svn commit: samba r19914 - in branches/SAMBA_3_0/source: libmsrpc librpc/gen_ndr librpc/idl rpc_server utils

Sun, 26 Nov 2006 23:53:09 -0800 

Author: vlendec
Date: 2006-11-27 07:52:46 +0000 (Mon, 27 Nov 2006)
New Revision: 19914

WebSVN: 
http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=19914

Log:
The "default" value with the name "" need different 0-length treatment as the
other StringBufs, otherwise clicking on a key with this value being set leads
to regedit.exe on w2k3 chew all memory.

Modified:
   branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c
   branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c
   branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h
   branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c
   branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.h
   branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h
   branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h
   branches/SAMBA_3_0/source/librpc/idl/winreg.idl
   branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c
   branches/SAMBA_3_0/source/utils/net_rpc_registry.c


Changeset:
Modified: branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c
===================================================================
--- branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c     2006-11-27 07:44:19 UTC 
(rev 19913)
+++ branches/SAMBA_3_0/source/libmsrpc/cac_winreg.c     2006-11-27 07:52:46 UTC 
(rev 19914)
@@ -841,7 +841,7 @@
                uint32 *pdata_size = &data_size;
                uint32 data_length = 0;
                uint32 *pdata_length = &data_length;
-               struct winreg_StringBuf name_buf;
+               struct winreg_ValNameBuf name_buf;
                enum winreg_Type *ptype = &types_out[num_values_out];
 
                memset( name_buffer, 0x0, max_valnamelen );

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c       2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.c       2006-11-27 
07:52:46 UTC (rev 19914)
@@ -334,7 +334,7 @@
        return werror_to_ntstatus(r.out.result);
 }
 
-NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct 
winreg_StringBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t 
**data_size, uint32_t **value_length)
+NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct 
winreg_ValNameBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t 
**data_size, uint32_t **value_length)
 {
        struct winreg_EnumValue r;
        NTSTATUS status;

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h       2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/cli_winreg.h       2006-11-27 
07:52:46 UTC (rev 19914)
@@ -11,7 +11,7 @@
 NTSTATUS rpccli_winreg_DeleteKey(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, struct winreg_String key);
 NTSTATUS rpccli_winreg_DeleteValue(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, struct winreg_String value);
 NTSTATUS rpccli_winreg_EnumKey(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct 
winreg_StringBuf *name, struct winreg_StringBuf **keyclass, NTTIME 
**last_changed_time);
-NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct 
winreg_StringBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t 
**data_size, uint32_t **value_length);
+NTSTATUS rpccli_winreg_EnumValue(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t enum_index, struct 
winreg_ValNameBuf *name, enum winreg_Type **type, uint8_t **data, uint32_t 
**data_size, uint32_t **value_length);
 NTSTATUS rpccli_winreg_FlushKey(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle);
 NTSTATUS rpccli_winreg_GetKeySecurity(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, uint32_t sec_info, struct 
KeySecurityData *sd);
 NTSTATUS rpccli_winreg_LoadKey(struct rpc_pipe_client *cli, TALLOC_CTX 
*mem_ctx, struct policy_handle *handle, struct winreg_String *keyname, struct 
winreg_String *filename);

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c       2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.c       2006-11-27 
07:52:46 UTC (rev 19914)
@@ -335,6 +335,77 @@
        ndr->depth--;
 }
 
