diff options
-rw-r--r-- | source3/librpc/gen_ndr/cli_svcctl.c | 8 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/cli_svcctl.h | 6 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_svcctl.c | 237 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/ndr_svcctl.h | 4 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/srv_svcctl.c | 2 | ||||
-rw-r--r-- | source3/librpc/gen_ndr/svcctl.h | 18 |
6 files changed, 260 insertions, 15 deletions
diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index c996c761d5..e5fd4dac87 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -858,9 +858,9 @@ NTSTATUS rpccli_svcctl_OpenServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint8_t *query /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + struct QUERY_SERVICE_CONFIG *query /* [out] [ref] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceConfigW r; @@ -893,7 +893,7 @@ NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, } /* Return variables */ - memcpy(query, r.out.query, r.in.buf_size * sizeof(*query)); + *query = *r.out.query; *bytes_needed = *r.out.bytes_needed; /* Return result */ diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 56f0a2b0e7..02abbadf1e 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -127,9 +127,9 @@ NTSTATUS rpccli_svcctl_OpenServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint8_t *query /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + struct QUERY_SERVICE_CONFIG *query /* [out] [ref] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_svcctl_QueryServiceLockStatusW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index ec1450b48b..e897ef334b 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -353,6 +353,215 @@ _PUBLIC_ void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const ch ndr->depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->service_type)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->start_type)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->error_control)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->executablepath)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->loadordergroup)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->tag_id)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->dependencies)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->startname)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->displayname)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->executablepath) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->executablepath, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->executablepath, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->executablepath, ndr_charset_length(r->executablepath, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->loadordergroup) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->loadordergroup, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->loadordergroup, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->loadordergroup, ndr_charset_length(r->loadordergroup, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->dependencies) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dependencies, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dependencies, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->dependencies, ndr_charset_length(r->dependencies, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->startname) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->startname, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->startname, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->startname, ndr_charset_length(r->startname, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->displayname) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->displayname, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->displayname, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->displayname, ndr_charset_length(r->displayname, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r) +{ + uint32_t _ptr_executablepath; + TALLOC_CTX *_mem_save_executablepath_0; + uint32_t _ptr_loadordergroup; + TALLOC_CTX *_mem_save_loadordergroup_0; + uint32_t _ptr_dependencies; + TALLOC_CTX *_mem_save_dependencies_0; + uint32_t _ptr_startname; + TALLOC_CTX *_mem_save_startname_0; + uint32_t _ptr_displayname; + TALLOC_CTX *_mem_save_displayname_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->service_type)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->start_type)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->error_control)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_executablepath)); + if (_ptr_executablepath) { + NDR_PULL_ALLOC(ndr, r->executablepath); + } else { + r->executablepath = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_loadordergroup)); + if (_ptr_loadordergroup) { + NDR_PULL_ALLOC(ndr, r->loadordergroup); + } else { + r->loadordergroup = NULL; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->tag_id)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dependencies)); + if (_ptr_dependencies) { + NDR_PULL_ALLOC(ndr, r->dependencies); + } else { + r->dependencies = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_startname)); + if (_ptr_startname) { + NDR_PULL_ALLOC(ndr, r->startname); + } else { + r->startname = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_displayname)); + if (_ptr_displayname) { + NDR_PULL_ALLOC(ndr, r->displayname); + } else { + r->displayname = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->executablepath) { + _mem_save_executablepath_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->executablepath, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->executablepath)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->executablepath)); + if (ndr_get_array_length(ndr, &r->executablepath) > ndr_get_array_size(ndr, &r->executablepath)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->executablepath), ndr_get_array_length(ndr, &r->executablepath)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_executablepath_0, 0); + } + if (r->loadordergroup) { + _mem_save_loadordergroup_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->loadordergroup, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->loadordergroup)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->loadordergroup)); + if (ndr_get_array_length(ndr, &r->loadordergroup) > ndr_get_array_size(ndr, &r->loadordergroup)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->loadordergroup), ndr_get_array_length(ndr, &r->loadordergroup)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->loadordergroup, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_loadordergroup_0, 0); + } + if (r->dependencies) { + _mem_save_dependencies_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->dependencies, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->dependencies)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->dependencies)); + if (ndr_get_array_length(ndr, &r->dependencies) > ndr_get_array_size(ndr, &r->dependencies)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dependencies), ndr_get_array_length(ndr, &r->dependencies)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dependencies, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); + } + if (r->startname) { + _mem_save_startname_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->startname, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->startname)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->startname)); + if (ndr_get_array_length(ndr, &r->startname) > ndr_get_array_size(ndr, &r->startname)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->startname), ndr_get_array_length(ndr, &r->startname)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->startname, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_startname_0, 0); + } + if (r->displayname) { + _mem_save_displayname_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->displayname, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->displayname)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->displayname)); + if (ndr_get_array_length(ndr, &r->displayname) > ndr_get_array_size(ndr, &r->displayname)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->displayname), ndr_get_array_length(ndr, &r->displayname)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->displayname, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_displayname_0, 0); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_QUERY_SERVICE_CONFIG(struct ndr_print *ndr, const char *name, const struct QUERY_SERVICE_CONFIG *r) +{ + ndr_print_struct(ndr, name, "QUERY_SERVICE_CONFIG"); + ndr->depth++; + ndr_print_uint32(ndr, "service_type", r->service_type); + ndr_print_uint32(ndr, "start_type", r->start_type); + ndr_print_uint32(ndr, "error_control", r->error_control); + ndr_print_ptr(ndr, "executablepath", r->executablepath); + ndr->depth++; + if (r->executablepath) { + ndr_print_string(ndr, "executablepath", r->executablepath); + } + ndr->depth--; + ndr_print_ptr(ndr, "loadordergroup", r->loadordergroup); + ndr->depth++; + if (r->loadordergroup) { + ndr_print_string(ndr, "loadordergroup", r->loadordergroup); + } + ndr->depth--; + ndr_print_uint32(ndr, "tag_id", r->tag_id); + ndr_print_ptr(ndr, "dependencies", r->dependencies); + ndr->depth++; + if (r->dependencies) { + ndr_print_string(ndr, "dependencies", r->dependencies); + } + ndr->depth--; + ndr_print_ptr(ndr, "startname", r->startname); + ndr->depth++; + if (r->startname) { + ndr_print_string(ndr, "startname", r->startname); + } + ndr->depth--; + ndr_print_ptr(ndr, "displayname", r->displayname); + ndr->depth++; + if (r->displayname) { + ndr_print_string(ndr, "displayname", r->displayname); + } + ndr->depth--; + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_QUERY_SERVICE_CONFIG); +} + static enum ndr_err_code ndr_push_svcctl_CloseServiceHandle(struct ndr_push *ndr, int flags, const struct svcctl_CloseServiceHandle *r) { if (flags & NDR_IN) { @@ -2260,7 +2469,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfigW(struct ndr_push *nd NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.query, r->in.buf_size)); + if (r->out.query == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_QUERY_SERVICE_CONFIG(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.query)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -2273,6 +2485,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfigW(struct ndr_push *nd static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigW(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceConfigW *r) { TALLOC_CTX *_mem_save_handle_0; + TALLOC_CTX *_mem_save_query_0; TALLOC_CTX *_mem_save_bytes_needed_0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -2285,18 +2498,31 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigW(struct ndr_pull *nd NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC(ndr, r->out.query); + ZERO_STRUCTP(r->out.query); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.query, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.query, r->in.buf_size)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.query); + } + _mem_save_query_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.query, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_QUERY_SERVICE_CONFIG(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.query)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_query_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); } @@ -2323,7 +2549,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfigW(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfigW"); ndr->depth++; - ndr_print_array_uint8(ndr, "query", r->out.query, r->in.buf_size); + ndr_print_ptr(ndr, "query", r->out.query); + ndr->depth++; + ndr_print_QUERY_SERVICE_CONFIG(ndr, "query", r->out.query); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); diff --git a/source3/librpc/gen_ndr/ndr_svcctl.h b/source3/librpc/gen_ndr/ndr_svcctl.h index 4475b08792..0bebd3401a 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.h +++ b/source3/librpc/gen_ndr/ndr_svcctl.h @@ -108,6 +108,10 @@ enum ndr_err_code ndr_pull_svcctl_ServerType(struct ndr_pull *ndr, int ndr_flags void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_MgrAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); +enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r); +enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r); +void ndr_print_QUERY_SERVICE_CONFIG(struct ndr_print *ndr, const char *name, const struct QUERY_SERVICE_CONFIG *r); +size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG *r, int flags); void ndr_print_svcctl_CloseServiceHandle(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_CloseServiceHandle *r); void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_ControlService *r); void ndr_print_svcctl_DeleteService(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_DeleteService *r); diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index 05184e6785..2349b4fd93 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -1392,7 +1392,7 @@ static bool api_svcctl_QueryServiceConfigW(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.query = talloc_zero_array(r, uint8_t, r->in.buf_size); + r->out.query = talloc_zero(r, struct QUERY_SERVICE_CONFIG); if (r->out.query == NULL) { talloc_free(r); return false; diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index b7f39a9b02..42ed039784 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -99,6 +99,18 @@ enum SERVICE_CONTROL #define SC_RIGHT_SVC_INTERROGATE ( 0x0080 ) #define SC_RIGHT_SVC_USER_DEFINED_CONTROL ( 0x0100 ) +struct QUERY_SERVICE_CONFIG { + uint32_t service_type; + uint32_t start_type; + uint32_t error_control; + const char *executablepath;/* [unique,range(0,8192),charset(UTF16)] */ + const char *loadordergroup;/* [unique,range(0,8192),charset(UTF16)] */ + uint32_t tag_id; + const char *dependencies;/* [unique,range(0,8192),charset(UTF16)] */ + const char *startname;/* [unique,range(0,8192),charset(UTF16)] */ + const char *displayname;/* [unique,range(0,8192),charset(UTF16)] */ +}/* [gensize,public] */; + struct svcctl_CloseServiceHandle { struct { @@ -360,12 +372,12 @@ struct svcctl_OpenServiceW { struct svcctl_QueryServiceConfigW { struct { struct policy_handle *handle;/* [ref] */ - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *query; - uint32_t *bytes_needed;/* [ref] */ + struct QUERY_SERVICE_CONFIG *query;/* [ref] */ + uint32_t *bytes_needed;/* [ref,range(0,8192)] */ WERROR result; } out; |