1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

r12853: Fix segfault in "net rpc vampire|samdump" (Bugzilla #3390).

The session key, after beeing set, was zeroed later on by the prs_init
in the CLI_DO_RPC macro.

Guenther
(This used to be commit eaaeaa767e)
This commit is contained in:
Günther Deschner 2006-01-11 19:18:40 +00:00 committed by Gerald (Jerry) Carter
parent 673c356488
commit 54b1c585bb
2 changed files with 20 additions and 6 deletions

View File

@ -23,8 +23,8 @@
/* macro to expand cookie-cutter code in cli_xxx() using rpc_api_pipe_req() */ /* macro to expand cookie-cutter code in cli_xxx() using rpc_api_pipe_req() */
#define CLI_DO_RPC( pcli, ctx, p_idx, opnum, q_in, r_out, \ #define CLI_DO_RPC_INTERNAL( pcli, ctx, p_idx, opnum, q_in, r_out, \
q_ps, r_ps, q_io_fn, r_io_fn, default_error ) \ q_ps, r_ps, q_io_fn, r_io_fn, default_error, copy_sess_key ) \
{\ {\
SMB_ASSERT(pcli->pipe_idx == p_idx); \ SMB_ASSERT(pcli->pipe_idx == p_idx); \
if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \ if (!prs_init( &q_ps, RPC_MAX_PDU_FRAG_LEN, ctx, MARSHALL )) { \
@ -34,6 +34,7 @@
prs_mem_free( &q_ps );\ prs_mem_free( &q_ps );\
return NT_STATUS_NO_MEMORY;\ return NT_STATUS_NO_MEMORY;\
}\ }\
if ( copy_sess_key) prs_set_session_key(&q_ps, (const char *)pcli->dc->sess_key);\
if ( q_io_fn("", &q_in, &q_ps, 0) ) {\ if ( q_io_fn("", &q_in, &q_ps, 0) ) {\
NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \ NTSTATUS _smb_pipe_stat_ = rpc_api_pipe_req(pcli, opnum, &q_ps, &r_ps); \
if (!NT_STATUS_IS_OK(_smb_pipe_stat_)) {\ if (!NT_STATUS_IS_OK(_smb_pipe_stat_)) {\
@ -41,6 +42,7 @@
prs_mem_free( &r_ps );\ prs_mem_free( &r_ps );\
return _smb_pipe_stat_;\ return _smb_pipe_stat_;\
}\ }\
if ( copy_sess_key ) prs_set_session_key(&r_ps, (const char *)pcli->dc->sess_key);\
if (!r_io_fn("", &r_out, &r_ps, 0)) {\ if (!r_io_fn("", &r_out, &r_ps, 0)) {\
prs_mem_free( &q_ps );\ prs_mem_free( &q_ps );\
prs_mem_free( &r_ps );\ prs_mem_free( &r_ps );\
@ -55,6 +57,21 @@
prs_mem_free( &r_ps );\ prs_mem_free( &r_ps );\
} }
#define CLI_DO_RPC_COPY_SESS_KEY( pcli, ctx, p_idx, opnum, q_in, r_out, \
q_ps, r_ps, q_io_fn, r_io_fn, default_error ) \
{\
CLI_DO_RPC_INTERNAL( pcli, ctx, p_idx, opnum, q_in, r_out, \
q_ps, r_ps, q_io_fn, r_io_fn, default_error, True ); \
}
#define CLI_DO_RPC( pcli, ctx, p_idx, opnum, q_in, r_out, \
q_ps, r_ps, q_io_fn, r_io_fn, default_error ) \
{\
CLI_DO_RPC_INTERNAL( pcli, ctx, p_idx, opnum, q_in, r_out, \
q_ps, r_ps, q_io_fn, r_io_fn, default_error, False ); \
}
/* Arrrgg. Same but with WERRORS. Needed for registry code. */ /* Arrrgg. Same but with WERRORS. Needed for registry code. */
#define CLI_DO_RPC_WERR( pcli, ctx, p_idx, opnum, q_in, r_out, \ #define CLI_DO_RPC_WERR( pcli, ctx, p_idx, opnum, q_in, r_out, \

View File

@ -604,15 +604,12 @@ NTSTATUS rpccli_netlogon_sam_sync(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c
creds_client_step(cli->dc, &clnt_creds); creds_client_step(cli->dc, &clnt_creds);
prs_set_session_key(&qbuf, (const char *)cli->dc->sess_key);
prs_set_session_key(&rbuf, (const char *)cli->dc->sess_key);
init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(), init_net_q_sam_sync(&q, cli->dc->remote_machine, global_myname(),
&clnt_creds, &ret_creds, database_id, next_rid); &clnt_creds, &ret_creds, database_id, next_rid);
/* Marshall data and send request */ /* Marshall data and send request */
CLI_DO_RPC(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC, CLI_DO_RPC_COPY_SESS_KEY(cli, mem_ctx, PI_NETLOGON, NET_SAM_SYNC,
q, r, q, r,
qbuf, rbuf, qbuf, rbuf,
net_io_q_sam_sync, net_io_q_sam_sync,