The branch, master has been updated via e31b9e0f663c442d2c65b56a755e5b37ed0cb368 (commit) via 6a97b4147c1a4f435051e19973e660d473adc4c9 (commit) via d2b836e19a20fee66e26e6ed4de359cf73149078 (commit) via 9571a182f1654c48e053120602b2a9dd58472f63 (commit) via 0bc7ff1e6b15859a02b57c48bd17698e727c1a8a (commit) from 969a2fc4dd5296dbe5a92742e984e1ce4c5d50c0 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit e31b9e0f663c442d2c65b56a755e5b37ed0cb368 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Thu Oct 16 02:00:46 2008 +0200 s3: remove old marshalling for SVCCTL_QUERY_SERVICE_CONFIG. Guenther commit 6a97b4147c1a4f435051e19973e660d473adc4c9 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Thu Oct 16 02:00:22 2008 +0200 s3: use IDL generated rpc for _svcctl_QueryServiceConfigW. Guenther commit d2b836e19a20fee66e26e6ed4de359cf73149078 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Thu Oct 16 01:35:27 2008 +0200 s3: remove rpccli_svcctl_query_config. Guenther commit 9571a182f1654c48e053120602b2a9dd58472f63 Author: Günther Deschner <[EMAIL PROTECTED]> Date: Thu Oct 16 01:22:21 2008 +0200 s3-build: re-run make samba3-idl. Guenther commit 0bc7ff1e6b15859a02b57c48bd17698e727c1a8a Author: Günther Deschner <[EMAIL PROTECTED]> Date: Thu Oct 16 01:21:46 2008 +0200 idl: fix svcctl_QueryServiceConfigW. Guenther ----------------------------------------------------------------------- Summary of changes: librpc/idl/svcctl.idl | 19 +++- source3/include/proto.h | 6 - source3/include/rpc_svcctl.h | 26 ---- source3/librpc/gen_ndr/cli_svcctl.c | 8 +- source3/librpc/gen_ndr/cli_svcctl.h | 6 +- source3/librpc/gen_ndr/ndr_svcctl.c | 237 ++++++++++++++++++++++++++++++++++- source3/librpc/gen_ndr/ndr_svcctl.h | 4 + source3/librpc/gen_ndr/srv_svcctl.c | 2 +- source3/librpc/gen_ndr/svcctl.h | 18 +++- source3/rpc_client/cli_svcctl.c | 76 ----------- source3/rpc_parse/parse_svcctl.c | 116 ----------------- source3/rpc_server/srv_svcctl.c | 18 +--- source3/rpc_server/srv_svcctl_nt.c | 40 +++---- source3/utils/net_rpc_service.c | 49 +++++--- 14 files changed, 325 insertions(+), 300 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 04d8eed..3eb686f 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -266,11 +266,24 @@ import "misc.idl"; /*****************/ /* Function 0x11 */ + + typedef [public,gensize] struct { + uint32 service_type; + uint32 start_type; + uint32 error_control; + [string,charset(UTF16)] [range(0,8192)] uint16 *executablepath; + [string,charset(UTF16)] [range(0,8192)] uint16 *loadordergroup; + uint32 tag_id; + [string,charset(UTF16)] [range(0,8192)] uint16 *dependencies; + [string,charset(UTF16)] [range(0,8192)] uint16 *startname; + [string,charset(UTF16)] [range(0,8192)] uint16 *displayname; + } QUERY_SERVICE_CONFIG; + WERROR svcctl_QueryServiceConfigW( [in,ref] policy_handle *handle, - [out] uint8 query[buf_size], /*QUERY_SERVICE_CONFIG */ - [in] uint32 buf_size, - [out,ref] uint32 *bytes_needed + [out] QUERY_SERVICE_CONFIG *query, + [in] [range(0,8192)] uint32 buf_size, + [out,ref] [range(0,8192)] uint32 *bytes_needed ); /*****************/ diff --git a/source3/include/proto.h b/source3/include/proto.h index 3c196db..dd9f022 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7172,8 +7172,6 @@ WERROR rpccli_spoolss_rffpcnex(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, WERROR rpccli_svcctl_enumerate_services( struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, POLICY_HND *hSCM, uint32 type, uint32 state, uint32 *returned, ENUM_SERVICES_STATUS **service_array ); -WERROR rpccli_svcctl_query_config(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, - POLICY_HND *hService, SERVICE_CONFIG *config ); /* The following definitions come from rpc_client/init_lsa.c */ @@ -8166,11 +8164,8 @@ bool convert_port_data_1( NT_PORT_DATA_1 *port1, RPC_BUFFER *buf ) ; bool svcctl_io_enum_services_status( const char *desc, ENUM_SERVICES_STATUS *enum_status, RPC_BUFFER *buffer, int depth ); bool svcctl_io_service_status_process( const char *desc, SERVICE_STATUS_PROCESS *status, RPC_BUFFER *buffer, int depth ); uint32 svcctl_sizeof_enum_services_status( ENUM_SERVICES_STATUS *status ); -uint32 svcctl_sizeof_service_config( SERVICE_CONFIG *config ); bool svcctl_io_q_enum_services_status(const char *desc, SVCCTL_Q_ENUM_SERVICES_STATUS *q_u, prs_struct *ps, int depth); bool svcctl_io_r_enum_services_status(const char *desc, SVCCTL_R_ENUM_SERVICES_STATUS *r_u, prs_struct *ps, int depth); -bool svcctl_io_q_query_service_config(const char *desc, SVCCTL_Q_QUERY_SERVICE_CONFIG *q_u, prs_struct *ps, int depth); -bool svcctl_io_r_query_service_config(const char *desc, SVCCTL_R_QUERY_SERVICE_CONFIG *r_u, prs_struct *ps, int depth); bool svcctl_io_q_query_service_config2(const char *desc, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, prs_struct *ps, int depth); void init_service_description_buffer(SERVICE_DESCRIPTION *desc, const char *service_desc ); bool svcctl_io_service_description( const char *desc, SERVICE_DESCRIPTION *description, RPC_BUFFER *buffer, int depth ); @@ -9096,7 +9091,6 @@ WERROR _svcctl_ControlService(pipes_struct *p, WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, struct svcctl_EnumDependentServicesW *r); WERROR _svcctl_query_service_status_ex( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_STATUSEX *q_u, SVCCTL_R_QUERY_SERVICE_STATUSEX *r_u ); -WERROR _svcctl_query_service_config( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG *r_u ); WERROR _svcctl_query_service_config2( pipes_struct *p, SVCCTL_Q_QUERY_SERVICE_CONFIG2 *q_u, SVCCTL_R_QUERY_SERVICE_CONFIG2 *r_u ); WERROR _svcctl_LockServiceDatabase(pipes_struct *p, struct svcctl_LockServiceDatabase *r); diff --git a/source3/include/rpc_svcctl.h b/source3/include/rpc_svcctl.h index aa1d166..0e31a53 100644 --- a/source3/include/rpc_svcctl.h +++ b/source3/include/rpc_svcctl.h @@ -142,18 +142,6 @@ typedef struct { } ENUM_SERVICES_STATUS; typedef struct { - uint32 service_type; - uint32 start_type; - uint32 error_control; - UNISTR2 *executablepath; - UNISTR2 *loadordergroup; - uint32 tag_id; - UNISTR2 *dependencies; - UNISTR2 *startname; - UNISTR2 *displayname; -} SERVICE_CONFIG; - -typedef struct { uint32 unknown; UNISTR description; } SERVICE_DESCRIPTION; @@ -216,20 +204,6 @@ typedef struct { typedef struct { POLICY_HND handle; - uint32 buffer_size; -} SVCCTL_Q_QUERY_SERVICE_CONFIG; - -typedef struct { - SERVICE_CONFIG config; - uint32 needed; - WERROR status; -} SVCCTL_R_QUERY_SERVICE_CONFIG; - - -/**************************/ - -typedef struct { - POLICY_HND handle; uint32 level; uint32 buffer_size; } SVCCTL_Q_QUERY_SERVICE_CONFIG2; diff --git a/source3/librpc/gen_ndr/cli_svcctl.c b/source3/librpc/gen_ndr/cli_svcctl.c index c996c76..e5fd4da 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.c +++ b/source3/librpc/gen_ndr/cli_svcctl.c @@ -858,9 +858,9 @@ NTSTATUS rpccli_svcctl_OpenServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint8_t *query /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + struct QUERY_SERVICE_CONFIG *query /* [out] [ref] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror) { struct svcctl_QueryServiceConfigW r; @@ -893,7 +893,7 @@ NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, } /* Return variables */ - memcpy(query, r.out.query, r.in.buf_size * sizeof(*query)); + *query = *r.out.query; *bytes_needed = *r.out.bytes_needed; /* Return result */ diff --git a/source3/librpc/gen_ndr/cli_svcctl.h b/source3/librpc/gen_ndr/cli_svcctl.h index 56f0a2b..02abbad 100644 --- a/source3/librpc/gen_ndr/cli_svcctl.h +++ b/source3/librpc/gen_ndr/cli_svcctl.h @@ -127,9 +127,9 @@ NTSTATUS rpccli_svcctl_OpenServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_QueryServiceConfigW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, - uint8_t *query /* [out] */, - uint32_t buf_size /* [in] */, - uint32_t *bytes_needed /* [out] [ref] */, + struct QUERY_SERVICE_CONFIG *query /* [out] [ref] */, + uint32_t buf_size /* [in] [range(0,8192)] */, + uint32_t *bytes_needed /* [out] [ref,range(0,8192)] */, WERROR *werror); NTSTATUS rpccli_svcctl_QueryServiceLockStatusW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, diff --git a/source3/librpc/gen_ndr/ndr_svcctl.c b/source3/librpc/gen_ndr/ndr_svcctl.c index ec1450b..e897ef3 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.c +++ b/source3/librpc/gen_ndr/ndr_svcctl.c @@ -353,6 +353,215 @@ _PUBLIC_ void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const ch ndr->depth--; } +_PUBLIC_ enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r) +{ + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_push_align(ndr, 4)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->service_type)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->start_type)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->error_control)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->executablepath)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->loadordergroup)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->tag_id)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->dependencies)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->startname)); + NDR_CHECK(ndr_push_unique_ptr(ndr, r->displayname)); + } + if (ndr_flags & NDR_BUFFERS) { + if (r->executablepath) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->executablepath, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->executablepath, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->executablepath, ndr_charset_length(r->executablepath, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->loadordergroup) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->loadordergroup, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->loadordergroup, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->loadordergroup, ndr_charset_length(r->loadordergroup, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->dependencies) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dependencies, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->dependencies, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->dependencies, ndr_charset_length(r->dependencies, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->startname) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->startname, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->startname, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->startname, ndr_charset_length(r->startname, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + if (r->displayname) { + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->displayname, CH_UTF16))); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, ndr_charset_length(r->displayname, CH_UTF16))); + NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->displayname, ndr_charset_length(r->displayname, CH_UTF16), sizeof(uint16_t), CH_UTF16)); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r) +{ + uint32_t _ptr_executablepath; + TALLOC_CTX *_mem_save_executablepath_0; + uint32_t _ptr_loadordergroup; + TALLOC_CTX *_mem_save_loadordergroup_0; + uint32_t _ptr_dependencies; + TALLOC_CTX *_mem_save_dependencies_0; + uint32_t _ptr_startname; + TALLOC_CTX *_mem_save_startname_0; + uint32_t _ptr_displayname; + TALLOC_CTX *_mem_save_displayname_0; + if (ndr_flags & NDR_SCALARS) { + NDR_CHECK(ndr_pull_align(ndr, 4)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->service_type)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->start_type)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->error_control)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_executablepath)); + if (_ptr_executablepath) { + NDR_PULL_ALLOC(ndr, r->executablepath); + } else { + r->executablepath = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_loadordergroup)); + if (_ptr_loadordergroup) { + NDR_PULL_ALLOC(ndr, r->loadordergroup); + } else { + r->loadordergroup = NULL; + } + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->tag_id)); + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_dependencies)); + if (_ptr_dependencies) { + NDR_PULL_ALLOC(ndr, r->dependencies); + } else { + r->dependencies = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_startname)); + if (_ptr_startname) { + NDR_PULL_ALLOC(ndr, r->startname); + } else { + r->startname = NULL; + } + NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_displayname)); + if (_ptr_displayname) { + NDR_PULL_ALLOC(ndr, r->displayname); + } else { + r->displayname = NULL; + } + } + if (ndr_flags & NDR_BUFFERS) { + if (r->executablepath) { + _mem_save_executablepath_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->executablepath, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->executablepath)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->executablepath)); + if (ndr_get_array_length(ndr, &r->executablepath) > ndr_get_array_size(ndr, &r->executablepath)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->executablepath), ndr_get_array_length(ndr, &r->executablepath)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->executablepath, ndr_get_array_length(ndr, &r->executablepath), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_executablepath_0, 0); + } + if (r->loadordergroup) { + _mem_save_loadordergroup_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->loadordergroup, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->loadordergroup)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->loadordergroup)); + if (ndr_get_array_length(ndr, &r->loadordergroup) > ndr_get_array_size(ndr, &r->loadordergroup)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->loadordergroup), ndr_get_array_length(ndr, &r->loadordergroup)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->loadordergroup, ndr_get_array_length(ndr, &r->loadordergroup), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_loadordergroup_0, 0); + } + if (r->dependencies) { + _mem_save_dependencies_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->dependencies, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->dependencies)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->dependencies)); + if (ndr_get_array_length(ndr, &r->dependencies) > ndr_get_array_size(ndr, &r->dependencies)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->dependencies), ndr_get_array_length(ndr, &r->dependencies)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->dependencies, ndr_get_array_length(ndr, &r->dependencies), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_dependencies_0, 0); + } + if (r->startname) { + _mem_save_startname_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->startname, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->startname)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->startname)); + if (ndr_get_array_length(ndr, &r->startname) > ndr_get_array_size(ndr, &r->startname)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->startname), ndr_get_array_length(ndr, &r->startname)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->startname, ndr_get_array_length(ndr, &r->startname), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_startname_0, 0); + } + if (r->displayname) { + _mem_save_displayname_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->displayname, 0); + NDR_CHECK(ndr_pull_array_size(ndr, &r->displayname)); + NDR_CHECK(ndr_pull_array_length(ndr, &r->displayname)); + if (ndr_get_array_length(ndr, &r->displayname) > ndr_get_array_size(ndr, &r->displayname)) { + return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, "Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, &r->displayname), ndr_get_array_length(ndr, &r->displayname)); + } + NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t))); + NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->displayname, ndr_get_array_length(ndr, &r->displayname), sizeof(uint16_t), CH_UTF16)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_displayname_0, 