summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h8
-rw-r--r--source3/include/rpc_samr.h8
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/rpc_client/cli_lsarpc.c4
-rw-r--r--source3/rpc_client/cli_samr.c21
-rw-r--r--source3/rpc_parse/parse_samr.c125
-rw-r--r--source3/rpcclient/cmd_samr.c5
7 files changed, 114 insertions, 58 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 6ec2b23849..e2bbd8fd0b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2645,17 +2645,15 @@ BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol,
BOOL samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth);
BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
uint32 next_idx,
- uint32 num_sam_entries, DOMAIN_GRP *grps,
- uint32 status);
+ uint32 num_sam_entries, DOMAIN_GRP *grps, uint32 status);
BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth);
BOOL make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol,
uint32 start_idx, uint32 size);
BOOL samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth);
BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
uint32 next_idx,
- uint32 num_sam_entries, LOCAL_GRP *alss,
- uint32 status);
-BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth);
+ uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status);
+BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth);
BOOL make_samr_alias_info3(ALIAS_INFO3 *al3, const char *acct_desc);
BOOL samr_io_alias_info3(char *desc, ALIAS_INFO3 *al3, prs_struct *ps, int depth);
BOOL samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR *ctr, prs_struct *ps, int depth);
diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h
index 87fc17cda9..9f1f8a83fe 100644
--- a/source3/include/rpc_samr.h
+++ b/source3/include/rpc_samr.h
@@ -655,8 +655,8 @@ typedef struct r_samr_enum_dom_groups_info
uint32 num_entries3;
- SAM_ENTRY sam[MAX_SAM_ENTRIES];
- UNISTR2 uni_grp_name[MAX_SAM_ENTRIES];
+ SAM_ENTRY *sam;
+ UNISTR2 *uni_grp_name;
uint32 num_entries4;
@@ -689,8 +689,8 @@ typedef struct r_samr_enum_dom_aliases_info
uint32 num_entries3;
- SAM_ENTRY sam[MAX_SAM_ENTRIES];
- UNISTR2 uni_grp_name[MAX_SAM_ENTRIES];
+ SAM_ENTRY *sam;
+ UNISTR2 *uni_grp_name;
uint32 num_entries4;
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 80860cf57c..dccc05ea6a 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -259,6 +259,7 @@ typedef char fstring[FSTRING_LEN];
#define PIPE_NTSVCS "\\PIPE\\ntsvcs"
#define PIPE_LSASS "\\PIPE\\lsass"
#define PIPE_LSARPC "\\PIPE\\lsarpc"
+#define PIPE_EPMAPPER "\\PIPE\\epmapper"
#define PIPE_ATSVC "\\PIPE\\atsvc"
#define PIPE_SPOOLSS "\\pipe\\spoolss"
#define PIPE_EVENTLOG "\\PIPE\\EVENTLOG"
diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c
index 66444e631b..ce11999955 100644
--- a/source3/rpc_client/cli_lsarpc.c
+++ b/source3/rpc_client/cli_lsarpc.c
@@ -123,12 +123,12 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum,
/* store the parameters */
if (sec_qos)
{
- make_lsa_sec_qos(&qos, 2, 1, 0, 0x000f0fff);
+ make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000);
make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos);
}
else
{
- make_q_open_pol2(&q_o, server_name, 0, 0x1, NULL);
+ make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL);
}
/* turn parameters into data stream */
diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c
index 7c1860dee1..4ec658e664 100644
--- a/source3/rpc_client/cli_samr.c
+++ b/source3/rpc_client/cli_samr.c
@@ -665,6 +665,14 @@ uint32 samr_enum_dom_groups(struct cli_state *cli, uint16 fnum,
status = NT_STATUS_INVALID_PARAMETER | 0xC0000000;
}
+ if (r_e.sam != NULL)
+ {
+ free(r_e.sam);
+ }
+ if (r_e.uni_grp_name != NULL)
+ {
+ free(r_e.uni_grp_name);
+ }
}
prs_mem_free(&data );
@@ -753,6 +761,19 @@ uint32 samr_enum_dom_aliases(struct cli_state *cli, uint16 fnum,
}
(*start_idx) = r_e.next_idx;
}
+ else if (status == 0x0)
+ {
+ status = NT_STATUS_INVALID_PARAMETER | 0xC0000000;
+ }
+
+ if (r_e.sam != NULL)
+ {
+ free(r_e.sam);
+ }
+ if (r_e.uni_grp_name != NULL)
+ {
+ free(r_e.uni_grp_name);
+ }
}
prs_mem_free(&data );
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c
index 74386e7f99..c41d7014bd 100644
--- a/source3/rpc_parse/parse_samr.c
+++ b/source3/rpc_parse/parse_samr.c
@@ -1300,7 +1300,7 @@ BOOL samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struct
if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0)
{
- DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n"));
+ DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_USERS\n"));
r_u->num_entries4 = 0;
r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED;
return False;
@@ -2803,8 +2803,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure.
