1
0
mirror of https://github.com/samba-team/samba.git synced 2025-08-07 09:49:30 +03:00

s3-dcerpc: Use DATA_BLOB for pipes_struct input data

Signed-off-by: Günther Deschner <gd@samba.org>
This commit is contained in:
Simo Sorce
2010-07-15 10:28:59 -04:00
committed by Günther Deschner
parent 8f2bfa88b5
commit 100d37fc46
7 changed files with 30 additions and 93 deletions

View File

@ -145,7 +145,6 @@ sub ParseFunction($$)
pidl "struct ndr_pull *pull;";
pidl "struct ndr_push *push;";
pidl "enum ndr_err_code ndr_err;";
pidl "DATA_BLOB blob;";
pidl "struct $fn->{NAME} *r;";
pidl "";
pidl "call = &ndr_table_$if->{NAME}.calls[$op];";
@ -155,12 +154,7 @@ sub ParseFunction($$)
pidl "\treturn false;";
pidl "}";
pidl "";
pidl "if (!prs_data_blob(&p->in_data.data, &blob, r)) {";
pidl "\ttalloc_free(r);";
pidl "\treturn false;";
pidl "}";
pidl "";
pidl "pull = ndr_pull_init_blob(&blob, r);";
pidl "pull = ndr_pull_init_blob(&p->in_data.data, r);";
pidl "if (pull == NULL) {";
pidl "\ttalloc_free(r);";
pidl "\treturn false;";

View File

@ -105,7 +105,8 @@ typedef struct _input_data {
* the rpc headers and auth footers removed.
* The maximum length of this (1Mb) is strictly enforced.
*/
prs_struct data;
DATA_BLOB data;
} input_data;
struct handle_list;

View File

@ -1 +0,0 @@
This contains the generated files from PIDL for the IDL files in ../idl/*.idl

View File

@ -144,20 +144,6 @@ struct pipes_struct *make_internal_rpc_pipe_p(TALLOC_CTX *mem_ctx,
return NULL;
}
/*
* Initialize the incoming RPC data buffer with one PDU worth of memory.
* We cheat here and say we're marshalling, as we intend to add incoming
* data directly into the prs_struct and we want it to auto grow. We will
* change the type to UNMARSALLING before processing the stream.
*/
if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
DEBUG(0,("open_rpc_pipe_p: malloc fail for in_data struct.\n"));
close_policy_by_pipe(p);
TALLOC_FREE(p);
return NULL;
}
p->server_info = copy_serverinfo(p, server_info);
if (p->server_info == NULL) {
DEBUG(0, ("open_rpc_pipe_p: copy_serverinfo failed\n"));
@ -194,8 +180,6 @@ static NTSTATUS internal_ndr_push(TALLOC_CTX *mem_ctx,
const struct ndr_interface_call *call;
struct ndr_push *push;
enum ndr_err_code ndr_err;
DATA_BLOB blob;
bool ret;
if (!ndr_syntax_id_equal(&table->syntax_id, &cli->abstract_syntax) ||
(opnum >= table->num_calls)) {
@ -220,12 +204,10 @@ static NTSTATUS internal_ndr_push(TALLOC_CTX *mem_ctx,
return ndr_map_error2ntstatus(ndr_err);
}
blob = ndr_push_blob(push);
ret = prs_init_data_blob(&cli->pipes_struct->in_data.data, &blob, mem_ctx);
cli->pipes_struct->in_data.data = ndr_push_blob(push);
talloc_steal(cli->pipes_struct->mem_ctx,
cli->pipes_struct->in_data.data.data);
TALLOC_FREE(push);
if (!ret) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}
@ -317,7 +299,7 @@ static NTSTATUS rpc_pipe_internal_dispatch(struct rpc_pipe_client *cli,
return status;
}
prs_mem_free(&cli->pipes_struct->in_data.data);
data_blob_free(&cli->pipes_struct->in_data.data);
data_blob_free(&cli->pipes_struct->out_data.rdata);
return NT_STATUS_OK;

View File

@ -1719,7 +1719,9 @@ static bool api_rpcTNP(pipes_struct *p, struct ncacn_packet *pkt,
fstring name;
slprintf(name, sizeof(name)-1, "in_%s",
get_pipe_name_from_syntax(talloc_tos(), &p->syntax));
prs_dump(name, pkt->u.request.opnum, &p->in_data.data);
prs_dump_region(name, pkt->u.request.opnum,
p->in_data.data.data, 0,
p->in_data.data.length);
}
for (fn_num = 0; fn_num < n_cmds; fn_num++) {
@ -1783,18 +1785,11 @@ static bool api_rpcTNP(pipes_struct *p, struct ncacn_packet *pkt,
get_pipe_name_from_syntax(talloc_tos(), &p->syntax)));
/* Check for buffer underflow in rpc parsing */
if ((DEBUGLEVEL >= 10) &&
(prs_offset(&p->in_data.data) != prs_data_size(&p->in_data.data))) {
size_t data_len = prs_data_size(&p->in_data.data) - prs_offset(&p->in_data.data);
char *data = (char *)SMB_MALLOC(data_len);
if ((DEBUGLEVEL >= 10) &&
(pkt->frag_length < p->in_data.data.length)) {
DEBUG(10, ("api_rpcTNP: rpc input buffer underflow (parse error?)\n"));
if (data) {
prs_uint8s(False, "", &p->in_data.data, 0, (unsigned char *)data, (uint32)data_len);
SAFE_FREE(data);
}
dump_data(10, p->in_data.data.data + pkt->frag_length,
p->in_data.data.length - pkt->frag_length);
}
return True;

