summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
Diffstat (limited to 'source3')
-rw-r--r--source3/include/proto.h3
-rw-r--r--source3/include/rpc_svcctl.h8
-rw-r--r--source3/libnet/libnet_samsync_keytab.c2
-rw-r--r--source3/librpc/gen_ndr/cli_svcctl.c36
-rw-r--r--source3/librpc/gen_ndr/cli_svcctl.h34
-rw-r--r--source3/librpc/gen_ndr/ndr_svcctl.c216
-rw-r--r--source3/librpc/gen_ndr/ndr_svcctl.h1
-rw-r--r--source3/librpc/gen_ndr/srv_svcctl.c6
-rw-r--r--source3/librpc/gen_ndr/svcctl.h48
-rw-r--r--source3/locale/pam_winbind/de.po27
-rw-r--r--source3/modules/vfs_readonly.c13
-rw-r--r--source3/modules/vfs_streams_depot.c10
-rw-r--r--source3/nsswitch/pam_winbind.c12
-rw-r--r--source3/rpc_server/srv_svcctl_nt.c6
-rw-r--r--source3/rpcclient/cmd_ntsvcs.c6
-rw-r--r--source3/smbd/share_access.c6
-rw-r--r--source3/smbd/uid.c3
-rw-r--r--source3/utils/net_rap.c9
-rw-r--r--source3/winbindd/winbindd_passdb.c4
19 files changed, 284 insertions, 166 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5f9203a21f..33425849d1 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -8459,7 +8459,8 @@ bool user_ok_token(const char *username, const char *domain,
struct nt_user_token *token, int snum);
bool is_share_read_only_for_token(const char *username,
const char *domain,
- struct nt_user_token *token, int snum);
+ struct nt_user_token *token,
+ connection_struct *conn);
/* The following definitions come from smbd/srvstr.c */
diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h
index 27858405e7..7dd849d5b4 100644
--- a/source3/include/rpc_svcctl.h
+++ b/source3/include/rpc_svcctl.h
@@ -103,14 +103,6 @@
#define SVCCTL_DEMAND_START 0x00000003
#define SVCCTL_DISABLED 0x00000004
-/* Service Controls */
-
-#define SVCCTL_CONTROL_STOP 0x00000001
-#define SVCCTL_CONTROL_PAUSE 0x00000002
-#define SVCCTL_CONTROL_CONTINUE 0x00000003
-#define SVCCTL_CONTROL_INTERROGATE 0x00000004
-#define SVCCTL_CONTROL_SHUTDOWN 0x00000005
-
#define SVC_HANDLE_IS_SCM 0x0000001
#define SVC_HANDLE_IS_SERVICE 0x0000002
#define SVC_HANDLE_IS_DBLOCK 0x0000003
diff --git a/source3/libnet/libnet_samsync_keytab.c b/source3/libnet/libnet_samsync_keytab.c
index 4b0cc06d94..0341641a4c 100644
--- a/source3/libnet/libnet_samsync_keytab.c
+++ b/source3/libnet/libnet_samsync_keytab.c
@@ -90,7 +90,7 @@ static NTSTATUS fetch_sam_entry_keytab(TALLOC_CTX *mem_ctx,
ctx->dns_domain_name);
entry.password = data_blob_talloc(mem_ctx, r->ntpassword.hash, 16);
entry.kvno = ads_get_kvno(ctx->ads, entry.name);
- entry.enctype = ENCTYPE_NULL;
+ entry.enctype = ENCTYPE_ARCFOUR_HMAC;
NT_STATUS_HAVE_NO_MEMORY(entry.name);
NT_STATUS_HAVE_NO_MEMORY(entry.principal);
diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c
index e5fd4dac87..9f11a40d7e 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.c
+++ b/source3/librpc/gen_ndr/cli_svcctl.c
@@ -53,7 +53,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli,
NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
- uint32_t control /* [in] */,
+ enum SERVICE_CONTROL control /* [in] */,
struct SERVICE_STATUS *service_status /* [out] [ref] */,
WERROR *werror)
{
@@ -702,10 +702,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli,
struct policy_handle *handle /* [in] [ref] */,
uint32_t type /* [in] */,
uint32_t state /* [in] */,
- uint32_t buf_size /* [in] */,
- uint8_t *service /* [out] [size_is(buf_size)] */,
- uint32_t *bytes_needed /* [out] [ref] */,
- uint32_t *services_returned /* [out] [ref] */,
+ uint8_t *service /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,262144)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+ uint32_t *services_returned /* [out] [ref,range(0,262144)] */,
uint32_t *resume_handle /* [in,out] [unique] */,
WERROR *werror)
{
@@ -1976,9 +1976,9 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
uint32_t info_level /* [in] */,
- uint8_t *buffer /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
+ uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,8192)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
WERROR *werror)
{
struct svcctl_QueryServiceConfig2W r;
@@ -2027,9 +2027,9 @@ NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
uint32_t info_level /* [in] */,
- uint8_t *buffer /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
+ uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,8192)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
WERROR *werror)
{
struct svcctl_QueryServiceStatusEx r;
@@ -2144,12 +2144,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
uint32_t info_level /* [in] */,
uint32_t type /* [in] */,
uint32_t state /* [in] */,
- uint8_t *services /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
- uint32_t *service_returned /* [out] [ref] */,
- uint32_t *resume_handle /* [in,out] [unique] */,
- const char **group_name /* [out] [ref,charset(UTF16)] */,
+ uint8_t *services /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,262144)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+ uint32_t *service_returned /* [out] [ref,range(0,262144)] */,
+ uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */,
