The branch, v3-2-test has been updated via b6b5f92bc9457220df384bdb13530c393d294ce7 (commit) from de2fdc6b5a78932f8ea5cf4c4715296f18dae4d3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test - Log ----------------------------------------------------------------- commit b6b5f92bc9457220df384bdb13530c393d294ce7 Author: Jeremy Allison <[EMAIL PROTECTED]> Date: Mon Dec 3 14:09:48 2007 -0800 Remove pstring from clirap2 by completely rewriting the damn thing :-). Now with added paranoia. Jeremy. ----------------------------------------------------------------------- Summary of changes: source/libsmb/clirap2.c | 3895 +++++++++++++++++++++++++++-------------------- source/utils/net_rpc.c | 8 +- 2 files changed, 2216 insertions(+), 1687 deletions(-) Changeset truncated at 500 lines: diff --git a/source/libsmb/clirap2.c b/source/libsmb/clirap2.c index f522e13..d579564 100644 --- a/source/libsmb/clirap2.c +++ b/source/libsmb/clirap2.c @@ -3,6 +3,7 @@ More client RAP (SMB Remote Procedure Calls) functions Copyright (C) 2001 Steve French ([EMAIL PROTECTED]) Copyright (C) 2001 Jim McDonough ([EMAIL PROTECTED]) + Copyright (C) 2007 Jeremy Allison. [EMAIL PROTECTED] This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -80,916 +81,1140 @@ #define DWORDSIZE 4 #define PUTBYTE(p,b) do {SCVAL(p,0,b); p++;} while(0) -#define GETBYTE(p,b) do {b = CVAL(p,0); p++;} while(0) + +#define GETBYTE(p,b,endp) \ + do {\ + if (p+1 < endp) {\ + b = CVAL(p,0);\ + }\ + p++;\ + } while(0) + #define PUTWORD(p,w) do {SSVAL(p,0,w); p += WORDSIZE;} while(0) -#define GETWORD(p,w) do {w = SVAL(p,0); p += WORDSIZE;} while(0) + +#define GETWORD(p,w,endp) \ + do {\ + if (p+WORDSIZE < endp) {\ + w = SVAL(p,0);\ + }\ + p += WORDSIZE;\ + } while(0) + #define PUTDWORD(p,d) do {SIVAL(p,0,d); p += DWORDSIZE;} while(0) -#define GETDWORD(p,d) do {d = IVAL(p,0); p += DWORDSIZE;} while(0) -#define GETRES(p) p ? SVAL(p,0) : -1 + +#define GETDWORD(p,d,endp) \ + do {\ + if (p+DWORDSIZE < endp) {\ + d = IVAL(p,0);\ + }\ + p += DWORDSIZE;\ + } while(0) + +#define GETRES(p,endp) ((p && p+2 < endp) ? SVAL(p,0) : -1) + /* put string s at p with max len n and increment p past string */ -#define PUTSTRING(p,s,n) do {\ - push_ascii(p,s?s:"",n?n:256,STR_TERMINATE);\ - p = push_skip_string(p);\ - } while(0) +#define PUTSTRING(p,s,n) \ + do {\ + push_ascii(p,s?s:"",n?n:256,STR_TERMINATE);\ + p = push_skip_string(p);\ + } while(0) + /* put string s and p, using fixed len l, and increment p by l */ -#define PUTSTRINGF(p,s,l) do {\ - push_ascii(p,s?s:"",l,STR_TERMINATE);\ - p += l;\ - } while (0) +#define PUTSTRINGF(p,s,l) \ + do {\ + push_ascii(p,s?s:"",l,STR_TERMINATE);\ + p += l;\ + } while (0) + /* put string pointer at p, supplying offset o from rdata r, store */ /* dword offset at p, increment p by 4 and o by length of s. This */ /* means on the first call, you must calc the offset yourself! */ -#define PUTSTRINGP(p,s,r,o) do {\ - if (s) {\ - push_ascii(r+o,s,strlen(s)+1,STR_TERMINATE);\ - PUTDWORD(p,o);\ - o += strlen(s) + 1;\ - } else PUTDWORD(p,0);\ - }while(0); -/* get asciiz string s from p, increment p past string */ -#define GETSTRING(p,s) do {\ - pull_ascii_pstring(s,p);\ - p = push_skip_string(p);\ - } while(0) -/* get fixed length l string s from p, increment p by l */ -#define GETSTRINGF(p,s,l) do {\ - pull_ascii_pstring(s,p);\ - p += l;\ - } while(0) -/* get string s from offset (obtained at p) from rdata r - converter c */ -#define GETSTRINGP(p,s,r,c) do {\ - uint32 off;\ - GETDWORD(p,off);\ - off &= 0x0000FFFF; /* mask the obsolete segment number from the offset */ \ - pull_ascii_pstring(s, off?