1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00

Fixed LSA Lookup Names. There were a few too many NULL pointers in a

negative response, which tended to crash lsass.exe.
(This used to be commit 6d03f61d25)
This commit is contained in:
Matthew Chapman 1999-03-24 12:18:28 +00:00
parent 6b9cb3a254
commit 22ab15823f
5 changed files with 88 additions and 39 deletions

View File

@ -274,7 +274,6 @@ typedef struct dom_trust_info
/* DOM_R_REF */ /* DOM_R_REF */
typedef struct dom_ref_info typedef struct dom_ref_info
{ {
uint32 undoc_buffer; /* undocumented buffer pointer. */
uint32 num_ref_doms_1; /* num referenced domains */ uint32 num_ref_doms_1; /* num referenced domains */
uint32 ptr_ref_dom; /* pointer to referenced domains */ uint32 ptr_ref_dom; /* pointer to referenced domains */
uint32 max_entries; /* 32 - max number of entries */ uint32 max_entries; /* 32 - max number of entries */
@ -336,7 +335,9 @@ typedef struct lsa_q_lookup_sids
/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */ /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
typedef struct lsa_r_lookup_sids typedef struct lsa_r_lookup_sids
{ {
uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */ DOM_R_REF *dom_ref; /* domain reference info */
LSA_TRANS_NAME_ENUM *names; LSA_TRANS_NAME_ENUM *names;
uint32 mapped_count; uint32 mapped_count;
@ -364,10 +365,11 @@ typedef struct lsa_q_lookup_names
/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
typedef struct lsa_r_lookup_names typedef struct lsa_r_lookup_names
{ {
uint32 ptr_dom_ref;
DOM_R_REF *dom_ref; /* domain reference info */ DOM_R_REF *dom_ref; /* domain reference info */
uint32 num_entries; uint32 num_entries;
uint32 undoc_buffer; /* undocumented buffer pointer */ uint32 ptr_entries;
uint32 num_entries2; uint32 num_entries2;
DOM_RID2 *dom_rid; /* domain RIDs being looked up */ DOM_RID2 *dom_rid; /* domain RIDs being looked up */

View File

@ -175,7 +175,6 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
return -1; return -1;
} }
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = num+1; ref->num_ref_doms_1 = num+1;
ref->ptr_ref_dom = 1; ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS; ref->max_entries = MAX_REF_DOMAINS;
@ -268,13 +267,27 @@ static void make_lsa_rid2s(DOM_R_REF *ref,
make_reply_lookup_names make_reply_lookup_names
***************************************************************************/ ***************************************************************************/
static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
DOM_R_REF *ref, DOM_RID2 *rid2, DOM_R_REF *ref, uint32 num_entries,
uint32 mapped_count, uint32 status) DOM_RID2 *rid2, uint32 mapped_count)
{ {
r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref; r_l->dom_ref = ref;
r_l->num_entries = num_entries;
r_l->ptr_entries = 1;
r_l->num_entries2 = num_entries;
r_l->dom_rid = rid2; r_l->dom_rid = rid2;
r_l->mapped_count = mapped_count; r_l->mapped_count = mapped_count;
r_l->status = status;
if (mapped_count == 0)
{
r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
else
{
r_l->status = 0x0;
}
} }
/*************************************************************************** /***************************************************************************
@ -356,12 +369,21 @@ make_reply_lookup_sids
***************************************************************************/ ***************************************************************************/
static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
uint32 mapped_count, uint32 status) uint32 mapped_count)
{ {
r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref; r_l->dom_ref = ref;
r_l->names = names; r_l->names = names;
r_l->mapped_count = mapped_count; r_l->mapped_count = mapped_count;
r_l->status = status;
if (mapped_count == 0)
{
r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
else
{
r_l->status = 0x0;
}
} }
/*************************************************************************** /***************************************************************************
@ -381,7 +403,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
/* set up the LSA Lookup SIDs response */ /* set up the LSA Lookup SIDs response */
make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
/* store the response in the SMB stream */ /* store the response in the SMB stream */
lsa_io_r_lookup_sids("", &r_l, rdata, 0); lsa_io_r_lookup_sids("", &r_l, rdata, 0);
@ -404,11 +426,7 @@ static void lsa_reply_lookup_names(prs_struct *rdata,
/* set up the LSA Lookup RIDs response */ /* set up the LSA Lookup RIDs response */
make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count); make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
make_reply_lookup_names(&r_l, &ref, rids, mapped_count, 0x0); make_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
r_l.num_entries = num_entries;
r_l.undoc_buffer = 1;
r_l.num_entries2 = num_entries;
/* store the response in the SMB stream */ /* store the response in the SMB stream */
lsa_io_r_lookup_names("", &r_l, rdata, 0); lsa_io_r_lookup_names("", &r_l, rdata, 0);
@ -541,7 +559,6 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries); SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries); lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
} }

View File

@ -270,7 +270,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum,
if (p) if (p)
{ {
if (r_l.undoc_buffer != 0 && ref.undoc_buffer != 0) if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0)
{ {
valid_response = True; valid_response = True;
} }
@ -399,7 +399,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum,
if (p) if (p)
{ {
if (t_names.ptr_trans_names != 0 && ref.undoc_buffer != 0) if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0)
{ {
valid_response = True; valid_response = True;
} }