+ const char *group_name /* [in] [unique,charset(UTF16)] */,
WERROR *werror)
{
struct EnumServicesStatusExW r;
@@ -2162,6 +2162,7 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
r.in.state = state;
r.in.buf_size = buf_size;
r.in.resume_handle = resume_handle;
+ r.in.group_name = group_name;
if (DEBUGLEVEL >= 10) {
NDR_PRINT_IN_DEBUG(EnumServicesStatusExW, &r);
@@ -2192,7 +2193,6 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
if (resume_handle && r.out.resume_handle) {
*resume_handle = *r.out.resume_handle;
}
- *group_name = *r.out.group_name;
/* Return result */
if (werror) {
diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h
index 02abbadf1e..78c9bf40d8 100644
--- a/source3/librpc/gen_ndr/cli_svcctl.h
+++ b/source3/librpc/gen_ndr/cli_svcctl.h
@@ -8,7 +8,7 @@ NTSTATUS rpccli_svcctl_CloseServiceHandle(struct rpc_pipe_client *cli,
NTSTATUS rpccli_svcctl_ControlService(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
- uint32_t control /* [in] */,
+ enum SERVICE_CONTROL control /* [in] */,
struct SERVICE_STATUS *service_status /* [out] [ref] */,
WERROR *werror);
NTSTATUS rpccli_svcctl_DeleteService(struct rpc_pipe_client *cli,
@@ -104,10 +104,10 @@ NTSTATUS rpccli_svcctl_EnumServicesStatusW(struct rpc_pipe_client *cli,
struct policy_handle *handle /* [in] [ref] */,
uint32_t type /* [in] */,
uint32_t state /* [in] */,
- uint32_t buf_size /* [in] */,
- uint8_t *service /* [out] [size_is(buf_size)] */,
- uint32_t *bytes_needed /* [out] [ref] */,
- uint32_t *services_returned /* [out] [ref] */,
+ uint8_t *service /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,262144)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+ uint32_t *services_returned /* [out] [ref,range(0,262144)] */,
uint32_t *resume_handle /* [in,out] [unique] */,
WERROR *werror);
NTSTATUS rpccli_svcctl_OpenSCManagerW(struct rpc_pipe_client *cli,
@@ -292,17 +292,17 @@ NTSTATUS rpccli_svcctl_QueryServiceConfig2W(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
uint32_t info_level /* [in] */,
- uint8_t *buffer /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
+ uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,8192)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
WERROR *werror);
NTSTATUS rpccli_svcctl_QueryServiceStatusEx(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
struct policy_handle *handle /* [in] [ref] */,
uint32_t info_level /* [in] */,
- uint8_t *buffer /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
+ uint8_t *buffer /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,8192)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */,
WERROR *werror);
NTSTATUS rpccli_EnumServicesStatusExA(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
@@ -323,12 +323,12 @@ NTSTATUS rpccli_EnumServicesStatusExW(struct rpc_pipe_client *cli,
uint32_t info_level /* [in] */,
uint32_t type /* [in] */,
uint32_t state /* [in] */,
- uint8_t *services /* [out] */,
- uint32_t buf_size /* [in] */,
- uint32_t *bytes_needed /* [out] [ref] */,
- uint32_t *service_returned /* [out] [ref] */,
- uint32_t *resume_handle /* [in,out] [unique] */,
- const char **group_name /* [out] [ref,charset(UTF16)] */,
+ uint8_t *services /* [out] [ref,size_is(buf_size)] */,
+ uint32_t buf_size /* [in] [range(0,262144)] */,
+ uint32_t *bytes_needed /* [out] [ref,range(0,262144)] */,
+ uint32_t *service_returned /* [out] [ref,range(0,262144)] */,
+ uint32_t *resume_handle /* [in,out] [unique,range(0,262144)] */,
+ const char *group_name /* [in] [unique,charset(UTF16)] */,
WERROR *werror);
NTSTATUS rpccli_svcctl_SCSendTSMessage(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c
index d04c89b9a1..2bccde9ba0 100644
--- a/source3/librpc/gen_ndr/ndr_svcctl.c
+++ b/source3/librpc/gen_ndr/ndr_svcctl.c
@@ -297,6 +297,34 @@ _PUBLIC_ void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *nam
ndr->depth--;
}
+static enum ndr_err_code ndr_push_SERVICE_CONTROL(struct ndr_push *ndr, int ndr_flags, enum SERVICE_CONTROL r)
+{
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_SERVICE_CONTROL(struct ndr_pull *ndr, int ndr_flags, enum SERVICE_CONTROL *r)
+{
+ uint32_t v;
+ NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &v));
+ *r = v;
+ return NDR_ERR_SUCCESS;
+}
+
+_PUBLIC_ void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r)
+{
+ const char *val = NULL;
+
+ switch (r) {
+ case SVCCTL_CONTROL_STOP: val = "SVCCTL_CONTROL_STOP"; break;
+ case SVCCTL_CONTROL_PAUSE: val = "SVCCTL_CONTROL_PAUSE"; break;
+ case SVCCTL_CONTROL_CONTINUE: val = "SVCCTL_CONTROL_CONTINUE"; break;
+ case SVCCTL_CONTROL_INTERROGATE: val = "SVCCTL_CONTROL_INTERROGATE"; break;
+ case SVCCTL_CONTROL_SHUTDOWN: val = "SVCCTL_CONTROL_SHUTDOWN"; break;
+ }
+ ndr_print_enum(ndr, name, "ENUM", val, r);
+}
+
static enum ndr_err_code ndr_push_svcctl_MgrAccessMask(struct ndr_push *ndr, int ndr_flags, uint32_t r)
{
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r));
@@ -646,7 +674,7 @@ static enum ndr_err_code ndr_push_svcctl_ControlService(struct ndr_push *ndr, in
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
}
NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.control));
+ NDR_CHECK(ndr_push_SERVICE_CONTROL(ndr, NDR_SCALARS, r->in.control));
}
if (flags & NDR_OUT) {
if (r->out.service_status == NULL) {
@@ -672,7 +700,7 @@ static enum ndr_err_code ndr_pull_svcctl_ControlService(struct ndr_pull *ndr, in
NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.control));
+ NDR_CHECK(ndr_pull_SERVICE_CONTROL(ndr, NDR_SCALARS, &r->in.control));
NDR_PULL_ALLOC(ndr, r->out.service_status);
ZERO_STRUCTP(r->out.service_status);
}
@@ -703,7 +731,7 @@ _PUBLIC_ void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char
ndr->depth++;
ndr_print_policy_handle(ndr, "handle", r->in.handle);
ndr->depth--;
- ndr_print_uint32(ndr, "control", r->in.control);
+ ndr_print_SERVICE_CONTROL(ndr, "control", r->in.control);
ndr->depth--;
}
if (flags & NDR_OUT) {
@@ -2095,6 +2123,9 @@ static enum ndr_err_code ndr_push_svcctl_EnumServicesStatusW(struct ndr_push *nd
}
}
if (flags & NDR_OUT) {
+ if (r->out.service == NULL) {
+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+ }
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.service, r->in.buf_size));
if (r->out.bytes_needed == NULL) {
@@ -2134,6 +2165,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+ if (r->in.buf_size < 0 || r->in.buf_size > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
if (_ptr_resume_handle) {
NDR_PULL_ALLOC(ndr, r->in.resume_handle);
@@ -2146,6 +2180,8 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0);
}
+ NDR_PULL_ALLOC_N(ndr, r->out.service, r->in.buf_size);
+ memset(r->out.service, 0, (r->in.buf_size) * sizeof(*r->out.service));
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
ZERO_STRUCTP(r->out.bytes_needed);
NDR_PULL_ALLOC(ndr, r->out.services_returned);
@@ -2153,7 +2189,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
}
if (flags & NDR_OUT) {
NDR_CHECK(ndr_pull_array_size(ndr, &r->out.service));
- NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service));
+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+ NDR_PULL_ALLOC_N(ndr, r->out.service, ndr_get_array_size(ndr, &r->out.service));
+ }
NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.service, ndr_get_array_size(ndr, &r->out.service)));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
@@ -2161,6 +2199,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+ if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.services_returned);
@@ -2168,6 +2209,9 @@ static enum ndr_err_code ndr_pull_svcctl_EnumServicesStatusW(struct ndr_pull *nd
_mem_save_services_returned_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.services_returned, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.services_returned));
+ if (*r->out.services_returned < 0 || *r->out.services_returned > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_services_returned_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
if (_ptr_resume_handle) {
@@ -2217,7 +2261,10 @@ _PUBLIC_ void ndr_print_svcctl_EnumServicesStatusW(struct ndr_print *ndr, const
if (flags & NDR_OUT) {
ndr_print_struct(ndr, "out", "svcctl_EnumServicesStatusW");
ndr->depth++;
+ ndr_print_ptr(ndr, "service", r->out.service);
+ ndr->depth++;
ndr_print_array_uint8(ndr, "service", r->out.service, r->in.buf_size);
+ ndr->depth--;
ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
ndr->depth++;
ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5305,6 +5352,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfig2W(struct ndr_push *n
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
}
if (flags & NDR_OUT) {
+ if (r->out.buffer == NULL) {
+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+ }
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
if (r->out.bytes_needed == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5331,20 +5382,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfig2W(struct ndr_pull *n
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+ if (r->in.buf_size < 0 || r->in.buf_size > 8192) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
+ NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
+ memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer));
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
ZERO_STRUCTP(r->out.bytes_needed);
}
if (flags & NDR_OUT) {
- NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
- NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
+ NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer));
+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+ NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer));
+ }
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
}
_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+ if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+ if (r->out.buffer) {
+ NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size));
+ }
}
return NDR_ERR_SUCCESS;
}
@@ -5370,7 +5435,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfig2W(struct ndr_print *ndr, const
if (flags & NDR_OUT) {
ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfig2W");
ndr->depth++;
+ ndr_print_ptr(ndr, "buffer", r->out.buffer);
