From 520878fd1f440a7313cedb4827bdc81454d94d20 Mon Sep 17 00:00:00 2001 From: Luke Leighton Date: Wed, 29 Oct 1997 19:05:34 +0000 Subject: ipc.c ntclientpipe.c: response to Bind Acknowledgment needs a lookup table for the PIPE string (secondary address in RPC_HDR_BA structure). smbparse.c util.c : interesting problem, i think caused by us typecasting a uint16* buffer to char*. found on a SPARC. (This used to be commit 420408ee83902faa6cf871f26e93ad5efb483727) --- source3/include/proto.h | 1 + source3/include/smb.h | 1 + source3/lib/util.c | 47 +++++++++++++++++++++++++++++++++++++++++++++++ source3/ntclientpipe.c | 43 ++++++++++++++++++++++++++++++++++++++++--- source3/smbd/ipc.c | 24 ++++++++++++++---------- source3/smbparse.c | 22 +++++++++++----------- 6 files changed, 114 insertions(+), 24 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index a02fa86bb9..ee7bd41dbd 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1251,6 +1251,7 @@ enum remote_arch_types get_remote_arch(); char *skip_unicode_string(char *buf,int n); char *unistrn2(uint16 *buf, int len); char *unistr2(uint16 *buf); +int struni2(uint16 *p, char *buf); char *unistr(char *buf); int unistrncpy(char *dst, char *src, int len); int unistrcpy(char *dst, char *src); diff --git a/source3/include/smb.h b/source3/include/smb.h index 62c3fec19d..9b54385eee 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -260,6 +260,7 @@ typedef fstring string; #define PIPE_SRVSVC "\\PIPE\\srvsvc" #define PIPE_NETLOGON "\\PIPE\\NETLOGON" #define PIPE_NTLSA "\\PIPE\\ntlsa" +#define PIPE_LSASS "\\PIPE\\lsass" #define PIPE_LSARPC "\\PIPE\\lsarpc" /* NETLOGON opcodes and data structures */ diff --git a/source3/lib/util.c b/source3/lib/util.c index 7f47cdbdb4..4d098013f2 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -4284,11 +4284,19 @@ char *unistrn2(uint16 *buf, int len) static int nexti; char *lbuf = lbufs[nexti]; char *p; + nexti = (nexti+1)%8; + + DEBUG(10, ("unistrn2: ")); + for (p = lbuf; *buf && p-lbuf < MAXUNI-2 && len > 0; len--, p++, buf++) { + DEBUG(10, ("%4x ", *buf)); *p = *buf; } + + DEBUG(10,("\n")); + *p = 0; return lbuf; } @@ -4304,15 +4312,54 @@ char *unistr2(uint16 *buf) static int nexti; char *lbuf = lbufs[nexti]; char *p; + nexti = (nexti+1)%8; + + DEBUG(10, ("unistr2: ")); + for (p = lbuf; *buf && p-lbuf < MAXUNI-2; p++, buf++) { + DEBUG(10, ("%4x ", *buf)); *p = *buf; } + + DEBUG(10,("\n")); + *p = 0; return lbuf; } +/******************************************************************* +create a null-terminated unicode string from a null-terminated ascii string. +return number of unicode chars copied, excluding the null character. + +only handles ascii strings +********************************************************************/ +#define MAXUNI 1024 +int struni2(uint16 *p, char *buf) +{ + int len = 0; + + if (p == NULL) return 0; + + DEBUG(10, ("struni2: ")); + + if (buf != NULL) + { + for (; *buf && len < MAXUNI-2; len++, p++, buf++) + { + DEBUG(10, ("%2x ", *buf)); + *p = *buf; + } + + DEBUG(10,("\n")); + } + + *p = 0; + + return len; +} + /******************************************************************* Return a ascii version of a unicode string Hack alert: uses fixed buffer(s) and only handles ascii strings diff --git a/source3/ntclientpipe.c b/source3/ntclientpipe.c index 6a4fa59f80..80991cea51 100644 --- a/source3/ntclientpipe.c +++ b/source3/ntclientpipe.c @@ -85,6 +85,17 @@ uint16 open_rpc_pipe(char *inbuf, char *outbuf, char *rname, int Client, int cnu return fnum; } +struct +{ + char *client; + char *server; +} pipe_names [] = +{ + { PIPE_LSARPC , PIPE_LSASS }, + { PIPE_NETLOGON, PIPE_NETLOGON }, + { NULL , NULL } +}; + /**************************************************************************** do an rpc bind ****************************************************************************/ @@ -140,6 +151,7 @@ BOOL bind_rpc_pipe(char *pipe_name, uint16 fnum, uint32 call_id, RPC_HDR_BA hdr_ba; int hdr_len; int pkt_len; + int i = 0; DEBUG(5, ("cli_call_api: return OK\n")); @@ -172,10 +184,35 @@ BOOL bind_rpc_pipe(char *pipe_name, uint16 fnum, uint32 call_id, } #endif - if (p && (strcmp(pipe_name, hdr_ba.addr.str) != 0)) + while (p && (pipe_names[i].server != NULL)) + { + DEBUG(6,("bind_rpc_pipe: searching pipe name: client:%s server:%s\n", + pipe_names[i].client, pipe_names[i].server)); + + if ((strcmp(pipe_name , pipe_names[i].client) == 0)) + { + if (strcmp(hdr_ba.addr.str, pipe_names[i].server) == 0) + { + DEBUG(5,("bind_rpc_pipe: server pipe_name found: %s\n", + pipe_names[i].server)); + break; + } + else + { + DEBUG(2,("bind_rpc_pipe: pipe_name %s != expected pipe %s\n", + pipe_names[i].server, hdr_ba.addr.str)); + p = NULL; + } + } + else + { + i++; + } + } + + if (p && pipe_names[i].server == NULL) { - DEBUG(2,("bind_rpc_pipe: pipe_name %s != expected pipe %s\n", - pipe_name, hdr_ba.addr.str)); + DEBUG(2,("bind_rpc_pipe: pipe name %s unsupported\n", hdr_ba.addr.str)); p = NULL; } diff --git a/source3/smbd/ipc.c b/source3/smbd/ipc.c index c2cfc15a21..088ecfbddd 100644 --- a/source3/smbd/ipc.c +++ b/source3/smbd/ipc.c @@ -2862,23 +2862,27 @@ static BOOL api_WPrintPortEnum(int cnum,uint16 vuid, char *param,char *data, struct { char * name; - char * pipename; + char * pipe_clnt_name; +#ifdef NTDOMAIN + char * pipe_srv_name; +#endif int subcommand; BOOL (*fn) (); } api_fd_commands [] = { #ifdef NTDOMAIN - { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "srvsvc", 1, api_LsarpcSNPHS }, - { "SetNmdPpHndState", "NETLOGON", 1, api_LsarpcSNPHS }, - { "TransactNmPipe", "lsarpc", 0x26, api_ntLsarpcTNP }, - { "TransactNmPipe", "srvsvc", 0x26, api_srvsvcTNP }, - { "TransactNmPipe", "NETLOGON", 0x26, api_netlogrpcTNP }, + { "SetNmdPpHndState", "lsarpc", "lsass", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "srvsvc", "lsass", 1, api_LsarpcSNPHS }, + { "SetNmdPpHndState", "NETLOGON", "NETLOGON", 1, api_LsarpcSNPHS }, + { "TransactNmPipe", "lsarpc", "lsass", 0x26, api_ntLsarpcTNP }, + { "TransactNmPipe", "srvsvc", "lsass", 0x26, api_srvsvcTNP }, + { "TransactNmPipe", "NETLOGON", "NETLOGON", 0x26, api_netlogrpcTNP }, + { NULL, NULL, NULL, -1, (BOOL (*)())api_Unsupported } #else { "SetNmdPpHndState", "lsarpc", 1, api_LsarpcSNPHS }, { "TransactNmPipe" , "lsarpc", 0x26, api_LsarpcTNP }, -#endif { NULL, NULL, -1, (BOOL (*)())api_Unsupported } +#endif }; /**************************************************************************** @@ -2929,7 +2933,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, for (i = 0; api_fd_commands[i].name; i++) { - if (strequal(api_fd_commands[i].pipename, pipe_name) && + if (strequal(api_fd_commands[i].pipe_clnt_name, pipe_name) && api_fd_commands[i].subcommand == subcommand && api_fd_commands[i].fn) { @@ -2964,7 +2968,7 @@ static int api_fd_reply(int cnum,uint16 vuid,char *outbuf, /* name has to be \PIPE\xxxxx */ strcpy(ack_pipe_name, "\\PIPE\\"); - strcat(ack_pipe_name, api_fd_commands[i].pipename); + strcat(ack_pipe_name, api_fd_commands[i].pipe_srv_name); /* make a bind acknowledgement */ make_rpc_hdr_ba(&hdr_ba, diff --git a/source3/smbparse.c b/source3/smbparse.c index 25ddeb56a8..b238cd513b 100644 --- a/source3/smbparse.c +++ b/source3/smbparse.c @@ -207,7 +207,7 @@ creates a UNISTR structure. void make_unistr(UNISTR *str, char *buf) { /* store the string (null-terminated copy) */ - PutUniCode((char *)(str->buffer), buf); + struni2(str->buffer, buf); } /******************************************************************* @@ -216,6 +216,8 @@ XXXX NOTE: UNISTR structures NEED to be null-terminated. ********************************************************************/ char* smb_io_unistr(BOOL io, UNISTR *uni, char *q, char *base, int align, int depth) { + int i = 0; + if (uni == NULL) return NULL; DEBUG(5,("%s%04x smb_io_unistr\n", tab_depth(depth), PTR_DIFF(q, base))); @@ -223,16 +225,14 @@ char* smb_io_unistr(BOOL io, UNISTR *uni, char *q, char *base, int align, int de q = align_offset(q, base, align); - if (io) - { - /* io True indicates read _from_ the SMB buffer into the string */ - q += 2 * unistrcpy((char*)uni->buffer, q); - } - else + do { - /* io True indicates copy _from_ the string into SMB buffer */ - q += 2 * unistrcpy(q, (char*)uni->buffer); - } + RW_SVAL(io, q, uni->buffer[i], 0); q += 2; + i++; + + } while ((i < sizeof(uni->buffer) / sizeof(uni->buffer[0])) && + (uni->buffer[i] != 0)); + return q; } @@ -247,7 +247,7 @@ void make_unistr2(UNISTR2 *str, char *buf, int len) str->uni_str_len = len; /* store the string (null-terminated copy) */ - PutUniCode((char *)str->buffer, buf); + struni2(str->buffer, buf); } /******************************************************************* -- cgit