Fixed LSA Lookup Names. There were a few too many NULL pointers in a
authorMatthew Chapman <matty@samba.org>
Wed, 24 Mar 1999 12:18:28 +0000 (12:18 +0000)
committerMatthew Chapman <matty@samba.org>
Wed, 24 Mar 1999 12:18:28 +0000 (12:18 +0000)
negative response, which tended to crash lsass.exe.
(This used to be commit 6d03f61d2536630968007958345cf44a42b03584)

source3/include/rpc_lsa.h
source3/lsarpcd/srv_lsa.c
source3/rpc_client/cli_lsarpc.c
source3/rpc_parse/parse_lsa.c
source3/rpc_server/srv_lsa.c

index 1bd18bc7e86789950b79ccca1f21f1d240ee6a3f..02f8a63ab80570db5169a38483a8f312d97819fb 100644 (file)
@@ -274,7 +274,6 @@ typedef struct dom_trust_info
 /* DOM_R_REF */
 typedef struct dom_ref_info
 {
-       uint32 undoc_buffer; /* undocumented buffer pointer. */
        uint32 num_ref_doms_1; /* num referenced domains */
        uint32 ptr_ref_dom; /* pointer to referenced domains */
        uint32 max_entries; /* 32 - max number of entries */
@@ -336,7 +335,9 @@ typedef struct lsa_q_lookup_sids
 /* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */
 typedef struct lsa_r_lookup_sids
 {
+       uint32              ptr_dom_ref;
        DOM_R_REF           *dom_ref; /* domain reference info */
+
        LSA_TRANS_NAME_ENUM *names;
        uint32              mapped_count;
 
@@ -364,10 +365,11 @@ typedef struct lsa_q_lookup_names
 /* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */
 typedef struct lsa_r_lookup_names
 {
+       uint32 ptr_dom_ref;
        DOM_R_REF *dom_ref; /* domain reference info */
 
        uint32 num_entries;
-       uint32 undoc_buffer; /* undocumented buffer pointer */
+       uint32 ptr_entries;
        uint32 num_entries2; 
        DOM_RID2 *dom_rid; /* domain RIDs being looked up */
 
index 45ddefe592f5cd3cbcc6156c97cbabd4b07a5aa1..75512036b6e315748043c336deba3d3d2725514f 100644 (file)
@@ -175,7 +175,6 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
                return -1;
        }
 
-       ref->undoc_buffer = 1;
        ref->num_ref_doms_1 = num+1;
        ref->ptr_ref_dom  = 1;
        ref->max_entries = MAX_REF_DOMAINS;
@@ -268,13 +267,27 @@ static void make_lsa_rid2s(DOM_R_REF *ref,
 make_reply_lookup_names
  ***************************************************************************/
 static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
-                               DOM_R_REF *ref, DOM_RID2 *rid2,
-                               uint32 mapped_count, uint32 status)
+                               DOM_R_REF *ref, uint32 num_entries,
+                               DOM_RID2 *rid2, uint32 mapped_count)
 {
+       r_l->ptr_dom_ref  = 1;
        r_l->dom_ref      = ref;
+
+       r_l->num_entries  = num_entries;
+       r_l->ptr_entries  = 1;
+       r_l->num_entries2 = num_entries;
        r_l->dom_rid      = rid2;
+
        r_l->mapped_count = mapped_count;
-       r_l->status       = status;
+
+       if (mapped_count == 0)
+       {
+               r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+       else
+       {
+               r_l->status = 0x0;
+       }
 }
 
 /***************************************************************************
@@ -356,12 +369,21 @@ make_reply_lookup_sids
  ***************************************************************************/
 static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
                                DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
-                               uint32 mapped_count, uint32 status)
+                               uint32 mapped_count)
 {
+       r_l->ptr_dom_ref  = 1;
        r_l->dom_ref      = ref;
        r_l->names        = names;
        r_l->mapped_count = mapped_count;
-       r_l->status       = status;
+
+       if (mapped_count == 0)
+       {
+               r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+       else
+       {
+               r_l->status = 0x0;
+       }
 }
 
 /***************************************************************************
@@ -381,7 +403,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
 