+NTSTATUS ndr_push_winreg_ValNameBuf(struct ndr_push *ndr, int ndr_flags, const 
struct winreg_ValNameBuf *r)
+{
+       if (ndr_flags & NDR_SCALARS) {
+               NDR_CHECK(ndr_push_align(ndr, 4));
+               NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, 
strlen_m_term(r->name)*2));
+               NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->size));
+               NDR_CHECK(ndr_push_unique_ptr(ndr, r->name));
+       }
+       if (ndr_flags & NDR_BUFFERS) {
+               if (r->name) {
+                       NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->size/2));
+                       NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 0));
+                       NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, 
strlen_m_term(r->name)*2/2));
+                       NDR_CHECK(ndr_push_charset(ndr, NDR_SCALARS, r->name, 
strlen_m_term(r->name)*2/2, sizeof(uint16_t), CH_UTF16));
+               }
+       }
+       return NT_STATUS_OK;
+}
+
+NTSTATUS ndr_pull_winreg_ValNameBuf(struct ndr_pull *ndr, int ndr_flags, 
struct winreg_ValNameBuf *r)
+{
+       uint32_t _ptr_name;
+       TALLOC_CTX *_mem_save_name_0;
+       if (ndr_flags & NDR_SCALARS) {
+               NDR_CHECK(ndr_pull_align(ndr, 4));
+               NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->length));
+               NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->size));
+               NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_name));
+               if (_ptr_name) {
+                       NDR_PULL_ALLOC(ndr, r->name);
+               } else {
+                       r->name = NULL;
+               }
+       }
+       if (ndr_flags & NDR_BUFFERS) {
+               if (r->name) {
+                       _mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
+                       NDR_PULL_SET_MEM_CTX(ndr, r->name, 0);
+                       NDR_CHECK(ndr_pull_array_size(ndr, &r->name));
+                       NDR_CHECK(ndr_pull_array_length(ndr, &r->name));
+                       if (ndr_get_array_length(ndr, &r->name) > 
ndr_get_array_size(ndr, &r->name)) {
+                               return ndr_pull_error(ndr, NDR_ERR_ARRAY_SIZE, 
"Bad array size %u should exceed array length %u", ndr_get_array_size(ndr, 
&r->name), ndr_get_array_length(ndr, &r->name));
+                       }
+                       NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->name, 
ndr_get_array_length(ndr, &r->name), sizeof(uint16_t), CH_UTF16));
+                       NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 0);
+               }
+               if (r->name) {
+                       NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->name, 
r->size/2));
+               }
+               if (r->name) {
+                       NDR_CHECK(ndr_check_array_length(ndr, (void*)&r->name, 
r->length/2));
+               }
+       }
+       return NT_STATUS_OK;
+}
+
+_PUBLIC_ void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char 
*name, const struct winreg_ValNameBuf *r)
+{
+       ndr_print_struct(ndr, name, "winreg_ValNameBuf");
+       ndr->depth++;
+       ndr_print_uint16(ndr, "length", (ndr->flags & 
LIBNDR_PRINT_SET_VALUES)?strlen_m_term(r->name)*2:r->length);
+       ndr_print_uint16(ndr, "size", r->size);
+       ndr_print_ptr(ndr, "name", r->name);
+       ndr->depth++;
+       if (r->name) {
+               ndr_print_string(ndr, "name", r->name);
+       }
+       ndr->depth--;
+       ndr->depth--;
+}
+
 NTSTATUS ndr_push_KeySecurityAttribute(struct ndr_push *ndr, int ndr_flags, 
const struct KeySecurityAttribute *r)
 {
        if (ndr_flags & NDR_SCALARS) {
@@ -1394,7 +1465,7 @@
                NDR_CHECK(ndr_push_policy_handle(ndr, NDR_SCALARS|NDR_BUFFERS, 
r->in.handle));
                NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.enum_index));
                if (r->in.name == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;
-               NDR_CHECK(ndr_push_winreg_StringBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->in.name));
+               NDR_CHECK(ndr_push_winreg_ValNameBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->in.name));
                NDR_CHECK(ndr_push_unique_ptr(ndr, r->in.type));
                if (r->in.type) {
                        NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, 
*r->in.type));
@@ -1417,7 +1488,7 @@
        }
        if (flags & NDR_OUT) {
                if (r->out.name == NULL) return NT_STATUS_INVALID_PARAMETER_MIX;
-               NDR_CHECK(ndr_push_winreg_StringBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->out.name));
+               NDR_CHECK(ndr_push_winreg_ValNameBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->out.name));
                NDR_CHECK(ndr_push_unique_ptr(ndr, r->out.type));
                if (r->out.type) {
                        NDR_CHECK(ndr_push_winreg_Type(ndr, NDR_SCALARS, 
*r->out.type));
@@ -1470,7 +1541,7 @@
                }
                _mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
                NDR_PULL_SET_MEM_CTX(ndr, r->in.name, LIBNDR_FLAG_REF_ALLOC);
-               NDR_CHECK(ndr_pull_winreg_StringBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->in.name));
+               NDR_CHECK(ndr_pull_winreg_ValNameBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->in.name));
                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 
LIBNDR_FLAG_REF_ALLOC);
                NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_type));
                if (_ptr_type) {
@@ -1543,7 +1614,7 @@
                }
                _mem_save_name_0 = NDR_PULL_GET_MEM_CTX(ndr);
                NDR_PULL_SET_MEM_CTX(ndr, r->out.name, LIBNDR_FLAG_REF_ALLOC);
-               NDR_CHECK(ndr_pull_winreg_StringBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->out.name));
+               NDR_CHECK(ndr_pull_winreg_ValNameBuf(ndr, 
NDR_SCALARS|NDR_BUFFERS, r->out.name));
                NDR_PULL_SET_MEM_CTX(ndr, _mem_save_name_0, 
LIBNDR_FLAG_REF_ALLOC);
                NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_type));
                if (_ptr_type) {
@@ -1629,7 +1700,7 @@
                ndr_print_uint32(ndr, "enum_index", r->in.enum_index);
                ndr_print_ptr(ndr, "name", r->in.name);
                ndr->depth++;
-               ndr_print_winreg_StringBuf(ndr, "name", r->in.name);
+               ndr_print_winreg_ValNameBuf(ndr, "name", r->in.name);
                ndr->depth--;
                ndr_print_ptr(ndr, "type", r->in.type);
                ndr->depth++;
@@ -1662,7 +1733,7 @@
                ndr->depth++;
                ndr_print_ptr(ndr, "name", r->out.name);
                ndr->depth++;
-               ndr_print_winreg_StringBuf(ndr, "name", r->out.name);
+               ndr_print_winreg_ValNameBuf(ndr, "name", r->out.name);
                ndr->depth--;
                ndr_print_ptr(ndr, "type", r->out.type);
                ndr->depth++;

