From 965f440983f953d77d5771d24907d3907ab0b463 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Sat, 26 Jan 2002 10:02:23 +0000 Subject: Move the lsa code across to the changed args for lookup_name, and surround it in become_root()/unbecome_root(). Also only allocate the memory the client reqests - and don't allow the client to trigger an SMB_ASSERT if they ask for 'more'. Up the maximum number of sids allowed, and note that this is an arbiary guess, and can be raised without consequence. Andrew Bartlett (This used to be commit 6e7667125d142670db7393ed7a48386f3821d896) --- source3/include/rpc_lsa.h | 6 ++---- source3/rpc_server/srv_lsa_nt.c | 13 +++++++++++-- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h index 0bae09480b..8388877dd1 100644 --- a/source3/include/rpc_lsa.h +++ b/source3/include/rpc_lsa.h @@ -90,9 +90,6 @@ enum SID_NAME_USE /* XXXX these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD -#define LSA_MAX_GROUPS 96 -#define LSA_MAX_SIDS 128 - /* DOM_QUERY - info class 3 and 5 LSA Query response */ typedef struct dom_query_info { @@ -362,7 +359,8 @@ typedef struct lsa_trans_name_info } LSA_TRANS_NAME; -#define MAX_LOOKUP_SIDS 30 +/* This number purly arbitary - just to prevent a client from requesting large amounts of memory */ +#define MAX_LOOKUP_SIDS 256 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ typedef struct lsa_trans_name_enum_info diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 9916b99c8a..412d0e775e 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -140,6 +140,8 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); + become_root(); /* lookup_name can require root privs */ + for (i = 0; i < num_entries; i++) { BOOL status = False; DOM_SID sid; @@ -158,7 +160,7 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name)); - status = lookup_name(full_name, &sid, &name_type); + status = lookup_name(dom_name, user, &sid, &name_type); DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); @@ -176,6 +178,8 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, init_dom_rid2(&rid2[total], rid, name_type, dom_idx); total++; } + + unbecome_root(); } /*************************************************************************** @@ -612,8 +616,13 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP if (!(handle->access & POLICY_LOOKUP_NAMES)) return NT_STATUS_ACCESS_DENIED; + if (num_entries > MAX_LOOKUP_SIDS) { + num_entries = MAX_LOOKUP_SIDS; + DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); + } + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); - rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*MAX_LOOKUP_SIDS); + rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries); if (!ref || !rids) return NT_STATUS_NO_MEMORY; -- cgit