The branch, v3-4-test has been updated via fa1ca9ab110d43e1c56c8d28d8143c79891ff8a0 (commit) via 09397f1889db4957218d780117b6ce312f03e638 (commit) via f1e3ae21d3d7a5f05b6306c25a5f0084ff549400 (commit) via 6fd320aa148a81fba79fcab4996cabc7d07224b2 (commit) via 8af57b3e79e401dc9f1d7e4223b1e4801dc0020d (commit) via 658c00828f825c0a2ec8ed062dabe4c433811a75 (commit) via d3946e41a35eb64fd2f02b6a5c06954fb4539b5d (commit) via 1763968949d23b180e6905a35ea7862190cb9cf4 (commit) via 38ff81c37ef26981c08ada5968d913303fc00cbe (commit) via d837e55bf9e267ac42686b23d27ca81eaafb7ec7 (commit) via 1d7a9c156602912c9935ed1da5dd67c1e0794952 (commit) from a1513ce0851a64df0d80306b13e0ebd2fbfe28ce (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test - Log ----------------------------------------------------------------- commit fa1ca9ab110d43e1c56c8d28d8143c79891ff8a0 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 15:39:45 2009 +0200 s3-svcctl: minor fix for _svcctl_EnumDependentServicesW(). Guenther (cherry picked from commit 76da89daaadc358c836817cf597a1ff1489a9029) commit 09397f1889db4957218d780117b6ce312f03e638 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 15:30:18 2009 +0200 s4-smbtorture: add test_EnumDependentServicesW() to RPC-SVCCTL. Guenther (cherry picked from commit 693c2e95294909292cd28982983681ea24912d28) commit f1e3ae21d3d7a5f05b6306c25a5f0084ff549400 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 16:41:32 2009 +0200 s3: re-run make samba3-idl. Guenther (cherry picked from commit 2d211450420ee4848d3c5ad73ce9d529a267c13a) commit 6fd320aa148a81fba79fcab4996cabc7d07224b2 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 16:40:13 2009 +0200 svcctl: use svcctl_ServiceState type for dependent calls in IDL. Guenther (cherry picked from commit af32ab94eb5cb954328174f6809ff3c856d3ef6e) commit 8af57b3e79e401dc9f1d7e4223b1e4801dc0020d Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 15:08:29 2009 +0200 s3-svcctl: Fix invalid buffer memset in _svcctl_QueryServiceObjectSecurity(). Found by torture-test. Guenther (cherry picked from commit 8b9f2abfcb956f3ad496cefcc9d8ced8eadf1470) commit 658c00828f825c0a2ec8ed062dabe4c433811a75 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 10:26:17 2009 +0200 s4-smbtorture: add test_QueryServiceObjectSecurity() to RPC-SVCCTL test. Guenther (cherry picked from commit 1632a4ebabc7414c8fd05084cd7ca83fb9233297) commit d3946e41a35eb64fd2f02b6a5c06954fb4539b5d Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 13:27:08 2009 +0200 s3-svcctl: Fix _svcctl_Set/GetServiceObjectSecurity after IDL changes. Guenther (cherry picked from commit acd7fef984cba906163b7114a087ca3904e47566) commit 1763968949d23b180e6905a35ea7862190cb9cf4 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 13:25:21 2009 +0200 s3: re-run make samba3-idl. Guenther (cherry picked from commit 0ee3c433c84cd740960216535f181b59bedbd374) commit 38ff81c37ef26981c08ada5968d913303fc00cbe Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 10:19:03 2009 +0200 svcctl: Fix IDL for svcctl_QueryServiceObjectSecurity and Set call. Guenther (cherry picked from commit f0d045be4fbbdc1cd3d76281b0cc3c2fc36e20de) commit d837e55bf9e267ac42686b23d27ca81eaafb7ec7 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 10:07:07 2009 +0200 s4-smbtorture: add test_QueryServiceConfigW() to RPC-SVCCTL. Guenther (cherry picked from commit 9945d15a5d184dc9a809072b7c01e5ddff96d26b) commit 1d7a9c156602912c9935ed1da5dd67c1e0794952 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 9 10:01:02 2009 +0200 s4-smbtorture: add test_QueryServiceStatus() to RPC-SVCCTL. Guenther (cherry picked from commit 544113f9dd97b183bb510b92cf7626d93ac9bcf8) ----------------------------------------------------------------------- Summary of changes: librpc/gen_ndr/cli_svcctl.c | 18 ++-- librpc/gen_ndr/cli_svcctl.h | 12 +- librpc/gen_ndr/ndr_svcctl.c | 58 +++++----- librpc/gen_ndr/srv_svcctl.c | 4 +- librpc/gen_ndr/svcctl.h | 12 +- librpc/idl/svcctl.idl | 16 ++-- source3/rpc_server/srv_svcctl_nt.c | 15 ++- source4/torture/rpc/svcctl.c | 198 +++++++++++++++++++++++++++++++++++- 8 files changed, 269 insertions(+), 64 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/gen_ndr/cli_svcctl.c b/librpc/gen_ndr/cli_svcctl.c index bc49121..f6cedfb 100644 --- a/librpc/gen_ndr/cli_svcctl.c +++ b/librpc/gen_ndr/cli_svcctl.c @@ -189,8 +189,8 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t security_flags /* [in] */, - uint8_t *buffer /* [out] [ref,size_is(buffer_size)] */, - uint32_t buffer_size /* [in] [range(0,0x40000)] */, + uint8_t *buffer /* [out] [ref,size_is(offered)] */, + uint32_t offered /* [in] [range(0,0x40000)] */, uint32_t *needed /* [out] [ref,range(0,0x40000)] */, WERROR *werror) { @@ -200,7 +200,7 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli, /* In parameters */ r.in.handle = handle; r.in.security_flags = security_flags; - r.in.buffer_size = buffer_size; + r.in.offered = offered; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(svcctl_QueryServiceObjectSecurity, &r); @@ -225,7 +225,7 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli, } /* Return variables */ - memcpy(buffer, r.out.buffer, r.in.buffer_size * sizeof(*buffer)); + memcpy(buffer, r.out.buffer, r.in.offered * sizeof(*buffer)); *needed = *r.out.needed; /* Return result */ @@ -240,8 +240,8 @@ NTSTATUS rpccli_svcctl_SetServiceObjectSecurity(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t security_flags /* [in] */, - uint8_t *buffer /* [in] [ref,size_is(buffer_size)] */, - uint32_t buffer_size /* [in] */, + uint8_t *buffer /* [in] [ref,size_is(offered)] */, + uint32_t offered /* [in] */, WERROR *werror) { struct svcctl_SetServiceObjectSecurity r; @@ -251,7 +251,7 @@ NTSTATUS rpccli_svcctl_SetServiceObjectSecurity(struct rpc_pipe_client *cli, r.in.handle = handle; r.in.security_flags = security_flags; r.in.buffer = buffer; - r.in.buffer_size = buffer_size; + r.in.offered = offered; if (DEBUGLEVEL >= 10) { NDR_PRINT_IN_DEBUG(svcctl_SetServiceObjectSecurity, &r); @@ -647,7 +647,7 @@ NTSTATUS rpccli_svcctl_CreateServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_EnumDependentServicesW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *service /* [in] [ref] */, - uint32_t state /* [in] */, + enum svcctl_ServiceState state /* [in] */, uint8_t *service_status /* [out] [ref,size_is(offered)] */, uint32_t offered /* [in] [range(0,0x40000)] */, uint32_t *needed /* [out] [ref,range(0,0x40000)] */, @@ -1288,7 +1288,7 @@ NTSTATUS rpccli_svcctl_CreateServiceA(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_EnumDependentServicesA(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *service /* [in] [ref] */, - uint32_t state /* [in] */, + enum svcctl_ServiceState state /* [in] */, struct ENUM_SERVICE_STATUSA *service_status /* [out] [unique] */, uint32_t offered /* [in] */, uint32_t *needed /* [out] [ref] */, diff --git a/librpc/gen_ndr/cli_svcctl.h b/librpc/gen_ndr/cli_svcctl.h index 60a7fdf..c656eba 100644 --- a/librpc/gen_ndr/cli_svcctl.h +++ b/librpc/gen_ndr/cli_svcctl.h @@ -24,16 +24,16 @@ NTSTATUS rpccli_svcctl_QueryServiceObjectSecurity(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t security_flags /* [in] */, - uint8_t *buffer /* [out] [ref,size_is(buffer_size)] */, - uint32_t buffer_size /* [in] [range(0,0x40000)] */, + uint8_t *buffer /* [out] [ref,size_is(offered)] */, + uint32_t offered /* [in] [range(0,0x40000)] */, uint32_t *needed /* [out] [ref,range(0,0x40000)] */, WERROR *werror); NTSTATUS rpccli_svcctl_SetServiceObjectSecurity(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *handle /* [in] [ref] */, uint32_t security_flags /* [in] */, - uint8_t *buffer /* [in] [ref,size_is(buffer_size)] */, - uint32_t buffer_size /* [in] */, + uint8_t *buffer /* [in] [ref,size_is(offered)] */, + uint32_t offered /* [in] */, WERROR *werror); NTSTATUS rpccli_svcctl_QueryServiceStatus(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, @@ -93,7 +93,7 @@ NTSTATUS rpccli_svcctl_CreateServiceW(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_EnumDependentServicesW(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *service /* [in] [ref] */, - uint32_t state /* [in] */, + enum svcctl_ServiceState state /* [in] */, uint8_t *service_status /* [out] [ref,size_is(offered)] */, uint32_t offered /* [in] [range(0,0x40000)] */, uint32_t *needed /* [out] [ref,range(0,0x40000)] */, @@ -198,7 +198,7 @@ NTSTATUS rpccli_svcctl_CreateServiceA(struct rpc_pipe_client *cli, NTSTATUS rpccli_svcctl_EnumDependentServicesA(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, struct policy_handle *service /* [in] [ref] */, - uint32_t state /* [in] */, + enum svcctl_ServiceState state /* [in] */, struct ENUM_SERVICE_STATUSA *service_status /* [out] [unique] */, uint32_t offered /* [in] */, uint32_t *needed /* [out] [ref] */, diff --git a/librpc/gen_ndr/ndr_svcctl.c b/librpc/gen_ndr/ndr_svcctl.c index 06ea6db..ee828ee 100644 --- a/librpc/gen_ndr/ndr_svcctl.c +++ b/librpc/gen_ndr/ndr_svcctl.c @@ -1592,15 +1592,15 @@ static enum ndr_err_code ndr_push_svcctl_QueryServiceObjectSecurity(struct ndr_p return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.security_flags)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size)); + NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.security_flags)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); } if (flags & NDR_OUT) { if (r->out.buffer == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.buffer_size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->out.buffer, r->in.offered)); if (r->out.needed == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } @@ -1624,13 +1624,13 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceObjectSecurity(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.security_flags)); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buffer_size)); - if (r->in.buffer_size > 0x40000) { + NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.security_flags)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); + if (r->in.offered > 0x40000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); } - NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.buffer_size); - memset(r->out.buffer, 0, (r->in.buffer_size) * sizeof(*r->out.buffer)); + NDR_PULL_ALLOC_N(ndr, r->out.buffer, r->in.offered); + memset(r->out.buffer, 0, (r->in.offered) * sizeof(*r->out.buffer)); NDR_PULL_ALLOC(ndr, r->out.needed); ZERO_STRUCTP(r->out.needed); } @@ -1652,7 +1652,7 @@ static enum ndr_err_code ndr_pull_svcctl_QueryServiceObjectSecurity(struct ndr_p NDR_PULL_SET_MEM_CTX(ndr, _mem_save_needed_0, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); if (r->out.buffer) { - NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.buffer_size)); + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.buffer, r->in.offered)); } } return NDR_ERR_SUCCESS; @@ -1672,8 +1672,8 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceObjectSecurity(struct ndr_print *ndr, ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "security_flags", r->in.security_flags); - ndr_print_uint32(ndr, "buffer_size", r->in.buffer_size); + ndr_print_security_secinfo(ndr, "security_flags", r->in.security_flags); + ndr_print_uint32(ndr, "offered", r->in.offered); ndr->depth--; } if (flags & NDR_OUT) { @@ -1681,7 +1681,7 @@ _PUBLIC_ void ndr_print_svcctl_QueryServiceObjectSecurity(struct ndr_print *ndr, ndr->depth++; ndr_print_ptr(ndr, "buffer", r->out.buffer); ndr->depth++; - ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.buffer_size); + ndr_print_array_uint8(ndr, "buffer", r->out.buffer, r->in.offered); ndr->depth--; ndr_print_ptr(ndr, "needed", r->out.needed); ndr->depth++; @@ -1700,13 +1700,13 @@ static enum ndr_err_code ndr_push_svcctl_SetServiceObjectSecurity(struct ndr_pus return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.handle)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.security_flags)); + NDR_CHECK(ndr_push_security_secinfo(ndr, NDR_SCALARS, r->in.security_flags)); if (r->in.buffer == NULL) { return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size)); - NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->in.buffer, r->in.buffer_size)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.buffer_size)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); + NDR_CHECK(ndr_push_array_uint8(ndr, NDR_SCALARS, r->in.buffer, r->in.offered)); + NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); } if (flags & NDR_OUT) { NDR_CHECK(ndr_push_WERROR(ndr, NDR_SCALARS, r->out.result)); @@ -1725,15 +1725,15 @@ static enum ndr_err_code ndr_pull_svcctl_SetServiceObjectSecurity(struct ndr_pul NDR_PULL_SET_MEM_CTX(ndr, r->in.handle, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.handle)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_handle_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.security_flags)); + NDR_CHECK(ndr_pull_security_secinfo(ndr, NDR_SCALARS, &r->in.security_flags)); NDR_CHECK(ndr_pull_array_size(ndr, &r->in.buffer)); if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { NDR_PULL_ALLOC_N(ndr, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer)); } NDR_CHECK(ndr_pull_array_uint8(ndr, NDR_SCALARS, r->in.buffer, ndr_get_array_size(ndr, &r->in.buffer))); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.buffer_size)); + NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); if (r->in.buffer) { - NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.buffer, r->in.buffer_size)); + NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->in.buffer, r->in.offered)); } } if (flags & NDR_OUT) { @@ -1756,12 +1756,12 @@ _PUBLIC_ void ndr_print_svcctl_SetServiceObjectSecurity(struct ndr_print *ndr, c ndr->depth++; ndr_print_policy_handle(ndr, "handle", r->in.handle); ndr->depth--; - ndr_print_uint32(ndr, "security_flags", r->in.security_flags); + ndr_print_security_secinfo(ndr, "security_flags", r->in.security_flags); ndr_print_ptr(ndr, "buffer", r->in.buffer); ndr->depth++; - ndr_print_array_uint8(ndr, "buffer", r->in.buffer, r->in.buffer_size); + ndr_print_array_uint8(ndr, "buffer", r->in.buffer, r->in.offered); ndr->depth--; - ndr_print_uint32(ndr, "buffer_size", r->in.buffer_size); + ndr_print_uint32(ndr, "offered", r->in.offered); ndr->depth--; } if (flags & NDR_OUT) { @@ -2689,7 +2689,7 @@ static enum ndr_err_code ndr_push_svcctl_EnumDependentServicesW(struct ndr_push return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.service)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.state)); + NDR_CHECK(ndr_push_svcctl_ServiceState(ndr, NDR_SCALARS, r->in.state)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); } if (flags & NDR_OUT) { @@ -2726,7 +2726,7 @@ static enum ndr_err_code ndr_pull_svcctl_EnumDependentServicesW(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.service)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); + NDR_CHECK(ndr_pull_svcctl_ServiceState(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); if (r->in.offered > 0x40000) { return ndr_pull_error(ndr, NDR_ERR_RANGE, "value out of range"); @@ -2786,7 +2786,7 @@ _PUBLIC_ void ndr_print_svcctl_EnumDependentServicesW(struct ndr_print *ndr, con ndr->depth++; ndr_print_policy_handle(ndr, "service", r->in.service); ndr->depth--; - ndr_print_uint32(ndr, "state", r->in.state); + ndr_print_svcctl_ServiceState(ndr, "state", r->in.state); ndr_print_uint32(ndr, "offered", r->in.offered); ndr->depth--; } @@ -4561,7 +4561,7 @@ static enum ndr_err_code ndr_push_svcctl_EnumDependentServicesA(struct ndr_push