View File

@ -56,7 +56,7 @@ static bool pipe_init_outgoing_data(pipes_struct *p)
static void set_incoming_fault(pipes_struct *p)
{
prs_mem_free(&p->in_data.data);
data_blob_free(&p->in_data.data);
p->in_data.pdu_needed_len = 0;
p->in_data.pdu.length = 0;
p->fault_state = True;
@ -145,21 +145,12 @@ static void free_pipe_context(pipes_struct *p)
{
data_blob_free(&p->out_data.frag);
data_blob_free(&p->out_data.rdata);
prs_mem_free(&p->in_data.data);
data_blob_free(&p->in_data.data);
DEBUG(3, ("free_pipe_context: "
"destroying talloc pool of size %lu\n",
(unsigned long)talloc_total_size(p->mem_ctx)));
talloc_free_children(p->mem_ctx);
/*
* Re-initialize to set back to marshalling and set the
* offset back to the start of the buffer.
*/
if(!prs_init(&p->in_data.data, 128, p->mem_ctx, MARSHALL)) {
DEBUG(0, ("free_pipe_context: "
"rps_init failed!\n"));
p->fault_state = True;
}
}
/****************************************************************************
@ -348,10 +339,10 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
* will not fit in the initial buffer of size 0x1068 --jerry 22/01/2002
*/
if (prs_offset(&p->in_data.data) + data.length > MAX_RPC_DATA_SIZE) {
if (p->in_data.data.length + data.length > MAX_RPC_DATA_SIZE) {
DEBUG(0, ("process_request_pdu: "
"rpc data buffer too large (%u) + (%u)\n",
(unsigned int)prs_data_size(&p->in_data.data),
(unsigned int)p->in_data.data.length,
(unsigned int)data.length));
set_incoming_fault(p);
return False;
@ -361,14 +352,16 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
* Append the data portion into the buffer and return.
*/
if (!prs_copy_data_in(&p->in_data.data,
(char *)data.data, data.length)) {
DEBUG(0, ("process_request_pdu: Unable to append data size %u "
"to parse buffer of size %u.\n",
(unsigned int)data.length,
(unsigned int)prs_data_size(&p->in_data.data)));
set_incoming_fault(p);
return False;
if (data.length) {
if (!data_blob_append(p->mem_ctx, &p->in_data.data,
data.data, data.length)) {
DEBUG(0, ("Unable to append data size %u "
"to parse buffer of size %u.\n",
(unsigned int)data.length,
(unsigned int)p->in_data.data.length));
set_incoming_fault(p);
return False;
}
}
if (pkt->pfc_flags & DCERPC_PFC_FLAG_LAST) {
@ -378,31 +371,9 @@ static bool process_request_pdu(pipes_struct *p, struct ncacn_packet *pkt)
* Call the rpc command to process it.
*/
/*
* Ensure the internal prs buffer size is *exactly* the same
* size as the current offset.
*/
if (!prs_set_buffer_size(&p->in_data.data,
prs_offset(&p->in_data.data))) {
DEBUG(0, ("process_request_pdu: "
"Call to prs_set_buffer_size failed!\n"));
set_incoming_fault(p);
return False;
}
/*
* Set the parse offset to the start of the data and set the
* prs_struct to UNMARSHALL.
*/
prs_set_offset(&p->in_data.data, 0);
prs_switch_type(&p->in_data.data, UNMARSHALL);
/*
* Process the complete data stream here.
*/
if (pipe_init_outgoing_data(p)) {
ret = api_pipe_request(p, pkt);
}
@ -454,7 +425,6 @@ static void process_complete_pdu(pipes_struct *p)
} else {
p->endian = RPC_BIG_ENDIAN;
}
prs_set_endian_data(&p->in_data.data, p->endian);
DEBUG(10, ("Processing packet type %d\n", (int)pkt->ptype));
@ -591,10 +561,6 @@ static void process_complete_pdu(pipes_struct *p)
}
done:
/* Reset to little endian.
* Probably don't need this but it won't hurt. */
prs_set_endian_data(&p->in_data.data, RPC_LITTLE_ENDIAN);
if (!reply) {
DEBUG(3,("process_complete_pdu: DCE/RPC fault sent on "
"pipe %s\n", get_pipe_name_from_syntax(talloc_tos(),

View File

@ -264,8 +264,8 @@ enum winbindd_result winbindd_dual_ndrcmd(struct winbindd_domain *domain,
ZERO_STRUCT(p);
p.mem_ctx = talloc_stackframe();
p.in_data.data.buffer_size = state->request->extra_len;
p.in_data.data.data_p = state->request->extra_data.data;
p.in_data.data = data_blob_const(state->request->extra_data.data,
state->request->extra_len);
ret = fns[state->request->data.ndrcmd].fn(&p);
if (!ret) {