diff options
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_pipe.c | 30 | ||||
| -rw-r--r-- | source3/rpc_server/srv_pipe_hnd.c | 210 | ||||
| -rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 16 |
3 files changed, 77 insertions, 179 deletions
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c index f6746367bb..6f650c7e5e 100644 --- a/source3/rpc_server/srv_pipe.c +++ b/source3/rpc_server/srv_pipe.c @@ -167,17 +167,19 @@ BOOL create_next_pdu(pipes_struct *p) * data. */ - prs_init( &outgoing_pdu, 0, 4, MARSHALL); + prs_init( &outgoing_pdu, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* Store the header in the data stream. */ if(!smb_io_rpc_hdr("hdr", &p->hdr, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); return False; } @@ -189,6 +191,7 @@ BOOL create_next_pdu(pipes_struct *p) if(!prs_append_data(&outgoing_pdu, data_from, data_len)) { DEBUG(0,("create_next_pdu: failed to copy %u bytes of data.\n", (unsigned int)data_len)); + prs_mem_free(&outgoing_pdu); return False; } @@ -216,6 +219,7 @@ BOOL create_next_pdu(pipes_struct *p) (auth_verify ? RPC_HDR_AUTH_LEN : 0), (auth_verify ? 1 : 0)); if(!smb_io_rpc_hdr_auth("hdr_auth", &auth_info, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_HDR_AUTH.\n")); + prs_mem_free(&outgoing_pdu); return False; } } @@ -230,6 +234,7 @@ BOOL create_next_pdu(pipes_struct *p) auth_data = prs_data_p(&outgoing_pdu) + prs_offset(&outgoing_pdu) + 4; if(!smb_io_rpc_auth_ntlmssp_chk("auth_sign", &ntlmssp_chk, &outgoing_pdu, 0)) { DEBUG(0,("create_next_pdu: failed to marshall RPC_AUTH_NTLMSSP_CHK.\n")); + prs_mem_free(&outgoing_pdu); return False; } NTLMSSPcalc_p(p, (uchar*)auth_data, RPC_AUTH_NTLMSSP_CHK_LEN - 4); @@ -244,6 +249,7 @@ BOOL create_next_pdu(pipes_struct *p) p->out_data.current_pdu_len = p->hdr.frag_len; p->out_data.current_pdu_sent = 0; + prs_mem_free(&outgoing_pdu); return True; } @@ -566,7 +572,7 @@ static BOOL setup_bind_nak(pipes_struct *p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_rpc, 0, 4, MARSHALL); + prs_init( &outgoing_rpc, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); @@ -583,6 +589,7 @@ static BOOL setup_bind_nak(pipes_struct *p) if(!smb_io_rpc_hdr("", &nak_hdr, &outgoing_rpc, 0)) { DEBUG(0,("setup_bind_nak: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_rpc); return False; } @@ -590,8 +597,10 @@ static BOOL setup_bind_nak(pipes_struct *p) * Now add the reject reason. */ - if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) + if(!prs_uint16("reject code", &outgoing_rpc, 0, &zero)) { + prs_mem_free(&outgoing_rpc); return False; + } p->out_data.data_sent_length = 0; p->out_data.current_pdu_len = prs_offset(&outgoing_rpc); @@ -622,7 +631,7 @@ BOOL setup_fault_pdu(pipes_struct *p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_pdu, 0, 4, MARSHALL); + prs_init( &outgoing_pdu, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_pdu, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -647,16 +656,19 @@ BOOL setup_fault_pdu(pipes_struct *p) if(!smb_io_rpc_hdr("", &fault_hdr, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: marshalling of RPC_HDR failed.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_resp("resp", &hdr_resp, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_RESP.\n")); + prs_mem_free(&outgoing_pdu); return False; } if(!smb_io_rpc_hdr_fault("fault", &fault_resp, &outgoing_pdu, 0)) { DEBUG(0,("setup_fault_pdu: failed to marshall RPC_HDR_FAULT.