(r+off-c):"");\ - } while(0) + +#define PUTSTRINGP(p,s,r,o) \ + do {\ + if (s) {\ + push_ascii(r+o,s,strlen(s)+1,STR_TERMINATE);\ + PUTDWORD(p,o);\ + o += strlen(s) + 1;\ + } else {\ + PUTDWORD(p,0);\ + }\ + }while(0); + +/* get asciiz string dest from src, return increment past string */ + +static size_t rap_getstring(TALLOC_CTX *ctx, char *src, char **dest, const char *endp) +{ + char *p1; + size_t len; + + *dest = NULL; + for (p1 = src, len = 0; *p1 && p1 < endp; len++) + p1++; + if (!*p1) { + len++; + } + pull_string_talloc(ctx,src,0,dest,src,len,STR_ASCII); + return len; +} + +/* get fixed length l string dest from src, return increment for src */ + +static size_t rap_getstringf(char *src, char *dest, size_t l, size_t dlen, char *endp) +{ + char *p1; + size_t len; + + if (dlen) { + dest[0] = '\0'; + } + for (p1 = src, len = 0; *p1 && p1 < endp; len++) { + p1++; + } + if (!*p1) { + len++; + } + if (len > l) { + len = l; + } + if (len) { + pull_ascii(dest,src,len,len,STR_ASCII); + } + return l; +} + +/* get string dest from offset (obtained at p) from rdata r - converter c */ +static size_t rap_getstringp(TALLOC_CTX *ctx, char *p, char **dest, char *r, uint16_t c, char *endp) +{ + uint32_t off = 0; + const char *src; + size_t len=0; + + *dest = NULL; + if (p+4 < endp) { + GETDWORD(p,off,endp); + off &= 0x0000FFFF; /* mask the obsolete segment number from the offset */ + off -= c; + } + if (r+off > endp || r+off < r) { + src=""; + len=1; + } else { + const char *p1; + src=r+off; + for (p1 = src, len = 0; *p1 && p1 < endp; len++) { + p1++; + } + if (!*p1) { + len++; + } + } + pull_string_talloc(ctx,src,0,dest,src,len,STR_ASCII); + return len; +} static char *make_header(char *param, uint16 apinum, const char *reqfmt, const char *datafmt) { - PUTWORD(param,apinum); - if (reqfmt) - PUTSTRING(param,reqfmt,0); - else - *param++ = (char) 0; - - if (datafmt) - PUTSTRING(param,datafmt,0); - else - *param++ = (char) 0; - - return param; + PUTWORD(param,apinum); + if (reqfmt) + PUTSTRING(param,reqfmt,0); + else + *param++ = (char) 0; + + if (datafmt) + PUTSTRING(param,datafmt,0); + else + *param++ = (char) 0; + + return param; } /**************************************************************************** call a NetGroupDelete - delete user group from remote server ****************************************************************************/ -int cli_NetGroupDelete(struct cli_state *cli, const char *group_name ) + +int cli_NetGroupDelete(struct cli_state *cli, const char *group_name) { - char *rparam = NULL; - char *rdata = NULL; - char *p; - unsigned int rdrcnt,rprcnt; - int res; - char param[WORDSIZE /* api number */ + char *rparam = NULL; + char *rdata = NULL; + char *p; + unsigned int rdrcnt,rprcnt; + int res = -1; + char param[WORDSIZE /* api number */ +sizeof(RAP_NetGroupDel_REQ) /* parm string */ +1 /* no ret string */ +RAP_GROUPNAME_LEN /* group to del */ +WORDSIZE]; /* reserved word */ - /* now send a SMBtrans command with api GroupDel */ - p = make_header(param, RAP_WGroupDel, RAP_NetGroupDel_REQ, NULL); - PUTSTRING(p, group_name, RAP_GROUPNAME_LEN); - PUTWORD(p,0); /* reserved word MBZ on input */ + /* now send a SMBtrans command with api GroupDel */ + p = make_header(param, RAP_WGroupDel, RAP_NetGroupDel_REQ, NULL); + PUTSTRING(p, group_name, RAP_GROUPNAME_LEN); + PUTWORD(p,0); /* reserved word MBZ on input */ - if (cli_api(cli, + if (cli_api(cli, param, PTR_DIFF(p,param), 1024, /* Param, length, maxlen */ NULL, 0, 200, /* data, length, maxlen */ &rparam, &rprcnt, /* return params, length */ &rdata, &rdrcnt)) /* return data, length */ - { - res = GETRES(rparam); - - if (res == 0) { - /* nothing to do */ - } - else if ((res == 5) || (res == 65)) { - DEBUG(1, ("Access Denied\n")); - } - else if (res == 2220) { - DEBUG (1, ("Group does not exist\n")); - } - else { - DEBUG(4,("NetGroupDelete res=%d\n", res)); - } - } else { - res = -1; - DEBUG(4,("NetGroupDelete failed\n")); - } - - SAFE_FREE(rparam); - SAFE_FREE(rdata); - - return res; + { + char *endp = rparam + rprcnt; + res = GETRES(rparam,endp); + + if (res == 0) { + /* nothing to do */ + } else if ((res == 5) || (res == 65)) { + DEBUG(1, ("Access Denied\n")); + } else if (res == 2220) { + DEBUG (1, ("Group does not exist\n")); + } else { + DEBUG(4,("NetGroupDelete res=%d\n", res)); + } + } else { + res = -1; + DEBUG(4,("NetGroupDelete failed\n")); + } + + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return res; } /**************************************************************************** call a NetGroupAdd - add user group to remote server ****************************************************************************/ -int cli_NetGroupAdd(struct cli_state *cli, RAP_GROUP_INFO_1 * grinfo ) + +int cli_NetGroupAdd(struct cli_state *cli, RAP_GROUP_INFO_1 *grinfo) { - char *rparam = NULL; - char *rdata = NULL; - char *p; - unsigned int rdrcnt,rprcnt; - int res; - char param[WORDSIZE /* api number */ + char *rparam = NULL; + char *rdata = NULL; + char *p; + unsigned int rdrcnt,rprcnt; + int res = -1; + char param[WORDSIZE /* api number */ +sizeof(RAP_NetGroupAdd_REQ) /* req string */ +sizeof(RAP_GROUP_INFO_L1) /* return string */ +WORDSIZE /* info level */ +WORDSIZE]; /* reserved word */ - /* offset into data of free format strings. Will be updated */ - /* by PUTSTRINGP macro and end up with total data length. */ - int soffset = RAP_GROUPNAME_LEN + 1 + DWORDSIZE; - char *data; - size_t data_size; + /* offset into data of free format strings. Will be updated */ + /* by PUTSTRINGP macro and end up with total data length. */ + int soffset = RAP_GROUPNAME_LEN + 1 + DWORDSIZE; + char *data; + size_t data_size; - /* Allocate data. */ - data_size = MAX(soffset + strlen(grinfo->comment) + 1, 1024); + /* Allocate data. */ + data_size = MAX(soffset + strlen(grinfo->comment) + 1, 1024); - data = SMB_MALLOC_ARRAY(char, data_size); - if (!data) { - DEBUG (1, ("Malloc fail\n")); - return -1; - } + data = SMB_MALLOC_ARRAY(char, data_size); + if (!data) { + DEBUG (1, ("Malloc fail\n")); + return -1; + } - /* now send a SMBtrans command with api WGroupAdd */ + /* now send a SMBtrans command with api WGroupAdd */ - p = make_header(param, RAP_WGroupAdd, - RAP_NetGroupAdd_REQ, RAP_GROUP_INFO_L1); - PUTWORD(p, 1); /* info level */ - PUTWORD(p, 0); /* reserved word 0 */ + p = make_header(param, RAP_WGroupAdd, + RAP_NetGroupAdd_REQ, RAP_GROUP_INFO_L1); + PUTWORD(p, 1); /* info level */ + PUTWORD(p, 0); /* reserved word 0 */ - p = data; - PUTSTRINGF(p, grinfo->group_name, RAP_GROUPNAME_LEN); - PUTBYTE(p, 0); /* pad byte 0 */ - PUTSTRINGP(p, grinfo->comment, data, soffset); + p = data; + PUTSTRINGF(p, grinfo->group_name, RAP_GROUPNAME_LEN); + PUTBYTE(p, 