+ ndr->depth++;
ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size);
+ ndr->depth--;
ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
ndr->depth++;
ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5392,6 +5460,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceStatusEx(struct ndr_push *n
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
}
if (flags & NDR_OUT) {
+ if (r->out.buffer == NULL) {
+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+ }
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
if (r->out.bytes_needed == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5418,20 +5490,34 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceStatusEx(struct ndr_pull *n
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.info_level));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+ if (r->in.buf_size < 0 || r->in.buf_size > 8192) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
+ NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
+ memset(r->out.buffer, 0, (r->in.buf_size) * sizeof(*r->out.buffer));
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
ZERO_STRUCTP(r->out.bytes_needed);
}
if (flags & NDR_OUT) {
- NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buf_size);
- NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buf_size));
+ NDR_CHECK(ndr_pull_array_size(ndr, &r->out.buffer));
+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+ NDR_PULL_ALLOC_N(ndr, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer));
+ }
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.buffer, ndr_get_array_size(ndr, &r->out.buffer)));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
}
_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+ if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+ if (r->out.buffer) {
+ NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buf_size));
+ }
}
return NDR_ERR_SUCCESS;
}
@@ -5457,7 +5543,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceStatusEx(struct ndr_print *ndr, const
if (flags & NDR_OUT) {
ndr_print_struct(ndr, "out", "svcctl_QueryServiceStatusEx");
ndr->depth++;
+ ndr_print_ptr(ndr, "buffer", r->out.buffer);
+ ndr->depth++;
ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buf_size);
+ ndr->depth--;
ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
ndr->depth++;
ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5688,8 +5777,19 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in
if (r->in.resume_handle) {
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->in.resume_handle));
}
+ NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.group_name));
+ if (r->in.group_name) {
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16)));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->in.group_name, CH_UTF16)));
+ NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->in.group_name, ndr_charset_length(r->in.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
+ }
}
if (flags & NDR_OUT) {
+ if (r->out.services == NULL) {
+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
+ }
+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size));
NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size));
if (r->out.bytes_needed == NULL) {
return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
@@ -5703,16 +5803,6 @@ static enum ndr_err_code ndr_push_EnumServicesStatusExW(struct ndr_push *ndr, in
if (r->out.resume_handle) {
NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, *r->out.resume_handle));
}
- if (r->out.group_name == NULL) {
- return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer");
- }
- NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.group_name));
- if (*r->out.group_name) {
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
- NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(*r->out.group_name, CH_UTF16)));
- NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, *r->out.group_name, ndr_charset_length(*r->out.group_name, CH_UTF16), sizeof(uint16_t), CH_UTF16));
- }
NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result));
}
return NDR_ERR_SUCCESS;
@@ -5727,7 +5817,6 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
TALLOC_CTX *_mem_save_service_returned_0;
TALLOC_CTX *_mem_save_resume_handle_0;
TALLOC_CTX *_mem_save_group_name_0;
- TALLOC_CTX *_mem_save_group_name_1;
if (flags & NDR_IN) {
ZERO_STRUCT(r->out);
@@ -5742,6 +5831,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.type));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state));
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size));
+ if (r->in.buf_size < 0 || r->in.buf_size > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
if (_ptr_resume_handle) {
NDR_PULL_ALLOC(ndr, r->in.resume_handle);
@@ -5752,24 +5844,51 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->in.resume_handle, 0);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->in.resume_handle));
+ if (*r->in.resume_handle < 0 || *r->in.resume_handle > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0);
}
+ NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name));