View File

@ -71,7 +71,6 @@ static void lsa_io_dom_r_ref(char *desc, DOM_R_REF *r_r, prs_struct *ps, int de
prs_align(ps); prs_align(ps);
prs_uint32("undoc_buffer ", ps, depth, &(r_r->undoc_buffer )); /* undocumented buffer pointer. */
prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */ prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */
prs_uint32("ptr_ref_dom ", ps, depth, &(r_r->ptr_ref_dom )); /* undocumented buffer pointer. */ prs_uint32("ptr_ref_dom ", ps, depth, &(r_r->ptr_ref_dom )); /* undocumented buffer pointer. */
prs_uint32("max_entries ", ps, depth, &(r_r->max_entries )); /* 32 - max number of entries */ prs_uint32("max_entries ", ps, depth, &(r_r->max_entries )); /* 32 - max number of entries */
@ -915,15 +914,29 @@ void lsa_io_r_lookup_names(char *desc, LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps,
prs_align(ps); prs_align(ps);
lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth); /* domain reference info */ prs_uint32("ptr_dom_ref", ps, depth, &(r_r->ptr_dom_ref));
if (r_r->ptr_dom_ref != 0)
prs_uint32("num_entries ", ps, depth, &(r_r->num_entries));
prs_uint32("undoc_buffer", ps, depth, &(r_r->undoc_buffer));
prs_uint32("num_entries2", ps, depth, &(r_r->num_entries2));
for (i = 0; i < r_r->num_entries2; i++)
{ {
smb_io_dom_rid2("", &(r_r->dom_rid[i]), ps, depth); /* domain RIDs being looked up */ lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth);
}
prs_uint32("num_entries", ps, depth, &(r_r->num_entries));
prs_uint32("ptr_entries", ps, depth, &(r_r->ptr_entries));
if (r_r->ptr_entries != 0)
{
prs_uint32("num_entries2", ps, depth, &(r_r->num_entries2));
if (r_r->num_entries2 != r_r->num_entries)
{
/* RPC fault */
return;
}
for (i = 0; i < r_r->num_entries2; i++)
{
smb_io_dom_rid2("", &(r_r->dom_rid[i]), ps, depth); /* domain RIDs being looked up */
}
} }
prs_uint32("mapped_count", ps, depth, &(r_r->mapped_count)); prs_uint32("mapped_count", ps, depth, &(r_r->mapped_count));

View File

@ -175,7 +175,6 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
return -1; return -1;
} }
ref->undoc_buffer = 1;
ref->num_ref_doms_1 = num+1; ref->num_ref_doms_1 = num+1;
ref->ptr_ref_dom = 1; ref->ptr_ref_dom = 1;
ref->max_entries = MAX_REF_DOMAINS; ref->max_entries = MAX_REF_DOMAINS;
@ -268,13 +267,27 @@ static void make_lsa_rid2s(DOM_R_REF *ref,
make_reply_lookup_names make_reply_lookup_names
***************************************************************************/ ***************************************************************************/
static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l, static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
DOM_R_REF *ref, DOM_RID2 *rid2, DOM_R_REF *ref, uint32 num_entries,
uint32 mapped_count, uint32 status) DOM_RID2 *rid2, uint32 mapped_count)
{ {
r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref; r_l->dom_ref = ref;
r_l->num_entries = num_entries;
r_l->ptr_entries = 1;
r_l->num_entries2 = num_entries;
r_l->dom_rid = rid2; r_l->dom_rid = rid2;
r_l->mapped_count = mapped_count; r_l->mapped_count = mapped_count;
r_l->status = status;
if (mapped_count == 0)
{
r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
else
{
r_l->status = 0x0;
}
} }
/*************************************************************************** /***************************************************************************
@ -356,12 +369,21 @@ make_reply_lookup_sids
***************************************************************************/ ***************************************************************************/
static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l, static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names, DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
uint32 mapped_count, uint32 status) uint32 mapped_count)
{ {
r_l->ptr_dom_ref = 1;
r_l->dom_ref = ref; r_l->dom_ref = ref;
r_l->names = names; r_l->names = names;
r_l->mapped_count = mapped_count; r_l->mapped_count = mapped_count;
r_l->status = status;
if (mapped_count == 0)
{
r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
}
else
{
r_l->status = 0x0;
}
} }
/*************************************************************************** /***************************************************************************
@ -381,7 +403,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
/* set up the LSA Lookup SIDs response */ /* set up the LSA Lookup SIDs response */
make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count); make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0); make_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
/* store the response in the SMB stream */ /* store the response in the SMB stream */
lsa_io_r_lookup_sids("", &r_l, rdata, 0); lsa_io_r_lookup_sids("", &r_l, rdata, 0);
@ -404,11 +426,7 @@ static void lsa_reply_lookup_names(prs_struct *rdata,
/* set up the LSA Lookup RIDs response */ /* set up the LSA Lookup RIDs response */
make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count); make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
make_reply_lookup_names(&r_l, &ref, rids, mapped_count, 0x0); make_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
r_l.num_entries = num_entries;
r_l.undoc_buffer = 1;
r_l.num_entries2 = num_entries;
/* store the response in the SMB stream */ /* store the response in the SMB stream */
lsa_io_r_lookup_names("", &r_l, rdata, 0); lsa_io_r_lookup_names("", &r_l, rdata, 0);
@ -541,7 +559,6 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries); SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
/* construct reply. return status is always 0x0 */
lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries); lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
} }