diff options
-rw-r--r-- | source3/include/proto.h | 8 | ||||
-rw-r--r-- | source3/include/rpc_samr.h | 8 | ||||
-rw-r--r-- | source3/include/smb.h | 1 | ||||
-rw-r--r-- | source3/rpc_client/cli_lsarpc.c | 4 | ||||
-rw-r--r-- | source3/rpc_client/cli_samr.c | 21 | ||||
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 125 | ||||
-rw-r--r-- | source3/rpcclient/cmd_samr.c | 5 |
7 files changed, 114 insertions, 58 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 6ec2b23849..e2bbd8fd0b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -2645,17 +2645,15 @@ BOOL make_samr_q_enum_dom_groups(SAMR_Q_ENUM_DOM_GROUPS *q_e, POLICY_HND *pol, BOOL samr_io_q_enum_dom_groups(char *desc, SAMR_Q_ENUM_DOM_GROUPS *q_e, prs_struct *ps, int depth); BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 next_idx, - uint32 num_sam_entries, DOMAIN_GRP *grps, - uint32 status); + uint32 num_sam_entries, DOMAIN_GRP *grps, uint32 status); BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_struct *ps, int depth); BOOL make_samr_q_enum_dom_aliases(SAMR_Q_ENUM_DOM_ALIASES *q_e, POLICY_HND *pol, uint32 start_idx, uint32 size); BOOL samr_io_q_enum_dom_aliases(char *desc, SAMR_Q_ENUM_DOM_ALIASES *q_e, prs_struct *ps, int depth); BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 next_idx, - uint32 num_sam_entries, LOCAL_GRP *alss, - uint32 status); -BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth); + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status); +BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth); BOOL make_samr_alias_info3(ALIAS_INFO3 *al3, const char *acct_desc); BOOL samr_io_alias_info3(char *desc, ALIAS_INFO3 *al3, prs_struct *ps, int depth); BOOL samr_alias_info_ctr(char *desc, ALIAS_INFO_CTR *ctr, prs_struct *ps, int depth); diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h index 87fc17cda9..9f1f8a83fe 100644 --- a/source3/include/rpc_samr.h +++ b/source3/include/rpc_samr.h @@ -655,8 +655,8 @@ typedef struct r_samr_enum_dom_groups_info uint32 num_entries3; - SAM_ENTRY sam[MAX_SAM_ENTRIES]; - UNISTR2 uni_grp_name[MAX_SAM_ENTRIES]; + SAM_ENTRY *sam; + UNISTR2 *uni_grp_name; uint32 num_entries4; @@ -689,8 +689,8 @@ typedef struct r_samr_enum_dom_aliases_info uint32 num_entries3; - SAM_ENTRY sam[MAX_SAM_ENTRIES]; - UNISTR2 uni_grp_name[MAX_SAM_ENTRIES]; + SAM_ENTRY *sam; + UNISTR2 *uni_grp_name; uint32 num_entries4; diff --git a/source3/include/smb.h b/source3/include/smb.h index 80860cf57c..dccc05ea6a 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -259,6 +259,7 @@ typedef char fstring[FSTRING_LEN]; #define PIPE_NTSVCS "\\PIPE\\ntsvcs" #define PIPE_LSASS "\\PIPE\\lsass" #define PIPE_LSARPC "\\PIPE\\lsarpc" +#define PIPE_EPMAPPER "\\PIPE\\epmapper" #define PIPE_ATSVC "\\PIPE\\atsvc" #define PIPE_SPOOLSS "\\pipe\\spoolss" #define PIPE_EVENTLOG "\\PIPE\\EVENTLOG" diff --git a/source3/rpc_client/cli_lsarpc.c b/source3/rpc_client/cli_lsarpc.c index 66444e631b..ce11999955 100644 --- a/source3/rpc_client/cli_lsarpc.c +++ b/source3/rpc_client/cli_lsarpc.c @@ -123,12 +123,12 @@ BOOL lsa_open_policy2(struct cli_state *cli, uint16 fnum, /* store the parameters */ if (sec_qos) { - make_lsa_sec_qos(&qos, 2, 1, 0, 0x000f0fff); + make_lsa_sec_qos(&qos, 2, 1, 0, 0x02000000); make_q_open_pol2(&q_o, server_name, 0, 0x02000000, &qos); } else { - make_q_open_pol2(&q_o, server_name, 0, 0x1, NULL); + make_q_open_pol2(&q_o, server_name, 0, 0x02000000, NULL); } /* turn parameters into data stream */ diff --git a/source3/rpc_client/cli_samr.c b/source3/rpc_client/cli_samr.c index 7c1860dee1..4ec658e664 100644 --- a/source3/rpc_client/cli_samr.c +++ b/source3/rpc_client/cli_samr.c @@ -665,6 +665,14 @@ uint32 samr_enum_dom_groups(struct cli_state *cli, uint16 fnum, status = NT_STATUS_INVALID_PARAMETER | 0xC0000000; } + if (r_e.sam != NULL) + { + free(r_e.sam); + } + if (r_e.uni_grp_name != NULL) + { + free(r_e.uni_grp_name); + } } prs_mem_free(&data ); @@ -753,6 +761,19 @@ uint32 samr_enum_dom_aliases(struct cli_state *cli, uint16 fnum, } (*start_idx) = r_e.next_idx; } + else if (status == 0x0) + { + status = NT_STATUS_INVALID_PARAMETER | 0xC0000000; + } + + if (r_e.sam != NULL) + { + free(r_e.sam); + } + if (r_e.uni_grp_name != NULL) + { + free(r_e.uni_grp_name); + } } prs_mem_free(&data ); diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 74386e7f99..c41d7014bd 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1300,7 +1300,7 @@ BOOL samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struct if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) { - DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_USERS\n")); r_u->num_entries4 = 0; r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; return False; @@ -2803,8 +2803,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure. ********************************************************************/ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 next_idx, - uint32 num_sam_entries, DOMAIN_GRP *grps, - uint32 status) + uint32 num_sam_entries, DOMAIN_GRP *grps, uint32 status) { uint32 i; @@ -2812,23 +2811,25 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, DEBUG(5,("make_samr_r_enum_dom_groups\n")); - if (num_sam_entries >= MAX_SAM_ENTRIES) - { - num_sam_entries = MAX_SAM_ENTRIES; - DEBUG(5,("limiting number of entries to %d\n", - num_sam_entries)); - } - - r_u->next_idx = next_idx; - r_u->ptr_entries1 = 1; - r_u->num_entries2 = num_sam_entries; + r_u->next_idx = next_idx; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; - if (num_sam_entries > 0) + if (num_sam_entries != 0) { + r_u->ptr_entries1 = 1; r_u->ptr_entries2 = 1; + r_u->num_entries2 = num_sam_entries; r_u->num_entries3 = num_sam_entries; - SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries); + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + + if (r_u->sam == NULL || r_u->uni_grp_name == NULL) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n")); + return False; + } for (i = 0; i < num_sam_entries; i++) { @@ -2845,7 +2846,9 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, } else { - r_u->num_entries4 = 0; + r_u->ptr_entries1 = 0; + r_u->num_entries2 = num_sam_entries; + r_u->ptr_entries2 = 1; } r_u->status = status; @@ -2865,30 +2868,48 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru prs_debug(ps, depth, desc, "samr_io_r_enum_dom_groups"); depth++; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; + prs_align(ps); prs_uint32("next_idx ", ps, depth, &(r_u->next_idx )); prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1)); - prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); - - if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0) + + if (r_u->ptr_entries1 != 0) { + prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2)); prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3)); - SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2); + if (ps->io) + { + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + } + + if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n")); + r_u->num_entries4 = 0; + r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; + return False; + } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); sam_io_sam_entry("", &(r_u->sam[i]), ps, depth); } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth); } prs_align(ps); + } prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4)); @@ -2897,7 +2918,6 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru return True; } - /******************************************************************* makes a SAMR_Q_ENUM_DOM_ALIASES structure. ********************************************************************/ @@ -2946,8 +2966,7 @@ makes a SAMR_R_ENUM_DOM_ALIASES structure. ********************************************************************/ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 next_idx, - uint32 num_sam_entries, LOCAL_GRP *alss, - uint32 status) + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status) { uint32 i; @@ -2955,23 +2974,25 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, DEBUG(5,("make_samr_r_enum_dom_aliases\n")); - if (num_sam_entries >= MAX_SAM_ENTRIES) - { - num_sam_entries = MAX_SAM_ENTRIES; - DEBUG(5,("limiting number of entries to %d\n", - num_sam_entries)); - } - - r_u->next_idx = next_idx; - r_u->ptr_entries1 = 1; - r_u->num_entries2 = num_sam_entries; + r_u->next_idx = next_idx; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; - if (num_sam_entries > 0) + if (num_sam_entries != 0) { + r_u->ptr_entries1 = 1; r_u->ptr_entries2 = 1; + r_u->num_entries2 = num_sam_entries; r_u->num_entries3 = num_sam_entries; - SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries); + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + + if (r_u->sam == NULL || r_u->uni_grp_name == NULL) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n")); + return False; + } for (i = 0; i < num_sam_entries; i++) { @@ -2981,14 +3002,16 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, acct_name_len, alss[i].rid); - make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name , acct_name_len); + make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name, acct_name_len); } r_u->num_entries4 = num_sam_entries; } else { - r_u->num_entries4 = 0; + r_u->ptr_entries1 = 0; + r_u->num_entries2 = num_sam_entries; + r_u->ptr_entries2 = 1; } r_u->status = status; @@ -2999,7 +3022,7 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, /******************************************************************* reads or writes a structure. ********************************************************************/ -BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth) +BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth) { uint32 i; @@ -3008,30 +3031,48 @@ BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_s prs_debug(ps, depth, desc, "samr_io_r_enum_dom_aliases"); depth++; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; + prs_align(ps); prs_uint32("next_idx ", ps, depth, &(r_u->next_idx )); prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1)); - prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); - - if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0) + + if (r_u->ptr_entries1 != 0) { + prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2)); prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3)); - SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2); + if (ps->io) + { + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + } + + if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n")); + r_u->num_entries4 = 0; + r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; + return False; + } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); sam_io_sam_entry("", &(r_u->sam[i]), ps, depth); } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth); } prs_align(ps); + } prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4)); diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index a1506f8ca2..056a3292a9 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -1000,11 +1000,6 @@ uint32 msrpc_sam_enum_aliases(struct client_info *info, /* close the session */ cli_nt_session_close(smb_cli, fnum); - if (sam != NULL) - { - free(sam); - } - if (res) { DEBUG(5,("msrpc_sam_enum_aliases: succeeded\n")); |