+ if (_ptr_group_name) {
+ NDR_PULL_ALLOC(ndr, r->in.group_name);
+ } else {
+ r->in.group_name = NULL;
+ }
+ if (r->in.group_name) {
+ _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+ NDR_PULL_SET_MEM_CTX(ndr, r->in.group_name, 0);
+ NDR_CHECK(ndr_pull_array_size(ndr, &r->in.group_name));
+ NDR_CHECK(ndr_pull_array_length(ndr, &r->in.group_name));
+ if (ndr_get_array_length(ndr, &r->in.group_name) > ndr_get_array_size(ndr, &r->in.group_name)) {
+ return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->in.group_name), ndr_get_array_length(ndr, &r->in.group_name));
+ }
+ NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t)));
+ NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.group_name, ndr_get_array_length(ndr, &r->in.group_name), sizeof(uint16_t), CH_UTF16));
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, 0);
+ }
+ NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size);
+ memset(r->out.services, 0, (r->in.buf_size) * sizeof(*r->out.services));
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
ZERO_STRUCTP(r->out.bytes_needed);
NDR_PULL_ALLOC(ndr, r->out.service_returned);
ZERO_STRUCTP(r->out.service_returned);
- NDR_PULL_ALLOC(ndr, r->out.group_name);
- ZERO_STRUCTP(r->out.group_name);
}
if (flags & NDR_OUT) {
- NDR_PULL_ALLOC_N(ndr, r->out.services, r->in.buf_size);
- NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, r->in.buf_size));
+ NDR_CHECK(ndr_pull_array_size(ndr, &r->out.services));
+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
+ NDR_PULL_ALLOC_N(ndr, r->out.services, ndr_get_array_size(ndr, &r->out.services));
+ }
+ NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.services, ndr_get_array_size(ndr, &r->out.services)));
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.bytes_needed);
}
_mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed));
+ if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC);
if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
NDR_PULL_ALLOC(ndr, r->out.service_returned);
@@ -5777,6 +5896,9 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
_mem_save_service_returned_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.service_returned, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.service_returned));
+ if (*r->out.service_returned < 0 || *r->out.service_returned > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
+ }
NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_returned_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_resume_handle));
if (_ptr_resume_handle) {
@@ -5788,33 +5910,15 @@ static enum ndr_err_code ndr_pull_EnumServicesStatusExW(struct ndr_pull *ndr, in
_mem_save_resume_handle_0 = NDR_PULL_GET_MEM_CTX(ndr);
NDR_PULL_SET_MEM_CTX(ndr, r->out.resume_handle, 0);
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.resume_handle));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0);
- }
- if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) {
- NDR_PULL_ALLOC(ndr, r->out.group_name);
- }
- _mem_save_group_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, r->out.group_name, LIBNDR_FLAG_REF_ALLOC);
- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_group_name));
- if (_ptr_group_name) {
- NDR_PULL_ALLOC(ndr, *r->out.group_name);
- } else {
- *r->out.group_name = NULL;
- }
- if (*r->out.group_name) {
- _mem_save_group_name_1 = NDR_PULL_GET_MEM_CTX(ndr);
- NDR_PULL_SET_MEM_CTX(ndr, *r->out.group_name, 0);
- NDR_CHECK(ndr_pull_array_size(ndr, r->out.group_name));
- NDR_CHECK(ndr_pull_array_length(ndr, r->out.group_name));
- if (ndr_get_array_length(ndr, r->out.group_name) > ndr_get_array_size(ndr, r->out.group_name)) {
- return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, r->out.group_name), ndr_get_array_length(ndr, r->out.group_name));
+ if (*r->out.resume_handle < 0 || *r->out.resume_handle > 262144) {
+ return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range");
}
- NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t)));
- NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, r->out.group_name, ndr_get_array_length(ndr, r->out.group_name), sizeof(uint16_t), CH_UTF16));
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_1, 0);
+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_resume_handle_0, 0);
}
- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_group_name_0, LIBNDR_FLAG_REF_ALLOC);
NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result));
+ if (r->out.services) {
+ NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.services, r->in.buf_size));
+ }
}
return NDR_ERR_SUCCESS;
}
@@ -5843,12 +5947,21 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char
ndr_print_uint32(ndr, "resume_handle", *r->in.resume_handle);
}
ndr->depth--;
+ ndr_print_ptr(ndr, "group_name", r->in.group_name);
+ ndr->depth++;
+ if (r->in.group_name) {
+ ndr_print_string(ndr, "group_name", r->in.group_name);
+ }
+ ndr->depth--;
ndr->depth--;
}
if (flags & NDR_OUT) {
ndr_print_struct(ndr, "out", "EnumServicesStatusExW");
ndr->depth++;
+ ndr_print_ptr(ndr, "services", r->out.services);
