + int i, i2; DEBUG(5, ("init_lsa_sid_enum\n")); sen->num_entries = num_entries; - sen->ptr_sid_enum = num_entries != 0; + sen->ptr_sid_enum = (num_entries != 0); sen->num_entries2 = num_entries; - SMB_ASSERT_ARRAY(sen->sid, sen->num_entries); + /* Allocate memory for sids and sid pointers */ + + if (num_entries == 0) return; + + if ((sen->ptr_sid = (uint32 *)talloc(mem_ctx, num_entries * + sizeof(uint32))) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for ptr_sid\n")); + return; + } + + if ((sen->sid = (DOM_SID2 *)talloc(mem_ctx, num_entries * + sizeof(DOM_SID2))) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for sids\n")); + return; + } + + /* Copy across SIDs and SID pointers */ - for (i = 0; i < num_entries; i++) { - sen->ptr_sid[i] = 1; - init_dom_sid2(&sen->sid[i], &sids[i]); + for (i = 0, i2 = 0; i < num_entries; i++) { + if (sids[i] != NULL) { + sen->ptr_sid[i] = 1; + init_dom_sid2(&sen->sid[i2], sids[i]); + i2++; + } else { + sen->ptr_sid[i] = 0; + } } } @@ -670,13 +692,12 @@ void init_lsa_sid_enum(LSA_SID_ENUM *sen, int num_entries, DOM_SID *sids) Reads or writes a LSA_SID_ENUM structure. ********************************************************************/ -static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, - prs_struct *ps, int depth) +static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, + prs_struct *ps, int depth) { int i; - if (sen == NULL) - return False; + if (sen == NULL) return False; prs_debug(ps, depth, desc, "lsa_io_sid_enum"); depth++; @@ -691,22 +712,40 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, if(!prs_uint32("num_entries2", ps, depth, &sen->num_entries2)) return False; - SMB_ASSERT_ARRAY(sen->ptr_sid, sen->num_entries); + /* Mallocate memory if we're unpacking from the wire */ + + if (UNMARSHALLING(ps)) { + if ((sen->ptr_sid = (uint32 *)malloc( + sen->num_entries * sizeof(uint32))) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for " + "ptr_sid\n")); + return False; + } + + if ((sen->sid = (DOM_SID2 *)malloc( + sen->num_entries * sizeof(DOM_SID2))) == NULL) { + DEBUG(3, ("init_lsa_sid_enum(): out of memory for " + "sids\n")); + return False; + } + } for (i = 0; i < sen->num_entries; i++) { fstring temp; + slprintf(temp, sizeof(temp) - 1, "ptr_sid[%d]", i); - if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) /* domain SID pointers to be looked up. */ + if(!prs_uint32(temp, ps, depth, &sen->ptr_sid[i])) { return False; + } } - SMB_ASSERT_ARRAY(sen->sid, sen->num_entries); - for (i = 0; i < sen->num_entries; i++) { fstring temp; + slprintf(temp, sizeof(temp) - 1, "sid[%d]", i); - if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) /* domain SIDs to be looked up. */ + if(!smb_io_dom_sid2(temp, &sen->sid[i], ps, depth)) { return False; + } } return True; @@ -716,19 +755,17 @@ static BOOL lsa_io_sid_enum(char *desc, LSA_SID_ENUM *sen, Inits an LSA_R_ENUM_TRUST_DOM structure. ********************************************************************/ -void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, - int num_sids, DOM_SID *sids, uint16 level) +void init_q_lookup_sids(TALLOC_CTX *mem_ctx, LSA_Q_LOOKUP_SIDS *q_l, + POLICY_HND *hnd, int num_sids, DOM_SID **sids, + uint16 level) { - DEBUG(5, ("init_q_lookup_sids\n")); - - q_l->pol = *hnd; - - init_lsa_sid_enum(&q_l->sids, num_sids, sids); + DEBUG(5, ("init_r_enum_trust_dom\n")); - q_l->names.num_entries = 0; - q_l->names.ptr_trans_names = 0; - q_l->names.num_entries2 = 0; + ZERO_STRUCTP(q_l); + memcpy(&q_l->pol, hnd, sizeof(q_l->pol)); + init_lsa_sid_enum(mem_ctx, &q_l->sids, num_sids, sids); + q_l->level.value = level; } @@ -736,8 +773,7 @@ void init_q_lookup_sids(LSA_Q_LOOKUP_SIDS *q_l, POLICY_HND *hnd, Reads or writes a LSA_Q_LOOKUP_SIDS structure. ********************************************************************/ -BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, - prs_struct *ps, int depth) +BOOL lsa_io_q_lookup_sids(char *desc, LSA_Q_LOOKUP_SIDS *q_s, prs_struct *ps, int depth) { if (q_s == NULL) return False; @@ -787,9 +823,23 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, return False; if (trn->ptr_trans_names != 0) { - if(!prs_uint32("num_entries2 ", ps, depth, &trn->num_entries2)) + if(!prs_uint32("num_entries2 ", ps, depth, + &trn->num_entries2)) return False; - SMB_ASSERT_ARRAY(trn->name, trn->num_entries); + + if (UNMARSHALLING(ps)) { + if ((trn->name = (LSA_TRANS_NAME *) + malloc(trn->num_entries * + sizeof(LSA_TRANS_NAME))) == NULL) { + return False; + } + + if ((trn->uni_name = (UNISTR2 *) + malloc(trn->num_entries * + sizeof(UNISTR2))) == NULL) { + return False; + } + } for (i = 0; i < trn->num_entries2; i++) { fstring t; @@ -808,6 +858,16 @@ static BOOL lsa_io_trans_names(char *desc, LSA_TRANS_NAME_ENUM *trn, if(!prs_align(ps)) return False; } + + /* Free memory if we've sent it */ + + if (MARSHALLING(ps)) { + safe_free(trn->name); + safe_free(trn->uni_name); + + trn->name = NULL; + trn->uni_name = NULL; + } } return True; @@ -855,22 +915,22 @@ makes a structure. ********************************************************************/ void init_q_lookup_names(LSA_Q_LOOKUP_NAMES *q_l, POLICY_HND *hnd, - int num_names, char **names) + int num_names, char **names) { int i; - DEBUG(5,("init_q_lookup_names\n")); + DEBUG(5, ("init_q_lookup_names\n")); + + memcpy(&q_l->pol, hnd, sizeof(q_l->pol)); - q_l->pol = *hnd; q_l->num_entries = num_names; q_l->num_entries2 = num_names; SMB_ASSERT_ARRAY(q_l->uni_name, q_l->num_entries); for (i = 0; i < num_names; i++) { - char *name = names[i]; - int len = strlen(name); - + char* name = names[i]; + int len = strlen(name)+1; init_uni_hdr(&q_l->hdr_name[i], len); init_unistr2(&q_l->uni_name[i], name, len); } diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c index 7e6417f276..38f4936209 100644 --- a/source3/rpc_server/srv_lsa.c +++ b/source3/rpc_server/srv_lsa.c @@ -277,13 +277,26 @@ static void init_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, ***************************************************************************/ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn, - int num_entries, DOM_SID2 sid[MAX_LOOKUP_SIDS], uint32 *mapped_count) + int num_entries, DOM_SID2 *sid, + uint32 *mapped_count) { int i; int total = 0; *mapped_count = 0; - SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); + /* Allocate memory for list of names */ + + if (!(trn->name = (LSA_TRANS_NAME *)malloc(sizeof(LSA_TRANS_NAME) * + num_entries))) { + DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); + return; + } + + if (!(trn->uni_name = (UNISTR2 *)malloc(sizeof(UNISTR2) * + num_entries))) { + DEBUG(0, ("init_lsa_trans_names(): out of memory\n")); + return; + } for (i = 0; i < num_entries; i++) { BOOL status = False; @@ -318,7 +331,8 @@ static void init_lsa_trans_names(DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *trn, dom_idx = init_dom_ref(ref, dom_name, &find_sid); - DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to referenced list.\n", dom_name, name )); + DEBUG(10,("init_lsa_trans_names: added user '%s\\%s' to " + "referenced list.\n", dom_name, name )); (*mapped_count)++; @@ -376,6 +390,11 @@ static BOOL lsa_reply_lookup_sids(prs_struct *rdata, DOM_SID2 *sid, int num_entr return False; } + /* Free memory - perhaps this should be done using talloc()? */ + + safe_free(names.name); + safe_free(names.uni_name); + return True; } @@ -551,20 +570,29 @@ static BOOL api_lsa_lookup_sids(pipes_struct *p) LSA_Q_LOOKUP_SIDS q_l; prs_struct *data = &p->in_data.data; prs_struct *rdata = &p->out_data.rdata; + BOOL result = True; ZERO_STRUCT(q_l); /* grab the info class and policy handle */ if(!lsa_io_q_lookup_sids("", &q_l, data, 0)) { DEBUG(0,("api_lsa_lookup_sids: failed to unmarshall LSA_Q_LOOKUP_SIDS.\n")); - return False; + result = False; + goto done; } /* construct reply. return status is always 0x0 */ - if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) - return False; + if(!lsa_reply_lookup_sids(rdata, q_l.sids.sid, q_l.sids.num_entries)) { + result = False; + goto done; + } - return True; + + done: + safe_free(q_l.sids.ptr_sid); + safe_free(q_l.sids.sid); + + return result; } /*************************************************************************** |