        /* set up the LSA Lookup SIDs response */
        make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
-       make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
+       make_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
 
        /* store the response in the SMB stream */
        lsa_io_r_lookup_sids("", &r_l, rdata, 0);
@@ -404,11 +426,7 @@ static void lsa_reply_lookup_names(prs_struct *rdata,
 
        /* set up the LSA Lookup RIDs response */
        make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
-       make_reply_lookup_names(&r_l, &ref, rids, mapped_count, 0x0);
-
-       r_l.num_entries  = num_entries;
-       r_l.undoc_buffer = 1;
-       r_l.num_entries2 = num_entries;
+       make_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
 
        /* store the response in the SMB stream */
        lsa_io_r_lookup_names("", &r_l, rdata, 0);
@@ -541,7 +559,6 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 
        SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
 
-       /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
 }
 
index df4589662953645b1bd4d05f6804b007a4066c65..1c764c8b989b7aa44a42ad9ef05a41a9a9b82aa5 100644 (file)
@@ -270,7 +270,7 @@ BOOL lsa_lookup_names(struct cli_state *cli, uint16 fnum,
 
                if (p)
                {
-                       if (r_l.undoc_buffer != 0 && ref.undoc_buffer != 0)
+                       if (r_l.ptr_dom_ref != 0 && r_l.ptr_entries != 0)
                        {
                                valid_response = True;
                        }
@@ -399,7 +399,7 @@ BOOL lsa_lookup_sids(struct cli_state *cli, uint16 fnum,
 
                if (p)
                {
-                       if (t_names.ptr_trans_names != 0 && ref.undoc_buffer != 0)
+                       if (t_names.ptr_trans_names != 0 && r_l.ptr_dom_ref != 0)
                        {
                                valid_response = True;
                        }
index fc21546c61aeece37ed3676668d3127291b08294..c5767735b039bf27d57574b57dbd89f3167fbb50 100644 (file)
@@ -71,7 +71,6 @@ static void lsa_io_dom_r_ref(char *desc,  DOM_R_REF *r_r, prs_struct *ps, int de
 
        prs_align(ps);
        
-       prs_uint32("undoc_buffer  ", ps, depth, &(r_r->undoc_buffer  )); /* undocumented buffer pointer. */
        prs_uint32("num_ref_doms_1", ps, depth, &(r_r->num_ref_doms_1)); /* num referenced domains? */
        prs_uint32("ptr_ref_dom   ", ps, depth, &(r_r->ptr_ref_dom   )); /* undocumented buffer pointer. */
        prs_uint32("max_entries   ", ps, depth, &(r_r->max_entries   )); /* 32 - max number of entries */
@@ -915,15 +914,29 @@ void lsa_io_r_lookup_names(char *desc,  LSA_R_LOOKUP_NAMES *r_r, prs_struct *ps,
 
        prs_align(ps);
        
-       lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth); /* domain reference info */
+       prs_uint32("ptr_dom_ref", ps, depth, &(r_r->ptr_dom_ref));
+       if (r_r->ptr_dom_ref != 0)
+       {
+               lsa_io_dom_r_ref("", r_r->dom_ref, ps, depth);
+       }
 
-       prs_uint32("num_entries ", ps, depth, &(r_r->num_entries));
-       prs_uint32("undoc_buffer", ps, depth, &(r_r->undoc_buffer));
-       prs_uint32("num_entries2", ps, depth, &(r_r->num_entries2));
+       prs_uint32("num_entries", ps, depth, &(r_r->num_entries));
+       prs_uint32("ptr_entries", ps, depth, &(r_r->ptr_entries));
 
-       for (i = 0; i < r_r->num_entries2; i++)
+       if (r_r->ptr_entries != 0)
        {
-               smb_io_dom_rid2("", &(r_r->dom_rid[i]), ps, depth); /* domain RIDs being looked up */
+               prs_uint32("num_entries2", ps, depth, &(r_r->num_entries2));
+
+               if (r_r->num_entries2 != r_r->num_entries)
+               {
+                       /* RPC fault */
+                       return;
+               }
+
+               for (i = 0; i < r_r->num_entries2; i++)
+               {
+                       smb_io_dom_rid2("", &(r_r->dom_rid[i]), ps, depth); /* domain RIDs being looked up */
+               }
        }
 
        prs_uint32("mapped_count", ps, depth, &(r_r->mapped_count));
index 45ddefe592f5cd3cbcc6156c97cbabd4b07a5aa1..75512036b6e315748043c336deba3d3d2725514f 100644 (file)
@@ -175,7 +175,6 @@ static int make_dom_ref(DOM_R_REF *ref, char *dom_name, DOM_SID *dom_sid)
                return -1;
        }
 