\n")); + prs_mem_free(&outgoing_pdu); return False; } @@ -664,6 +676,7 @@ BOOL setup_fault_pdu(pipes_struct *p) p->out_data.current_pdu_len = prs_offset(&outgoing_pdu); p->out_data.current_pdu_sent = 0; + prs_mem_free(&outgoing_pdu); return True; } @@ -835,7 +848,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) * header and are never sending more than one PDU here. */ - prs_init( &outgoing_rpc, 0, 4, MARSHALL); + prs_init( &outgoing_rpc, 0, 4, p->mem_ctx, MARSHALL); prs_give_memory( &outgoing_rpc, (char *)p->out_data.current_pdu, sizeof(p->out_data.current_pdu), False); /* @@ -843,13 +856,15 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) * auth footers. */ - if(!prs_init(&out_hdr_ba, 1024, 4, MARSHALL)) { + if(!prs_init(&out_hdr_ba, 1024, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("api_pipe_bind_req: malloc out_hdr_ba failed.\n")); + prs_mem_free(&outgoing_rpc); return False; } - if(!prs_init(&out_auth, 1024, 4, MARSHALL)) { + if(!prs_init(&out_auth, 1024, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pi_pipe_bind_req: malloc out_auth failed.\n")); + prs_mem_free(&outgoing_rpc); prs_mem_free(&out_hdr_ba); return False; } @@ -984,6 +999,7 @@ BOOL api_pipe_bind_req(pipes_struct *p, prs_struct *rpc_in_p) err_exit: + prs_mem_free(&outgoing_rpc); prs_mem_free(&out_hdr_ba); prs_mem_free(&out_auth); return False; diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c index faba41b925..e51bc5ae4d 100644 --- a/source3/rpc_server/srv_pipe_hnd.c +++ b/source3/rpc_server/srv_pipe_hnd.c @@ -78,8 +78,10 @@ void init_rpc_pipe_hnd(void) Initialise an outgoing packet. ****************************************************************************/ -static BOOL pipe_init_outgoing_data(output_data *o_data) +static BOOL pipe_init_outgoing_data(pipes_struct *p) { + output_data *o_data = &p->out_data; + /* Reset the offset counters. */ o_data->data_sent_length = 0; o_data->current_pdu_len = 0; @@ -94,7 +96,7 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) * Initialize the outgoing RPC data buffer. * we will use this as the raw data area for replying to rpc requests. */ - if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&o_data->rdata, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("pipe_init_outgoing_data: malloc fail.\n")); return False; } @@ -103,60 +105,6 @@ static BOOL pipe_init_outgoing_data(output_data *o_data) } /**************************************************************************** - Attempt to find a remote process to communicate RPC's with. -****************************************************************************/ - -#if 0 - -static void attempt_remote_rpc_connect(pipes_struct *p) -{ - struct user_creds usr; - user_struct *vuser = get_valid_user_struct(p->vuid); - - p->m = NULL; - - if (vuser == NULL) { - DEBUG(4,("attempt_remote_rpc_connect: invalid vuid %d\n", (int)p->vuid)); - return; - } - - ZERO_STRUCT(usr); - - /* set up unix credentials from the smb side, to feed over the pipe */ - make_creds_unix(&usr.uxc, vuser->user.unix_name, vuser->user.smb_name, - vuser->user.full_name, vuser->guest); - usr.ptr_uxc = 1; - make_creds_unix_sec(&usr.uxs, vuser->uid, vuser->gid, - vuser->n_groups, vuser->groups); - usr.ptr_uxs = 1; - - usr.ptr_ssk = 1; - DEBUG(10,("user session key not available (yet).\n")); - DEBUG(10,("password-change operations may fail.\n")); - -#if USER_SESSION_KEY_DEFINED_IN_VUSER_STRUCT - memcpy(usr.usr_sess_key, vuser->usr_sess_key, sizeof(usr.usr_sess_key)); -#else - memset(usr.usr_sess_key, 0, sizeof(usr.usr_sess_key)); -#endif - - /* set up nt credentials from the smb side, to feed over the pipe */ - /* lkclXXXX todo! - make_creds_nt(&usr.ntc); - make_creds_nt_sec(&usr.nts); - */ - - become_root(); /* to connect to pipe */ - p->m = msrpc_use_add(p->name, sys_getpid(), &usr, False); - unbecome_root(); - - if (p->m == NULL) - DEBUG(10,("attempt_remote_rpc_connect: msrpc redirect failed - using local implementation.