diff options
Diffstat (limited to 'source3/rpc_parse/parse_samr.c')
-rw-r--r-- | source3/rpc_parse/parse_samr.c | 125 |
1 files changed, 83 insertions, 42 deletions
diff --git a/source3/rpc_parse/parse_samr.c b/source3/rpc_parse/parse_samr.c index 74386e7f99..c41d7014bd 100644 --- a/source3/rpc_parse/parse_samr.c +++ b/source3/rpc_parse/parse_samr.c @@ -1300,7 +1300,7 @@ BOOL samr_io_r_enum_dom_users(char *desc, SAMR_R_ENUM_DOM_USERS *r_u, prs_struct if ((r_u->sam == NULL || r_u->uni_acct_name == NULL) && r_u->num_entries2 != 0) { - DEBUG(0,("NULL pointers in SAMR_R_QUERY_DISPINFO\n")); + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_USERS\n")); r_u->num_entries4 = 0; r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; return False; @@ -2803,8 +2803,7 @@ makes a SAMR_R_ENUM_DOM_GROUPS structure. ********************************************************************/ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, uint32 next_idx, - uint32 num_sam_entries, DOMAIN_GRP *grps, - uint32 status) + uint32 num_sam_entries, DOMAIN_GRP *grps, uint32 status) { uint32 i; @@ -2812,23 +2811,25 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, DEBUG(5,("make_samr_r_enum_dom_groups\n")); - if (num_sam_entries >= MAX_SAM_ENTRIES) - { - num_sam_entries = MAX_SAM_ENTRIES; - DEBUG(5,("limiting number of entries to %d\n", - num_sam_entries)); - } - - r_u->next_idx = next_idx; - r_u->ptr_entries1 = 1; - r_u->num_entries2 = num_sam_entries; + r_u->next_idx = next_idx; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; - if (num_sam_entries > 0) + if (num_sam_entries != 0) { + r_u->ptr_entries1 = 1; r_u->ptr_entries2 = 1; + r_u->num_entries2 = num_sam_entries; r_u->num_entries3 = num_sam_entries; - SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries); + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + + if (r_u->sam == NULL || r_u->uni_grp_name == NULL) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n")); + return False; + } for (i = 0; i < num_sam_entries; i++) { @@ -2845,7 +2846,9 @@ BOOL make_samr_r_enum_dom_groups(SAMR_R_ENUM_DOM_GROUPS *r_u, } else { - r_u->num_entries4 = 0; + r_u->ptr_entries1 = 0; + r_u->num_entries2 = num_sam_entries; + r_u->ptr_entries2 = 1; } r_u->status = status; @@ -2865,30 +2868,48 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru prs_debug(ps, depth, desc, "samr_io_r_enum_dom_groups"); depth++; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; + prs_align(ps); prs_uint32("next_idx ", ps, depth, &(r_u->next_idx )); prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1)); - prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); - - if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0) + + if (r_u->ptr_entries1 != 0) { + prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2)); prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3)); - SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2); + if (ps->io) + { + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + } + + if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_GROUPS\n")); + r_u->num_entries4 = 0; + r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; + return False; + } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); sam_io_sam_entry("", &(r_u->sam[i]), ps, depth); } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth); } prs_align(ps); + } prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4)); @@ -2897,7 +2918,6 @@ BOOL samr_io_r_enum_dom_groups(char *desc, SAMR_R_ENUM_DOM_GROUPS *r_u, prs_stru return True; } - /******************************************************************* makes a SAMR_Q_ENUM_DOM_ALIASES