0); + } + } + return NDR_ERR_SUCCESS; +} + +_PUBLIC_ void ndr_print_QUERY_SERVICE_CONFIG(struct ndr_print *ndr, const char *name, const struct QUERY_SERVICE_CONFIG *r) +{ + ndr_print_struct(ndr, name, "QUERY_SERVICE_CONFIG"); + ndr->depth++; + ndr_print_uint32(ndr, "service_type", r->service_type); + ndr_print_uint32(ndr, "start_type", r->start_type); + ndr_print_uint32(ndr, "error_control", r->error_control); + ndr_print_ptr(ndr, "executablepath", r->executablepath); + ndr->depth++; + if (r->executablepath) { + ndr_print_string(ndr, "executablepath", r->executablepath); + } + ndr->depth--; + ndr_print_ptr(ndr, "loadordergroup", r->loadordergroup); + ndr->depth++; + if (r->loadordergroup) { + ndr_print_string(ndr, "loadordergroup", r->loadordergroup); + } + ndr->depth--; + ndr_print_uint32(ndr, "tag_id", r->tag_id); + ndr_print_ptr(ndr, "dependencies", r->dependencies); + ndr->depth++; + if (r->dependencies) { + ndr_print_string(ndr, "dependencies", r->dependencies); + } + ndr->depth--; + ndr_print_ptr(ndr, "startname", r->startname); + ndr->depth++; + if (r->startname) { + ndr_print_string(ndr, "startname", r->startname); + } + ndr->depth--; + ndr_print_ptr(ndr, "displayname", r->displayname); + ndr->depth++; + if (r->displayname) { + ndr_print_string(ndr, "displayname", r->displayname); + } + ndr->depth--; + ndr->depth--; +} + +_PUBLIC_ size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG *r, int flags) +{ + return ndr_size_struct(r, flags, (ndr_push_flags_fn_t)ndr_push_QUERY_SERVICE_CONFIG); +} + static enum ndr_err_code ndr_push_svcctl_CloseServiceHandle(struct ndr_push *ndr, int flags, const struct svcctl_CloseServiceHandle *r) { if (flags & NDR_IN) { @@ -2260,7 +2469,10 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfigW(struct ndr_push *nd NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buf_size)); } if (flags & NDR_OUT) { - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.query, r->in.buf_size)); + if (r->out.query == NULL) { + return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); + } + NDR_CHECK(ndr_push_QUERY_SERVICE_CONFIG(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.query)); if (r->out.bytes_needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -2273,6 +2485,7 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceConfigW(struct ndr_push *nd static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigW(struct ndr_pull *ndr, int flags, struct svcctl_QueryServiceConfigW *r) { TALLOC_CTX *_mem_save_handle_0; + TALLOC_CTX *_mem_save_query_0; TALLOC_CTX *_mem_save_bytes_needed_0; if (flags & NDR_IN) { ZERO_STRUCT(r->out); @@ -2285,18 +2498,31 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceConfigW(struct ndr_pull *nd NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buf_size)); + if (r->in.buf_size < 0 || r->in.buf_size > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } + NDR_PULL_ALLOC(ndr, r->out.query); + ZERO_STRUCTP(r->out.query); NDR_PULL_ALLOC(ndr, r->out.bytes_needed); ZERO_STRUCTP(r->out.bytes_needed); } if (flags & NDR_OUT) { - NDR_PULL_ALLOC_N(ndr, r->out.query, r->in.buf_size); - NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->out.query, r->in.buf_size)); + if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { + NDR_PULL_ALLOC(ndr, r->out.query); + } + _mem_save_query_0 = NDR_PULL_GET_MEM_CTX(ndr); + NDR_PULL_SET_MEM_CTX(ndr, r->out.query, LIBNDR_FLAG_REF_ALLOC); + NDR_CHECK(ndr_pull_QUERY_SERVICE_CONFIG(ndr, NDR_SCALARS|NDR_BUFFERS, r->out.query)); + NDR_PULL_SET_MEM_CTX(ndr, _mem_save_query_0, LIBNDR_FLAG_REF_ALLOC); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC(ndr, r->out.bytes_needed); } _mem_save_bytes_needed_0 = NDR_PULL_GET_MEM_CTX(ndr); NDR_PULL_SET_MEM_CTX(ndr, r->out.bytes_needed, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.bytes_needed)); + if (*r->out.bytes_needed < 0 || *r->out.bytes_needed > 8192) { + return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); + } NDR_PULL_SET_MEM_CTX(ndr, _mem_save_bytes_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); } @@ -2323,7 +2549,10 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceConfigW(struct ndr_print *ndr, const if (flags & NDR_OUT) { ndr_print_struct(ndr, "out", "svcctl_QueryServiceConfigW"); ndr->depth++; - ndr_print_array_uint8(ndr, "query", r->out.query, r->in.buf_size); + ndr_print_ptr(ndr, "query", r->out.query); + ndr->depth++; + ndr_print_QUERY_SERVICE_CONFIG(ndr, "query", r->out.query); + ndr->depth--; ndr_print_ptr(ndr, "bytes_needed", r->out.bytes_needed); ndr->depth++; ndr_print_uint32(ndr, "bytes_needed", *r->out.bytes_needed); diff --git a/source3/librpc/gen_ndr/ndr_svcctl.h b/source3/librpc/gen_ndr/ndr_svcctl.h index 4475b08..0bebd34 100644 --- a/source3/librpc/gen_ndr/ndr_svcctl.h +++ b/source3/librpc/gen_ndr/ndr_svcctl.h @@ -108,6 +108,10 @@ enum ndr_err_code ndr_pull_svcctl_ServerType(struct ndr_pull *ndr, int ndr_flags void ndr_print_svcctl_ServerType(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_MgrAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); void ndr_print_svcctl_ServiceAccessMask(struct ndr_print *ndr, const char *name, uint32_t r); +enum ndr_err_code ndr_push_QUERY_SERVICE_CONFIG(struct ndr_push *ndr, int ndr_flags, const struct QUERY_SERVICE_CONFIG *r); +enum ndr_err_code ndr_pull_QUERY_SERVICE_CONFIG(struct ndr_pull *ndr, int ndr_flags, struct QUERY_SERVICE_CONFIG *r); +void ndr_print_QUERY_SERVICE_CONFIG(struct ndr_print *ndr, const char *name, const struct QUERY_SERVICE_CONFIG *r); +size_t ndr_size_QUERY_SERVICE_CONFIG(const struct QUERY_SERVICE_CONFIG *r, int flags); void ndr_print_svcctl_CloseServiceHandle(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_CloseServiceHandle *r); void ndr_print_svcctl_ControlService(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_ControlService *r); void ndr_print_svcctl_DeleteService(struct ndr_print *ndr, const char *name, int flags, const struct svcctl_DeleteService *r); diff --git a/source3/librpc/gen_ndr/srv_svcctl.c b/source3/librpc/gen_ndr/srv_svcctl.c index 05184e6..2349b4f 100644 --- a/source3/librpc/gen_ndr/srv_svcctl.c +++ b/source3/librpc/gen_ndr/srv_svcctl.c @@ -1392,7 +1392,7 @@ static bool api_svcctl_QueryServiceConfigW(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.query = talloc_zero_array(r, uint8_t, r->in.buf_size); + r->out.query = talloc_zero(r, struct QUERY_SERVICE_CONFIG); if (r->out.query == NULL) { talloc_free(r); return false; diff --git a/source3/librpc/gen_ndr/svcctl.h b/source3/librpc/gen_ndr/svcctl.h index b7f39a9..42ed039 100644 --- a/source3/librpc/gen_ndr/svcctl.h +++ b/source3/librpc/gen_ndr/svcctl.h @@ -99,6 +99,18 @@ enum SERVICE_CONTROL #define SC_RIGHT_SVC_INTERROGATE ( 0x0080 ) #define SC_RIGHT_SVC_USER_DEFINED_CONTROL ( 0x0100 ) +struct QUERY_SERVICE_CONFIG { + uint32_t service_type; + uint32_t start_type; + uint32_t error_control; + const char *executablepath;/* [unique,range(0,8192),charset(UTF16)] */ + const char *loadordergroup;/* [unique,range(0,8192),charset(UTF16)] */ + uint32_t tag_id; + const char *dependencies;/* [unique,range(0,8192),charset(UTF16)] */ + const char *startname;/* [unique,range(0,8192),charset(UTF16)] */ + const char *displayname;/* [unique,range(0,8192),charset(UTF16)] */ +}/* [gensize,public] */; + struct svcctl_CloseServiceHandle { struct { @@ -360,12 +372,12 @@ struct svcctl_OpenServiceW { struct svcctl_QueryServiceConfigW { struct { struct policy_handle *handle;/* [ref] */ - uint32_t buf_size; + uint32_t buf_size;/* [range(0,8192)] */ } in; struct { - uint8_t *query; - uint32_t *bytes_needed;/* [ref] */ -- Samba Shared Repository