+ ndr->depth++;
ndr_print_array_uint8(ndr, "services", r->out.services, r->in.buf_size);
+ ndr->depth--;
ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed);
ndr->depth++;
ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed);
@@ -5863,15 +5976,6 @@ _PUBLIC_ void ndr_print_EnumServicesStatusExW(struct ndr_print *ndr, const char
ndr_print_uint32(ndr, "resume_handle", *r->out.resume_handle);
}
ndr->depth--;
- ndr_print_ptr(ndr, "group_name", r->out.group_name);
- ndr->depth++;
- ndr_print_ptr(ndr, "group_name", *r->out.group_name);
- ndr->depth++;
- if (*r->out.group_name) {
- ndr_print_string(ndr, "group_name", *r->out.group_name);
- }
- ndr->depth--;
- ndr->depth--;
ndr_print_WERROR(ndr, "result", r->out.result);
ndr->depth--;
}
diff --git a/source3/librpc/gen_ndr/ndr_svcctl.h b/source3/librpc/gen_ndr/ndr_svcctl.h
index 0bebd3401a..8d7739a7db 100644
--- a/source3/librpc/gen_ndr/ndr_svcctl.h
+++ b/source3/librpc/gen_ndr/ndr_svcctl.h
@@ -106,6 +106,7 @@ void ndr_print_ENUM_SERVICE_STATUS(struct ndr_print *ndr, const char *name, cons
enum ndr_err_code ndr_push_svcctl_ServerType(struct ndr_push *ndr, int ndr_flags, uint32_t r);
enum ndr_err_code ndr_pull_svcctl_ServerType(struct ndr_pull *ndr, int ndr_flags, uint32_t *r);
void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *name, uint32_t r);
+void ndr_print_SERVICE_CONTROL(struct ndr_print *ndr, const char *name, enum SERVICE_CONTROL r);
void ndr_print_svcctl_MgrAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const char *name, uint32_t r);
enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r);
diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c
index 2349b4fd93..f37111137e 100644
--- a/source3/librpc/gen_ndr/srv_svcctl.c
+++ b/source3/librpc/gen_ndr/srv_svcctl.c
@@ -3445,12 +3445,6 @@ static bool api_EnumServicesStatusExW(pipes_struct *p)
}
r->out.resume_handle = r->in.resume_handle;
- r->out.group_name = talloc_zero(r, const char *);
- if (r->out.group_name == NULL) {
- talloc_free(r);
- return false;
- }
-
r->out.result = _EnumServicesStatusExW(p, r);
if (p->rng_fault_state) {
diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h
index b098eb1c42..9baa122e56 100644
--- a/source3/librpc/gen_ndr/svcctl.h
+++ b/source3/librpc/gen_ndr/svcctl.h
@@ -81,11 +81,19 @@ struct ENUM_SERVICE_STATUS {
enum SERVICE_CONTROL
#ifndef USE_UINT_ENUMS
{
- FIXME=1
+ SVCCTL_CONTROL_STOP=0x00000001,
+ SVCCTL_CONTROL_PAUSE=0x00000002,
+ SVCCTL_CONTROL_CONTINUE=0x00000003,
+ SVCCTL_CONTROL_INTERROGATE=0x00000004,
+ SVCCTL_CONTROL_SHUTDOWN=0x00000005
}
#else
{ __donnot_use_enum_SERVICE_CONTROL=0x7FFFFFFF}
-#define FIXME ( 1 )
+#define SVCCTL_CONTROL_STOP ( 0x00000001 )
+#define SVCCTL_CONTROL_PAUSE ( 0x00000002 )
+#define SVCCTL_CONTROL_CONTINUE ( 0x00000003 )
+#define SVCCTL_CONTROL_INTERROGATE ( 0x00000004 )
+#define SVCCTL_CONTROL_SHUTDOWN ( 0x00000005 )
#endif
;
@@ -137,7 +145,7 @@ struct svcctl_CloseServiceHandle {
struct svcctl_ControlService {
struct {
struct policy_handle *handle;/* [ref] */
- uint32_t control;
+ enum SERVICE_CONTROL control;
} in;
struct {
@@ -333,14 +341,14 @@ struct svcctl_EnumServicesStatusW {
struct policy_handle *handle;/* [ref] */
uint32_t type;
uint32_t state;
- uint32_t buf_size;
+ uint32_t buf_size;/* [range(0,262144)] */
uint32_t *resume_handle;/* [unique] */
} in;
struct {
- uint8_t *service;/* [size_is(buf_size)] */
- uint32_t *bytes_needed;/* [ref] */
- uint32_t *services_returned;/* [ref] */
+ uint8_t *service;/* [ref,size_is(buf_size)] */
+ uint32_t *bytes_needed;/* [ref,range(0,262144)] */
+ uint32_t *services_returned;/* [ref,range(0,262144)] */
uint32_t *resume_handle;/* [unique] */
WERROR result;
} out;
@@ -721,12 +729,12 @@ struct svcctl_QueryServiceConfig2W {
struct {
struct policy_handle *handle;/* [ref] */
uint32_t info_level;
- uint32_t buf_size;
+ uint32_t buf_size;/* [range(0,8192)] */
} in;
struct {
- uint8_t *buffer;
- uint32_t *bytes_needed;/* [ref] */
+ uint8_t *buffer;/* [ref,size_is(buf_size)] */
+ uint32_t *bytes_needed;/* [ref,range(0,8192)] */
WERROR result;
} out;
@@ -737,12 +745,12 @@ struct svcctl_QueryServiceStatusEx {
struct {
struct policy_handle *handle;/* [ref] */
uint32_t info_level;
- uint32_t buf_size;
+ uint32_t buf_size;/* [range(0,8192)] */
} in;
struct {
- uint8_t *buffer;
- uint32_t *bytes_needed;/* [ref] */
+ uint8_t *buffer;/* [ref,size_is(buf_size)] */
+ uint32_t *bytes_needed;/* [ref,range(0,8192)] */
WERROR result;
} out;
@@ -777,16 +785,16 @@ struct EnumServicesStatusExW {
uint32_t info_level;
uint32_t type;
uint32_t state;
- uint32_t buf_size;
- uint32_t *resume_handle;/* [unique] */
+ uint32_t buf_size;/* [range(0,262144)] */
+ const char *group_name;/* [unique,charset(UTF16)] */
+ uint32_t *resume_handle;/* [unique,range(0,262144)] */
} in;
struct {
- uint8_t *services;
- uint32_t *bytes_needed;/* [ref] */
- uint32_t *service_returned;/* [ref] */
- const char **group_name;/* [ref,charset(UTF16)] */
- uint32_t *resume_handle;/* [unique] */
+ uint8_t *services;/* [ref,size_is(buf_size)] */
+ uint32_t *bytes_needed;/* [ref,range(0,262144)] */