-       ref->undoc_buffer = 1;
        ref->num_ref_doms_1 = num+1;
        ref->ptr_ref_dom  = 1;
        ref->max_entries = MAX_REF_DOMAINS;
@@ -268,13 +267,27 @@ static void make_lsa_rid2s(DOM_R_REF *ref,
 make_reply_lookup_names
  ***************************************************************************/
 static void make_reply_lookup_names(LSA_R_LOOKUP_NAMES *r_l,
-                               DOM_R_REF *ref, DOM_RID2 *rid2,
-                               uint32 mapped_count, uint32 status)
+                               DOM_R_REF *ref, uint32 num_entries,
+                               DOM_RID2 *rid2, uint32 mapped_count)
 {
+       r_l->ptr_dom_ref  = 1;
        r_l->dom_ref      = ref;
+
+       r_l->num_entries  = num_entries;
+       r_l->ptr_entries  = 1;
+       r_l->num_entries2 = num_entries;
        r_l->dom_rid      = rid2;
+
        r_l->mapped_count = mapped_count;
-       r_l->status       = status;
+
+       if (mapped_count == 0)
+       {
+               r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+       else
+       {
+               r_l->status = 0x0;
+       }
 }
 
 /***************************************************************************
@@ -356,12 +369,21 @@ make_reply_lookup_sids
  ***************************************************************************/
 static void make_reply_lookup_sids(LSA_R_LOOKUP_SIDS *r_l,
                                DOM_R_REF *ref, LSA_TRANS_NAME_ENUM *names,
-                               uint32 mapped_count, uint32 status)
+                               uint32 mapped_count)
 {
+       r_l->ptr_dom_ref  = 1;
        r_l->dom_ref      = ref;
        r_l->names        = names;
        r_l->mapped_count = mapped_count;
-       r_l->status       = status;
+
+       if (mapped_count == 0)
+       {
+               r_l->status = 0xC0000000 | NT_STATUS_NONE_MAPPED;
+       }
+       else
+       {
+               r_l->status = 0x0;
+       }
 }
 
 /***************************************************************************
@@ -381,7 +403,7 @@ static void lsa_reply_lookup_sids(prs_struct *rdata,
 
        /* set up the LSA Lookup SIDs response */
        make_lsa_trans_names(&ref, &names, num_entries, sid, &mapped_count);
-       make_reply_lookup_sids(&r_l, &ref, &names, mapped_count, 0x0);
+       make_reply_lookup_sids(&r_l, &ref, &names, mapped_count);
 
        /* store the response in the SMB stream */
        lsa_io_r_lookup_sids("", &r_l, rdata, 0);
@@ -404,11 +426,7 @@ static void lsa_reply_lookup_names(prs_struct *rdata,
 
        /* set up the LSA Lookup RIDs response */
        make_lsa_rid2s(&ref, rids, num_entries, names, &mapped_count);
-       make_reply_lookup_names(&r_l, &ref, rids, mapped_count, 0x0);
-
-       r_l.num_entries  = num_entries;
-       r_l.undoc_buffer = 1;
-       r_l.num_entries2 = num_entries;
+       make_reply_lookup_names(&r_l, &ref, num_entries, rids, mapped_count);
 
        /* store the response in the SMB stream */
        lsa_io_r_lookup_names("", &r_l, rdata, 0);
@@ -541,7 +559,6 @@ static void api_lsa_lookup_names( uint16 vuid, prs_struct *data,
 
        SMB_ASSERT_ARRAY(q_l.uni_name, q_l.num_entries);
 
-       /* construct reply.  return status is always 0x0 */
        lsa_reply_lookup_names(rdata, q_l.uni_name, q_l.num_entries);
 }