********************************************************************/
BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
uint32 next_idx,
- uint32 num_sam_entries, DOMAIN_GRP *grps,
- uint32 status)
+ uint32 num_sam_entries, DOMAIN_GRP *grps, uint32 status)
{
uint32 i;
@@ -2812,23 +2811,25 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
DEBUG(5,("make_samr_r_enum_dom_groups\n"));
- if (num_sam_entries >= MAX_SAM_ENTRIES)
- {
- num_sam_entries = MAX_SAM_ENTRIES;
- DEBUG(5,("limiting number of entries to %d\n",
- num_sam_entries));
- }
-
- r_u->next_idx = next_idx;
- r_u->ptr_entries1 = 1;
- r_u->num_entries2 = num_sam_entries;
+ r_u->next_idx = next_idx;
+ r_u->sam = NULL;
+ r_u->uni_grp_name = NULL;
- if (num_sam_entries > 0)
+ if (num_sam_entries != 0)
{
+ r_u->ptr_entries1 = 1;
r_u->ptr_entries2 = 1;
+ r_u->num_entries2 = num_sam_entries;
r_u->num_entries3 = num_sam_entries;
- SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries);
+ r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0]));
+
+ if (r_u->sam == NULL || r_u->uni_grp_name == NULL)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n"));
+ return False;
+ }
for (i = 0; i < num_sam_entries; i++)
{
@@ -2845,7 +2846,9 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u,
}
else
{
- r_u->num_entries4 = 0;
+ r_u->ptr_entries1 = 0;
+ r_u->num_entries2 = num_sam_entries;
+ r_u->ptr_entries2 = 1;
}
r_u->status = status;
@@ -2865,30 +2868,48 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru
prs_debug(ps, depth, desc, "samr_io_r_enum_dom_groups");
depth++;
+ r_u->sam = NULL;
+ r_u->uni_grp_name = NULL;
+
prs_align(ps);
prs_uint32("next_idx ", ps, depth, &(r_u->next_idx ));
prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1));
- prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2));
-
- if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0)
+
+ if (r_u->ptr_entries1 != 0)
{
+ prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2));
prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2));
prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3));
- SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2);
+ if (ps->io)
+ {
+ r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0]));
+ }
+
+ if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n"));
+ r_u->num_entries4 = 0;
+ r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED;
+ return False;
+ }
for (i = 0; i < r_u->num_entries2; i++)
{
+ prs_grow(ps);
sam_io_sam_entry("", &(r_u->sam[i]), ps, depth);
}
for (i = 0; i < r_u->num_entries2; i++)
{
+ prs_grow(ps);
smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth);
}
prs_align(ps);
+
}
prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
@@ -2897,7 +2918,6 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru
return True;
}
-
/*******************************************************************
makes a SAMR_Q_ENUM_DOM_ALIASES structure.
********************************************************************/
@@ -2946,8 +2966,7 @@ makes a SAMR_R_ENUM_DOM_ALIASES structure.
********************************************************************/
BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
uint32 next_idx,
- uint32 num_sam_entries, LOCAL_GRP *alss,
- uint32 status)
+ uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status)
{
uint32 i;
@@ -2955,23 +2974,25 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
DEBUG(5,("make_samr_r_enum_dom_aliases\n"));
- if (num_sam_entries >= MAX_SAM_ENTRIES)
- {
- num_sam_entries = MAX_SAM_ENTRIES;
- DEBUG(5,("limiting number of entries to %d\n",
- num_sam_entries));
- }
-
- r_u->next_idx = next_idx;
- r_u->ptr_entries1 = 1;
- r_u->num_entries2 = num_sam_entries;
+ r_u->next_idx = next_idx;
+ r_u->sam = NULL;
+ r_u->uni_grp_name = NULL;
- if (num_sam_entries > 0)
+ if (num_sam_entries != 0)
{
+ r_u->ptr_entries1 = 1;
r_u->ptr_entries2 = 1;
+ r_u->num_entries2 = num_sam_entries;
r_u->num_entries3 = num_sam_entries;
- SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries);
+ r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0]));
+
+ if (r_u->sam == NULL || r_u->uni_grp_name == NULL)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n"));
+ return False;
+ }
for (i = 0; i < num_sam_entries; i++)
{
@@ -2981,14 +3002,16 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
acct_name_len,
alss[i].rid);
- make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name , acct_name_len);
+ make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name, acct_name_len);
}
r_u->num_entries4 = num_sam_entries;
}
else
{
- r_u->num_entries4 = 0;
+ r_u->ptr_entries1 = 0;
+ r_u->num_entries2 = num_sam_entries;
+ r_u->ptr_entries2 = 1;
}
r_u->status = status;
@@ -2999,7 +3022,7 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u,
/*******************************************************************
reads or writes a structure.
********************************************************************/
-BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth)
+BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth)
{
uint32 i;
@@ -3008,30 +3031,48 @@ BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_s
prs_debug(ps, depth, desc, "samr_io_r_enum_dom_aliases");
depth++;
+ r_u->sam = NULL;
+ r_u->uni_grp_name = NULL;
+
prs_align(ps);
prs_uint32("next_idx ", ps, depth, &(r_u->next_idx ));
prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1));
- prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2));
-
- if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0)
+
+ if (r_u->ptr_entries1 != 0)
{
+ prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2));
prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2));
prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3));
- SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2);
+ if (ps->io)
+ {
+ r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0]));
+ r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0]));
+ }
+
+ if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0)
+ {
+ DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n"));
+ r_u->num_entries4 = 0;
+ r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED;
+ return False;
+ }
for (i = 0; i < r_u->num_entries2; i++)
{
+ prs_grow(ps);
sam_io_sam_entry("", &(r_u->sam[i]), ps, depth);
}
for (i = 0; i < r_u->num_entries2; i++)
{
+ prs_grow(ps);
smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth);
}
prs_align(ps);
+
}
prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4));
diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c
index a1506f8ca2..056a3292a9 100644
--- a/source3/rpcclient/cmd_samr.c
+++ b/source3/rpcclient/cmd_samr.c
@@ -1000,11 +1000,6 @@ uint32 msrpc_sam_enum_aliases(struct client_info *info,
/* close the session */
cli_nt_session_close(smb_cli, fnum);
- if (sam != NULL)
- {
- free(sam);
- }
-
if (res)
{
DEBUG(5,("msrpc_sam_enum_aliases: succeeded\n"));