return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); } NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS, r->in.service)); - NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.state)); + NDR_CHECK(ndr_push_svcctl_ServiceState(ndr, NDR_SCALARS, r->in.state)); NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); } if (flags & NDR_OUT) { @@ -4599,7 +4599,7 @@ static enum ndr_err_code ndr_pull_svcctl_EnumDependentServicesA(struct ndr_pull NDR_PULL_SET_MEM_CTX(ndr, r->in.service, LIBNDR_FLAG_REF_ALLOC); NDR_CHECK(ndr_pull_policy_handle(ndr, NDR_SCALARS, r->in.service)); NDR_PULL_SET_MEM_CTX(ndr, _mem_save_service_0, LIBNDR_FLAG_REF_ALLOC); - NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.state)); + NDR_CHECK(ndr_pull_svcctl_ServiceState(ndr, NDR_SCALARS, &r->in.state)); NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); NDR_PULL_ALLOC(ndr, r->out.needed); ZERO_STRUCTP(r->out.needed); @@ -4652,7 +4652,7 @@ _PUBLIC_ void ndr_print_svcctl_EnumDependentServicesA(struct ndr_print *ndr, con ndr->depth++; ndr_print_policy_handle(ndr, "service", r->in.service); ndr->depth--; - ndr_print_uint32(ndr, "state", r->in.state); + ndr_print_svcctl_ServiceState(ndr, "state", r->in.state); ndr_print_uint32(ndr, "offered", r->in.offered); ndr->depth--; } diff --git a/librpc/gen_ndr/srv_svcctl.c b/librpc/gen_ndr/srv_svcctl.c index 3d80472..cd5a0ee 100644 --- a/librpc/gen_ndr/srv_svcctl.c +++ b/librpc/gen_ndr/srv_svcctl.c @@ -353,7 +353,7 @@ static bool api_svcctl_QueryServiceObjectSecurity(pipes_struct *p) } ZERO_STRUCT(r->out); - r->out.buffer = talloc_zero_array(r, uint8_t, r->in.buffer_size); + r->out.buffer = talloc_zero_array(r, uint8_t, r->in.offered); if (r->out.buffer == NULL) { talloc_free(r); return false; @@ -3658,7 +3658,7 @@ NTSTATUS rpc_svcctl_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, c case NDR_SVCCTL_QUERYSERVICEOBJECTSECURITY: { struct svcctl_QueryServiceObjectSecurity *r = (struct svcctl_QueryServiceObjectSecurity *)_r; ZERO_STRUCT(r->out); - r->out.buffer = talloc_zero_array(mem_ctx, uint8_t, r->in.buffer_size); + r->out.buffer = talloc_zero_array(mem_ctx, uint8_t, r->in.offered); if (r->out.buffer == NULL) { return NT_STATUS_NO_MEMORY; } diff --git a/librpc/gen_ndr/svcctl.h b/librpc/gen_ndr/svcctl.h index f87d2cc..c0daab4 100644 --- a/librpc/gen_ndr/svcctl.h +++ b/librpc/gen_ndr/svcctl.h @@ -341,11 +341,11 @@ struct svcctl_QueryServiceObjectSecurity { struct { struct policy_handle *handle;/* [ref] */ uint32_t security_flags; - uint32_t buffer_size;/* [range(0,0x40000)] */ + uint32_t offered;/* [range(0,0x40000)] */ } in; struct { - uint8_t *buffer;/* [ref,size_is(buffer_size)] */ + uint8_t *buffer;/* [ref,size_is(offered)] */ uint32_t *needed;/* [ref,range(0,0x40000)] */ WERROR result; } out; @@ -357,8 +357,8 @@ struct svcctl_SetServiceObjectSecurity { struct { struct policy_handle *handle;/* [ref] */ uint32_t security_flags; - uint8_t *buffer;/* [ref,size_is(buffer_size)] */ - uint32_t buffer_size; + uint8_t *buffer;/* [ref,size_is(offered)] */ + uint32_t offered; } in; struct { @@ -478,7 +478,7 @@ struct svcctl_CreateServiceW { struct svcctl_EnumDependentServicesW { struct { struct policy_handle *service;/* [ref] */ - uint32_t state; + enum svcctl_ServiceState state; uint32_t offered;/* [range(0,0x40000)] */ } in; @@ -682,7 +682,7 @@ struct svcctl_CreateServiceA { struct svcctl_EnumDependentServicesA { struct { struct policy_handle *service;/* [ref] */ - uint32_t state; + enum svcctl_ServiceState state; uint32_t offered; } in; diff --git a/librpc/idl/svcctl.idl b/librpc/idl/svcctl.idl index 2f461d6..a5685e8 100644 --- a/librpc/idl/svcctl.idl +++ b/librpc/idl/svcctl.idl @@ -156,9 +156,9 @@ import "misc.idl", "security.idl"; /* Function 0x04 */ WERROR svcctl_QueryServiceObjectSecurity( [in] policy_handle *handle, - [in] uint32 security_flags, - [out,ref,size_is(buffer_size)] uint8 *buffer, - [in,range(0,0x40000)] uint32 