\n")); -} - -#endif - -/**************************************************************************** Find first available pipe slot. ****************************************************************************/ @@ -196,6 +144,12 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, ZERO_STRUCTP(p); + if ((p->mem_ctx = talloc_init()) == NULL) { + DEBUG(0,("open_rpc_pipe_p: talloc_init failed.\n")); + free(p); + return NULL; + } + DLIST_ADD(Pipes, p); /* @@ -205,7 +159,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, * change the type to UNMARSALLING before processing the stream. */ - if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, MARSHALL)) { + if(!prs_init(&p->in_data.data, MAX_PDU_FRAG_LEN, 4, p->mem_ctx, MARSHALL)) { DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n")); return NULL; } @@ -250,7 +204,7 @@ pipes_struct *open_rpc_pipe_p(char *pipe_name, /* * Initialize the outgoing RPC data buffer with no memory. */ - prs_init(&p->out_data.rdata, 0, 4, MARSHALL); + prs_init(&p->out_data.rdata, 0, 4, p->mem_ctx, MARSHALL); ZERO_STRUCT(p->pipe_user); @@ -332,7 +286,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) return -1; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, (char *)&p->in_data.current_in_pdu[0], p->in_data.pdu_received_len, False); @@ -344,6 +298,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(!smb_io_rpc_hdr("", &p->hdr, &rpc_in, 0)) { DEBUG(0,("unmarshall_rpc_header: failed to unmarshall RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -354,6 +309,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if(p->hdr.major != 5 && p->hdr.minor != 0) { DEBUG(0,("unmarshall_rpc_header: invalid major/minor numbers in RPC_HDR.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -366,6 +322,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.pkt_type == RPC_REQUEST) && (prs_offset(&p->in_data.data) == 0) && !(p->hdr.flags & RPC_FLG_FIRST)) { DEBUG(0,("unmarshall_rpc_header: FIRST flag not set in first PDU !\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -376,6 +333,7 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) if((p->hdr.frag_len < RPC_HEADER_LEN) || (p->hdr.frag_len > MAX_PDU_FRAG_LEN)) { DEBUG(0,("unmarshall_rpc_header: assert on frag length failed.\n")); set_incoming_fault(p); + prs_mem_free(&rpc_in); return -1; } @@ -394,6 +352,8 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p) memset((char *)&p->in_data.current_in_pdu[0], '\0', RPC_HEADER_LEN); + prs_mem_free(&rpc_in); + return 0; /* No extra data processed. */ } @@ -505,7 +465,7 @@ authentication failed. Denying the request.\n", p->name)); * Process the complete data stream here. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) ret = api_pipe_request(p); /* @@ -536,6 +496,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) char *data_p = (char *)&p->in_data.current_in_pdu[0]; BOOL reply = False; + if (p->mem_ctx) { + talloc_destroy_pool(p->mem_ctx); + } else { + p->mem_ctx = talloc_init(); + if (p->mem_ctx == NULL) + p->fault_state = True; + } + if(p->fault_state) { DEBUG(10,("process_complete_pdu: pipe %s in fault state.