0); /* pad byte 0 */ + PUTSTRINGP(p, grinfo->comment, data, soffset); - if (cli_api(cli, + if (cli_api(cli, param, sizeof(param), 1024, /* Param, length, maxlen */ data, soffset, sizeof(data), /* data, length, maxlen */ &rparam, &rprcnt, /* return params, length */ &rdata, &rdrcnt)) /* return data, length */ - { - res = GETRES(rparam); - - if (res == 0) { - /* nothing to do */ - } else if ((res == 5) || (res == 65)) { - DEBUG(1, ("Access Denied\n")); - } - else if (res == 2223) { - DEBUG (1, ("Group already exists\n")); - } - else { - DEBUG(4,("NetGroupAdd res=%d\n", res)); - } - } else { - res = -1; - DEBUG(4,("NetGroupAdd failed\n")); - } - - SAFE_FREE(data); - SAFE_FREE(rparam); - SAFE_FREE(rdata); - - return res; + { + char *endp = rparam + rprcnt; + res = GETRES(rparam, endp); + + if (res == 0) { + /* nothing to do */ + } else if ((res == 5) || (res == 65)) { + DEBUG(1, ("Access Denied\n")); + } else if (res == 2223) { + DEBUG (1, ("Group already exists\n")); + } else { + DEBUG(4,("NetGroupAdd res=%d\n", res)); + } + } else { + res = -1; + DEBUG(4,("NetGroupAdd failed\n")); + } + + SAFE_FREE(data); + SAFE_FREE(rparam); + SAFE_FREE(rdata); + + return res; } /**************************************************************************** -call a NetGroupEnum - try and list user groups on a different host + Call a NetGroupEnum - try and list user groups on a different host. ****************************************************************************/ + int cli_RNetGroupEnum(struct cli_state *cli, void (*fn)(const char *, const char *, void *), void *state) { - char param[WORDSIZE /* api number */ + char param[WORDSIZE /* api number */ +sizeof(RAP_NetGroupEnum_REQ) /* parm string */ +sizeof(RAP_GROUP_INFO_L1) /* return string */ +WORDSIZE /* info level */ +WORDSIZE]; /* buffer size */ - char *p; - char *rparam = NULL; - char *rdata = NULL; - unsigned int rprcnt, rdrcnt; - int res = -1; - + char *p; + char *rparam = NULL; + char *rdata = NULL; + unsigned int rprcnt, rdrcnt; + int res = -1; - memset(param, '\0', sizeof(param)); - p = make_header(param, RAP_WGroupEnum, + memset(param, '\0', sizeof(param)); + p = make_header(param, RAP_WGroupEnum, RAP_NetGroupEnum_REQ, RAP_GROUP_INFO_L1); - PUTWORD(p,1); /* Info level 1 */ /* add level 0 */ - PUTWORD(p,0xFFE0); /* Return buffer size */ + PUTWORD(p,1); /* Info level 1 */ /* add level 0 */ + PUTWORD(p,0xFFE0); /* Return buffer size */ - if (cli_api(cli, + if (cli_api(cli, param, PTR_DIFF(p,param),8, NULL, 0, 0xFFE0 /* data area size */, &rparam, &rprcnt, &rdata, &rdrcnt)) { - res = GETRES(rparam); - cli->rap_error = res; - if(cli->rap_error == 234) - DEBUG(1,("Not all group names were returned (such as those longer than 21 characters)\n")); - else if (cli->rap_error != 0) { - DEBUG(1,("NetGroupEnum gave error %d\n", cli->rap_error)); - } - } - - if (rdata) { - if (res == 0 || res == ERRmoredata) { - int i, converter, count; - - p = rparam + WORDSIZE; /* skip result */ - GETWORD(p, converter); - GETWORD(p, count); - - for (i=0,p=rdata;i<count;i++) { - pstring comment; - char groupname[RAP_GROUPNAME_LEN]; - - GETSTRINGF(p, groupname, RAP_GROUPNAME_LEN); - p++; /* pad byte */ - GETSTRINGP(p, comment, rdata, converter); - - fn(groupname, comment, cli); - } - } else { - DEBUG(4,("NetGroupEnum res=%d\n", res)); - } - } else { - DEBUG(4,("NetGroupEnum no data returned\n")); - } -- Samba Shared Repository