+ uint32_t *service_returned;/* [ref,range(0,262144)] */
+ uint32_t *resume_handle;/* [unique,range(0,262144)] */
WERROR result;
} out;
diff --git a/source3/locale/pam_winbind/de.po b/source3/locale/pam_winbind/de.po
index 642d9d3e12..5a7223d63d 100644
--- a/source3/locale/pam_winbind/de.po
+++ b/source3/locale/pam_winbind/de.po
@@ -7,7 +7,7 @@ msgid ""
msgstr ""
"Project-Id-Version: @PACKAGE@\n"
"Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2008-11-13 17:21+0100\n"
+"POT-Creation-Date: 2008-11-17 12:00+0100\n"
"PO-Revision-Date: 2008-11-13 14:29+0100\n"
"Last-Translator: Guenther Deschner <gd@samba.org>\n"
"MIME-Version: 1.0\n"
@@ -60,25 +60,20 @@ msgid "You are not allowed to logon at this time"
msgstr "Sie können sich zum jetzigen Zeitpunkt nicht anmelden"
#: ../../nsswitch/pam_winbind.c:601
-#, fuzzy
-msgid "Your account has expired. "
-msgstr "Ihr Passwort ist abgelaufen"
-
-#: ../../nsswitch/pam_winbind.c:602 ../../nsswitch/pam_winbind.c:605 ../../nsswitch/pam_winbind.c:608
-msgid "Please contact your System administrator"
-msgstr "Bitte kontaktieren Sie ihren System-Administrator"
+msgid "Your account has expired. Please contact your System administrator"
+msgstr "Ihr Benutzerkonto ist abgelaufen. Bitte kontaktieren Sie ihren System-Administrator"
#: ../../nsswitch/pam_winbind.c:604
-msgid "Your account is disabled. "
-msgstr "Ihr Account ist deaktiviert. "
+msgid "Your account is disabled. Please contact your System administrator"
+msgstr "Ihr Benutzerkonto ist deaktiviert. Bitte kontaktieren Sie ihren System-Administrator"
#: ../../nsswitch/pam_winbind.c:607
-msgid "Your account has been locked. "
-msgstr "Ihr Account wurde gesperrt. "
+msgid "Your account has been locked. Please contact your System administrator"
+msgstr "Ihr Benutzerkonto wurde gesperrt. Bitte kontaktieren Sie ihren System-Administrator"
#: ../../nsswitch/pam_winbind.c:610 ../../nsswitch/pam_winbind.c:612 ../../nsswitch/pam_winbind.c:614
msgid "Invalid Trust Account"
-msgstr "Ungültiger Maschinen-Account"
+msgstr "Ungültiges Maschinen-Konto"
#: ../../nsswitch/pam_winbind.c:616
msgid "Access is denied"
@@ -103,7 +98,7 @@ msgstr "Tag"
#: ../../nsswitch/pam_winbind.c:1253
msgid "Grace login. Please change your password as soon you're online again"
-msgstr ""
+msgstr "Kulanzanmeldung. Bitte ändern sie ihr Passwort sobald sie wieder online sind"
#: ../../nsswitch/pam_winbind.c:1263
msgid "Domain Controller unreachable, using cached credentials instead. Network resources may be unavailable"
@@ -115,7 +110,7 @@ msgid ""
"with the domain controller. Please verify the system time.\n"
msgstr ""
"Anforderung eines Kerberos Tickets aufgrund Zeitunterscheid zum \n"
-"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die System Zeit.\n"
+"Domänen-Controller fehlgeschlagen. Bitte überprüfen Sie die Systemzeit.\n"
#: ../../nsswitch/pam_winbind.c:1356
msgid "Your password "
@@ -133,7 +128,7 @@ msgstr "kann keines der %d vorherigen Passwörter enthalten; "
#: ../../nsswitch/pam_winbind.c:1382
msgid "must contain capitals, numerals or punctuation; and cannot contain your account or full name; "
-msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Anmelde- oder Vollnamen enthalten; "
+msgstr "muß Großbuchstaben, Ziffern oder Punktzeichen enthalten; kann nicht den Benutzer- oder vollen Namen enthalten; "
#: ../../nsswitch/pam_winbind.c:1392
msgid "Please type a different password. Type a password which meets these requirements in both text boxes."
diff --git a/source3/modules/vfs_readonly.c b/source3/modules/vfs_readonly.c
index d4ddf32e3a..58c83e5e1b 100644
--- a/source3/modules/vfs_readonly.c
+++ b/source3/modules/vfs_readonly.c
@@ -64,12 +64,25 @@ static int readonly_connect(vfs_handle_struct *handle,
"period", period_def);
if (period && period[0] && period[1]) {
+ int i;
time_t current_time = time(NULL);
time_t begin_period = get_date(period[0], &current_time);
time_t end_period = get_date(period[1], &current_time);
if ((current_time >= begin_period) && (current_time <= end_period)) {
+ connection_struct *conn = handle->conn;
+
handle->conn->read_only = True;
+
+ /* Wipe out the VUID cache. */
+ for (i=0; i< VUID_CACHE_SIZE; i++) {
+ struct vuid_cache_entry *ent = ent = &conn->vuid_cache.array[i];
+ ent->vuid = UID_FIELD_INVALID;
+ TALLOC_FREE(ent->server_info);
+ ent->read_only = false;
+ ent->admin_user = false;
+ }
+ conn->vuid_cache.next_entry = 0;
}
return SMB_VFS_NEXT_CONNECT(handle, service, user);
diff --git a/source3/modules/vfs_streams_depot.c b/source3/modules/vfs_streams_depot.c
index d8c476f96f..e7ecedaaed 100644
--- a/source3/modules/vfs_streams_depot.c
+++ b/source3/modules/vfs_streams_depot.c
@@ -117,9 +117,17 @@ static char *stream_dir(vfs_handle_struct *handle, const char *base_path,
struct file_id id;
uint8 id_buf[16];
+ tmp = talloc_asprintf(talloc_tos(), "%s/.streams", handle->conn->connectpath);
+
+ if (tmp == NULL) {
+ errno = ENOMEM;
+ goto fail;
+ }
+
const char *rootdir = lp_parm_const_string(
SNUM(handle->conn), "streams_depot", "directory",
- handle->conn->connectpath);
+ tmp);
+ TALLOC_FREE(tmp);