\n", p->name )); @@ -544,7 +512,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) return (ssize_t)data_len; } - prs_init( &rpc_in, 0, 4, UNMARSHALL); + prs_init( &rpc_in, 0, 4, p->mem_ctx, UNMARSHALL); prs_give_memory( &rpc_in, data_p, (uint32)data_len, False); DEBUG(10,("process_complete_pdu: processing packet type %u\n", @@ -556,14 +524,14 @@ static ssize_t process_complete_pdu(pipes_struct *p) /* * We assume that a pipe bind is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_req(p, &rpc_in); break; case RPC_BINDRESP: /* * We assume that a pipe bind_resp is only in one pdu. */ - if(pipe_init_outgoing_data(&p->out_data)) + if(pipe_init_outgoing_data(p)) reply = api_pipe_bind_auth_resp(p, &rpc_in); break; case RPC_REQUEST: @@ -578,6 +546,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on pipe %s\n", p->pipe_srv_name)); set_incoming_fault(p); setup_fault_pdu(p); + prs_mem_free(&rpc_in); } else { /* * Reset the lengths. We're ready for a new pdu. @@ -586,6 +555,7 @@ static ssize_t process_complete_pdu(pipes_struct *p) p->in_data.pdu_received_len = 0; } + prs_mem_free(&rpc_in); return (ssize_t)data_len; } @@ -687,14 +657,7 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) DEBUG(10,("write_to_pipe: data_left = %u\n", (unsigned int)data_left )); - /* - * Deal with the redirect to the remote RPC daemon. - */ - - if(p->m) - data_used = write(p->m->fd, data, data_left); - else - data_used = process_incoming_data(p, data, data_left); + data_used = process_incoming_data(p, data, data_left); DEBUG(10,("write_to_pipe: data_used = %d\n", (int)data_used )); @@ -709,70 +672,6 @@ ssize_t write_to_pipe(pipes_struct *p, char *data, size_t n) } /**************************************************************************** - Gets data from a remote TNG daemon. Gets data from the remote daemon into - the outgoing prs_struct. - - NB. Note to Luke : This code will be broken until Luke implements a length - field before reply data... - -****************************************************************************/ - -static BOOL read_from_remote(pipes_struct *p) -{ - uint32 data_len; - uint32 data_len_left; - - if(prs_offset(&p->out_data.rdata) == 0) { - - ssize_t len = 0; - - /* - * Read all the reply data as a stream of pre-created - * PDU's from the remote deamon into the rdata struct. - */ - - /* - * Create the response data buffer. - */ - - if(!pipe_init_outgoing_data(&p->out_data)) { - DEBUG(0,("read_from_remote: failed to create outgoing buffer.\n")); - return False; - } - - /* Read from remote here. */ - if((len = read_with_timeout(p->m->fd, prs_data_p(&p->out_data.rdata), 1, 65536, 10000)) < 0) { - DEBUG(0,("read_from_remote: failed to read from external daemon.\n")); - prs_mem_free(&p->out_data.rdata); - return False; - } - - /* Set the length we got. */ - prs_set_offset(&p->out_data.rdata, (uint32)len); - } - - /* - * The amount we send is the minimum of the available - * space and the amount left to send. - */ - - data_len_left = prs_offset(&p->out_data.rdata) - p->out_data.data_sent_length; - - /* - * Ensure there really is data left to send. - */ - - if(!data_len_left) { - DEBUG(0,("read_from_remote: no data left to send !\n")); - return False; - } - - data_len = MIN(data_len_left, MAX_PDU_FRAG_LEN); - - return False; /* Notfinished... */ -} - -/**************************************************************************** Replies to a request to read data from a pipe. Headers are interspersed with the data at PDU intervals. By the time @@ -844,28 +743,16 @@ returning %d bytes.\n", p->name, (unsigned int)p->out_data.current_pdu_len, return 0; } - if(p->m) { - /* - * Remote to the RPC daemon. - */ - if(!read_from_remote(p)) { - DEBUG(0,("read_from_pipe: %s: read_from_remote failed.