structure. ********************************************************************/ @@ -2946,8 +2966,7 @@ makes a SAMR_R_ENUM_DOM_ALIASES structure. ********************************************************************/ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, uint32 next_idx, - uint32 num_sam_entries, LOCAL_GRP *alss, - uint32 status) + uint32 num_sam_entries, LOCAL_GRP *alss, uint32 status) { uint32 i; @@ -2955,23 +2974,25 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, DEBUG(5,("make_samr_r_enum_dom_aliases\n")); - if (num_sam_entries >= MAX_SAM_ENTRIES) - { - num_sam_entries = MAX_SAM_ENTRIES; - DEBUG(5,("limiting number of entries to %d\n", - num_sam_entries)); - } - - r_u->next_idx = next_idx; - r_u->ptr_entries1 = 1; - r_u->num_entries2 = num_sam_entries; + r_u->next_idx = next_idx; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; - if (num_sam_entries > 0) + if (num_sam_entries != 0) { + r_u->ptr_entries1 = 1; r_u->ptr_entries2 = 1; + r_u->num_entries2 = num_sam_entries; r_u->num_entries3 = num_sam_entries; - SMB_ASSERT_ARRAY(r_u->sam, num_sam_entries); + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + + if (r_u->sam == NULL || r_u->uni_grp_name == NULL) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n")); + return False; + } for (i = 0; i < num_sam_entries; i++) { @@ -2981,14 +3002,16 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, acct_name_len, alss[i].rid); - make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name , acct_name_len); + make_unistr2(&(r_u->uni_grp_name[i]), alss[i].name, acct_name_len); } r_u->num_entries4 = num_sam_entries; } else { - r_u->num_entries4 = 0; + r_u->ptr_entries1 = 0; + r_u->num_entries2 = num_sam_entries; + r_u->ptr_entries2 = 1; } r_u->status = status; @@ -2999,7 +3022,7 @@ BOOL make_samr_r_enum_dom_aliases(SAMR_R_ENUM_DOM_ALIASES *r_u, /******************************************************************* reads or writes a structure. ********************************************************************/ -BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth) +BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_struct *ps, int depth) { uint32 i; @@ -3008,30 +3031,48 @@ BOOL samr_io_r_enum_dom_aliases(char *desc, SAMR_R_ENUM_DOM_ALIASES *r_u, prs_s prs_debug(ps, depth, desc, "samr_io_r_enum_dom_aliases"); depth++; + r_u->sam = NULL; + r_u->uni_grp_name = NULL; + prs_align(ps); prs_uint32("next_idx ", ps, depth, &(r_u->next_idx )); prs_uint32("ptr_entries1", ps, depth, &(r_u->ptr_entries1)); - prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); - - if (r_u->num_entries2 != 0 && r_u->ptr_entries1 != 0) + + if (r_u->ptr_entries1 != 0) { + prs_uint32("num_entries2", ps, depth, &(r_u->num_entries2)); prs_uint32("ptr_entries2", ps, depth, &(r_u->ptr_entries2)); prs_uint32("num_entries3", ps, depth, &(r_u->num_entries3)); - SMB_ASSERT_ARRAY(r_u->sam, r_u->num_entries2); + if (ps->io) + { + r_u->sam = (SAM_ENTRY*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->sam[0])); + r_u->uni_grp_name = (UNISTR2*)Realloc(NULL, r_u->num_entries2 * sizeof(r_u->uni_grp_name[0])); + } + + if ((r_u->sam == NULL || r_u->uni_grp_name == NULL) && r_u->num_entries2 != 0) + { + DEBUG(0,("NULL pointers in SAMR_R_ENUM_DOM_ALIASES\n")); + r_u->num_entries4 = 0; + r_u->status = 0xC0000000|NT_STATUS_MEMORY_NOT_ALLOCATED; + return False; + } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); sam_io_sam_entry("", &(r_u->sam[i]), ps, depth); } for (i = 0; i < r_u->num_entries2; i++) { + prs_grow(ps); smb_io_unistr2("", &(r_u->uni_grp_name[i]), r_u->sam[i].hdr_name.buffer, ps, depth); } prs_align(ps); + } prs_uint32("num_entries4", ps, depth, &(r_u->num_entries4)); |