buffer_size, + [in] security_secinfo security_flags, + [out,ref,size_is(offered)] uint8 *buffer, + [in,range(0,0x40000)] uint32 offered, [out,ref,range(0,0x40000)] uint32 *needed ); @@ -166,9 +166,9 @@ import "misc.idl", "security.idl"; /* Function 0x05 */ WERROR svcctl_SetServiceObjectSecurity( [in] policy_handle *handle, - [in] uint32 security_flags, - [in,ref,size_is(buffer_size)] uint8 *buffer, - [in] uint32 buffer_size + [in] security_secinfo security_flags, + [in,ref,size_is(offered)] uint8 *buffer, + [in] uint32 offered ); /*****************/ @@ -260,7 +260,7 @@ import "misc.idl", "security.idl"; /* Function 0x0d */ WERROR svcctl_EnumDependentServicesW( [in,ref] policy_handle *service, - [in] uint32 state, + [in] svcctl_ServiceState state, [out,ref,size_is(offered)] uint8 *service_status, [in,range(0,0x40000)] uint32 offered, [out,ref,range(0,0x40000)] uint32 *needed, @@ -475,7 +475,7 @@ import "misc.idl", "security.idl"; /* Function 0x19 */ WERROR svcctl_EnumDependentServicesA( [in,ref] policy_handle *service, - [in] uint32 state, + [in] svcctl_ServiceState state, [out,unique] ENUM_SERVICE_STATUSA *service_status, [in] uint32 offered, [out,ref] uint32 *needed, diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c index 1850dcb..0b0ef83 100644 --- a/source3/rpc_server/srv_svcctl_nt.c +++ b/source3/rpc_server/srv_svcctl_nt.c @@ -546,6 +546,15 @@ WERROR _svcctl_EnumDependentServicesW(pipes_struct *p, if ( !(info->access_granted & SC_RIGHT_SVC_ENUMERATE_DEPENDENTS) ) return WERR_ACCESS_DENIED; + switch (r->in.state) { + case SERVICE_STATE_ACTIVE: + case SERVICE_STATE_INACTIVE: + case SERVICE_STATE_ALL: + break; + default: + return WERR_INVALID_PARAM; + } + /* we have to set the outgoing buffer size to the same as the incoming buffer size (even in the case of failure */ /* this is done in the autogenerated server already - gd */ @@ -872,8 +881,7 @@ WERROR _svcctl_QueryServiceObjectSecurity(pipes_struct *p, *r->out.needed = ndr_size_security_descriptor( sec_desc, NULL, 0 ); - if ( *r->out.needed > r->in.buffer_size ) { - ZERO_STRUCTP( &r->out.buffer ); + if ( *r->out.needed > r->in.offered) { return WERR_INSUFFICIENT_BUFFER; } @@ -932,7 +940,8 @@ WERROR _svcctl_SetServiceObjectSecurity(pipes_struct *p, /* read the security descfriptor */ status = unmarshall_sec_desc(p->mem_ctx, - r->in.buffer, r->in.buffer_size, + r->in.buffer, + r->in.offered, &sec_desc); if (!NT_STATUS_IS_OK(status)) { return ntstatus_to_werror(status); diff --git a/source4/torture/rpc/svcctl.c b/source4/torture/rpc/svcctl.c index 375df9f..e38e8da 100644 --- a/source4/torture/rpc/svcctl.c +++ b/source4/torture/rpc/svcctl.c @@ -3,7 +3,7 @@ test suite for srvsvc rpc operations Copyright (C) Jelmer Vernooij 2004 - Copyright (C) Guenther Deschner 2008 + Copyright (C) Guenther Deschner 2008,2009 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -74,6 +74,36 @@ static bool test_OpenService(struct dcerpc_pipe *p, struct torture_context *tctx } +static bool test_QueryServiceStatus(struct torture_context *tctx, + struct dcerpc_pipe *p) +{ + struct svcctl_QueryServiceStatus r; + struct policy_handle h, s; + struct SERVICE_STATUS service_status; + NTSTATUS status; + + if (!test_OpenSCManager(p, tctx, &h)) + return false; + + if (!test_OpenService(p, tctx, &h, "Netlogon", &s)) + return false; + + r.in.handle = &s; + r.out.service_status = &service_status; + + status = dcerpc_svcctl_QueryServiceStatus(p, tctx, &r); + torture_assert_ntstatus_ok(tctx, status, "QueryServiceStatus failed!"); + torture_assert_werr_ok(tctx, r.out.result, "QueryServiceStatus failed!"); + + if (!test_CloseServiceHandle(p, tctx, &s)) + return false; + + if (!test_CloseServiceHandle(p, tctx, &h)) + return false; + + return true; +} + static bool test_QueryServiceStatusEx(struct torture_context *tctx, struct dcerpc_pipe *p) { struct svcctl_QueryServiceStatusEx r; -- Samba Shared Repository