\n", p->name )); - return -1; - } - - } else { - - /* - * We need to create a new PDU from the data left in p->rdata. - * Create the header/data/footers. This also sets up the fields - * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length - * and stores the outgoing PDU in p->current_pdu. - */ + /* + * We need to create a new PDU from the data left in p->rdata. + * Create the header/data/footers. This also sets up the fields + * p->current_pdu_len, p->current_pdu_sent, p->data_sent_length + * and stores the outgoing PDU in p->current_pdu. + */ - if(!create_next_pdu(p)) { - DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); - return -1; - } + if(!create_next_pdu(p)) { + DEBUG(0,("read_from_pipe: %s: create_next_pdu failed.\n", p->name)); + return -1; } data_returned = MIN(n, p->out_data.current_pdu_len); @@ -937,18 +824,13 @@ BOOL close_rpc_pipe_hnd(pipes_struct *p, connection_struct *conn) prs_mem_free(&p->out_data.rdata); prs_mem_free(&p->in_data.data); + if (p->mem_ctx) + talloc_destroy(p->mem_ctx); + bitmap_clear(bmap, p->pnum - pipe_handle_offset); pipes_open--; - if (p->m != NULL) { - DEBUG(4,("close_rpc_pipe_hnd: closing msrpc redirect: ")); - if (msrpc_use_del(p->m->pipe_name, &p->m->usr, False, NULL)) - DEBUG(4,("OK\n")); - else - DEBUG(4,("FAILED\n")); - } - DEBUG(4,("closed pipe name %s pnum=%x (pipes_open=%d)\n", p->name, p->pnum, pipes_open)); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 76dff789c6..c9d81e1cba 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -2490,7 +2490,7 @@ uint32 _spoolss_getprinter(POLICY_HND *handle, uint32 level, ********************************************************************/ static void fill_printer_driver_info_1(DRIVER_INFO_1 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername, fstring architecture) { - init_unistr( &(info->name), driver.info_3->name); + init_unistr( &info->name, driver.info_3->name); } /******************************************************************** @@ -3336,7 +3336,7 @@ static BOOL fill_job_info_2(JOB_INFO_2 *job_info, print_queue_struct *queue, snprintf(chaine, sizeof(chaine)-1, "\\\\%s\\%s", global_myname, ntprinter->info_2->printername); - init_unistr(&(job_info->printername), chaine); + init_unistr(&job_info->printername, chaine); init_unistr(&job_info->machinename, temp_name); init_unistr(&job_info->username, queue->user); @@ -4506,7 +4506,7 @@ static uint32 enumprintprocessors_level_1(NEW_BUFFER *buffer, uint32 offered, ui (*returned) = 0x1; - init_unistr(&(info_1->name), "winprint"); + init_unistr(&info_1->name, "winprint"); *needed += spoolss_size_printprocessor_info_1(info_1); @@ -4565,7 +4565,7 @@ static uint32 enumprintprocdatatypes_level_1(NEW_BUFFER *buffer, uint32 offered, (*returned) = 0x1; - init_unistr(&(info_1->name), "RAW"); + init_unistr(&info_1->name, "RAW"); *needed += spoolss_size_printprocdatatype_info_1(info_1); @@ -4617,7 +4617,7 @@ static uint32 enumprintmonitors_level_1(NEW_BUFFER *buffer, uint32 offered, uint (*returned) = 0x1; - init_unistr(&(info_1->name), "Local Port"); + init_unistr(&info_1->name, "Local Port"); *needed += spoolss_size_printmonitor_info_1(info_1); @@ -4648,9 +4648,9 @@ static uint32 enumprintmonitors_level_2(NEW_BUFFER *buffer, uint32 offered, uint (*returned) = 0x1; - init_unistr(&(info_2->name), "Local Port"); - init_unistr(&(info_2->environment), "Windows NT X86"); - init_unistr(&(info_2->dll_name), "localmon.dll"); + init_unistr(&info_2->name, "Local Port"); + init_unistr(&info_2->environment, "Windows NT X86"); + init_unistr(&info_2->dll_name, "localmon.dll"); *needed += spoolss_size_printmonitor_info_2(info_2); |