if (base_sbuf == NULL) {
if (SMB_VFS_NEXT_STAT(handle, base_path, &sbuf) == -1) {
diff --git a/source3/nsswitch/pam_winbind.c b/source3/nsswitch/pam_winbind.c
index c164f8e72a..1daa05ea17 100644
--- a/source3/nsswitch/pam_winbind.c
+++ b/source3/nsswitch/pam_winbind.c
@@ -598,14 +598,14 @@ static const struct ntstatus_errors {
{"NT_STATUS_INVALID_LOGON_HOURS",
N_("You are not allowed to logon at this time")},
{"NT_STATUS_ACCOUNT_EXPIRED",
- N_("Your account has expired. ")
- N_("Please contact your System administrator")}, /* SCNR */
+ N_("Your account has expired. "
+ "Please contact your System administrator")}, /* SCNR */
{"NT_STATUS_ACCOUNT_DISABLED",
- N_("Your account is disabled. ")
- N_("Please contact your System administrator")}, /* SCNR */
+ N_("Your account is disabled. "
+ "Please contact your System administrator")}, /* SCNR */
{"NT_STATUS_ACCOUNT_LOCKED_OUT",
- N_("Your account has been locked. ")
- N_("Please contact your System administrator")}, /* SCNR */
+ N_("Your account has been locked. "
+ "Please contact your System administrator")}, /* SCNR */
{"NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT",
N_("Invalid Trust Account")},
{"NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT",
diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c
index 4beab6488b..0bed13e522 100644
--- a/source3/rpc_server/srv_svcctl_nt.c
+++ b/source3/rpc_server/srv_svcctl_nt.c
@@ -517,11 +517,9 @@ WERROR _svcctl_ControlService(pipes_struct *p,
return info->ops->service_status( info->name,
r->out.service_status );
+ default:
+ return WERR_ACCESS_DENIED;
}
-
- /* default control action */
-
- return WERR_ACCESS_DENIED;
}
/********************************************************************
diff --git a/source3/rpcclient/cmd_ntsvcs.c b/source3/rpcclient/cmd_ntsvcs.c
index 7a25352943..11f16d3462 100644
--- a/source3/rpcclient/cmd_ntsvcs.c
+++ b/source3/rpcclient/cmd_ntsvcs.c
@@ -122,15 +122,15 @@ static WERROR cmd_ntsvcs_get_hw_prof_info(struct rpc_pipe_client *cli,
WERROR werr;
uint32_t idx = 0;
struct PNP_HwProfInfo info;
- uint32_t unknown1 = 0, unknown2 = 0;
+ uint32_t size = 0, flags = 0;
ZERO_STRUCT(info);
status = rpccli_PNP_GetHwProfInfo(cli, mem_ctx,
idx,
&info,
- unknown1,
- unknown2,
+ size,
+ flags,
&werr);
if (!NT_STATUS_IS_OK(status)) {
return ntstatus_to_werror(status);
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index f5f79c86e5..9dbacc2998 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -252,9 +252,11 @@ bool user_ok_token(const char *username, const char *domain,
bool is_share_read_only_for_token(const char *username,
const char *domain,
- struct nt_user_token *token, int snum)
+ struct nt_user_token *token,
+ connection_struct *conn)
{
- bool result = lp_readonly(snum);
+ int snum = SNUM(conn);
+ bool result = conn->read_only;
if (lp_readlist(snum) != NULL) {
if (token_contains_name_in_list(username, domain,
diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 045de6f2d3..c238f40cfd 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -88,7 +88,8 @@ static bool check_user_ok(connection_struct *conn, uint16_t vuid,
readonly_share = is_share_read_only_for_token(
server_info->unix_name,
pdb_get_domain(server_info->sam_account),
- server_info->ptok, snum);
+ server_info->ptok,
+ conn);
if (!readonly_share &&
!share_access_check(server_info->ptok, lp_servicename(snum),
diff --git a/source3/utils/net_rap.c b/source3/utils/net_rap.c
index 570e951aee..dd757abd1a 100644
--- a/source3/utils/net_rap.c
+++ b/source3/utils/net_rap.c
@@ -612,7 +612,7 @@ int net_rap_printq_usage(struct net_context *c, int argc, const char **argv)
d_printf(
"net rap printq [misc. options] [targets]\n"
"\tor\n"
- "net rap printq list [<queue_name>] [misc. options] [targets]\n"
+ "net rap printq info [<queue_name>] [misc. options] [targets]\n"
"\tlists the specified queue and jobs on the target server.\n"
"\tIf the queue name is not specified, all queues are listed.\n\n");
d_printf(
@@ -726,9 +726,10 @@ int net_rap_printq(struct net_context *c, int argc, const char **argv)
"info",
rap_printq_info,
NET_TRANSPORT_RAP,
- "Display info about print job",
- "net rap printq info\n"
- " Display info about print job"
+ "Display info about print queues and jobs",
+ "net rap printq info [queue]\n"
+ " Display info about print jobs in queue.\n"
+ " If queue is not specified, all queues are listed"
},
{
"delete",
diff --git a/source3/winbindd/winbindd_passdb.c b/source3/winbindd/winbindd_passdb.c
index 0cf4540cfe..101854ae94 100644
--- a/source3/winbindd/winbindd_passdb.c
+++ b/source3/winbindd/winbindd_passdb.c
@@ -639,13 +639,13 @@ static NTSTATUS sam_lookup_groupmem(struct winbindd_domain *domain,
sid_type_lookup(lsa_names[i].type)));
continue;
}
- if (!((*names)[i] = talloc_strdup((*names),
+ if (!((*names)[num_mapped] = talloc_strdup((*names),
lsa_names[i].name))) {
TALLOC_FREE(tmp_ctx);
return NT_STATUS_NO_MEMORY;
}
- (*name_types)[i] = lsa_names[i].type;
+ (*name_types)[num_mapped] = lsa_names[i].type;
num_mapped += 1;
}
generated by cgit (git 2.34.1) at 2024-11-22 19:01:01 +0000