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.h
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.h       2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/ndr_winreg.h       2006-11-27 
07:52:46 UTC (rev 19914)
@@ -92,6 +92,7 @@
 void ndr_print_winreg_SecBuf(struct ndr_print *ndr, const char *name, const 
struct winreg_SecBuf *r);
 void ndr_print_winreg_CreateAction(struct ndr_print *ndr, const char *name, 
enum winreg_CreateAction r);
 void ndr_print_winreg_StringBuf(struct ndr_print *ndr, const char *name, const 
struct winreg_StringBuf *r);
+void ndr_print_winreg_ValNameBuf(struct ndr_print *ndr, const char *name, 
const struct winreg_ValNameBuf *r);
 void ndr_print_KeySecurityAttribute(struct ndr_print *ndr, const char *name, 
const struct KeySecurityAttribute *r);
 void ndr_print_QueryMultipleValue(struct ndr_print *ndr, const char *name, 
const struct QueryMultipleValue *r);
 void ndr_print_winreg_OpenHKCR(struct ndr_print *ndr, const char *name, int 
flags, const struct winreg_OpenHKCR *r);

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h       2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/srv_winreg.h       2006-11-27 
07:52:46 UTC (rev 19914)
@@ -11,7 +11,7 @@
 WERROR _winreg_DeleteKey(pipes_struct *p, struct policy_handle *handle, struct 
winreg_String key);
 WERROR _winreg_DeleteValue(pipes_struct *p, struct policy_handle *handle, 
struct winreg_String value);
 WERROR _winreg_EnumKey(pipes_struct *p, struct policy_handle *handle, uint32_t 
enum_index, struct winreg_StringBuf *name, struct winreg_StringBuf *keyclass, 
NTTIME *last_changed_time);
-WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle, 
uint32_t enum_index, struct winreg_StringBuf *name, enum winreg_Type *type, 
uint8_t *data, uint32_t *data_size, uint32_t *value_length);
+WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle, 
uint32_t enum_index, struct winreg_ValNameBuf *name, enum winreg_Type *type, 
uint8_t *data, uint32_t *data_size, uint32_t *value_length);
 WERROR _winreg_FlushKey(pipes_struct *p, struct policy_handle *handle);
 WERROR _winreg_GetKeySecurity(pipes_struct *p, struct policy_handle *handle, 
uint32_t sec_info, struct KeySecurityData *sd);
 WERROR _winreg_LoadKey(pipes_struct *p, struct policy_handle *handle, struct 
winreg_String *keyname, struct winreg_String *filename);

Modified: branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h
===================================================================
--- branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h   2006-11-27 07:44:19 UTC 
(rev 19913)
+++ branches/SAMBA_3_0/source/librpc/gen_ndr/winreg.h   2006-11-27 07:52:46 UTC 
(rev 19914)
@@ -53,6 +53,12 @@
        const char *name;/* 
[unique,length_is(length/2),charset(UTF16),size_is(size/2)] */
 };
 
+struct winreg_ValNameBuf {
+       uint16_t length;/* [value(strlen_m_term(name)*2)] */
+       uint16_t size;
+       const char *name;/* 
[unique,length_is(length/2),charset(UTF16),size_is(size/2)] */
+};
+
 struct KeySecurityAttribute {
        uint32_t data_size;
        struct KeySecurityData sec_data;
@@ -219,7 +225,7 @@
        struct {
                struct policy_handle *handle;/* [ref] */
                uint32_t enum_index;
-               struct winreg_StringBuf *name;/* [ref] */
+               struct winreg_ValNameBuf *name;/* [ref] */
                enum winreg_Type *type;/* [unique] */
                uint8_t *data;/* 
[unique,length_is(*value_length),size_is(*data_size)] */
                uint32_t *data_size;/* [unique] */
@@ -227,7 +233,7 @@
        } in;
 
        struct {
-               struct winreg_StringBuf *name;/* [ref] */
+               struct winreg_ValNameBuf *name;/* [ref] */
                enum winreg_Type *type;/* [unique] */
                uint8_t *data;/* 
[unique,length_is(*value_length),size_is(*data_size)] */
                uint32_t *data_size;/* [unique] */

Modified: branches/SAMBA_3_0/source/librpc/idl/winreg.idl
===================================================================
--- branches/SAMBA_3_0/source/librpc/idl/winreg.idl     2006-11-27 07:44:19 UTC 
(rev 19913)
+++ branches/SAMBA_3_0/source/librpc/idl/winreg.idl     2006-11-27 07:52:46 UTC 
(rev 19914)
@@ -140,7 +140,6 @@
                [size_is(size/2),length_is(length/2),charset(UTF16)] uint16 
*name;
        } winreg_StringBuf;
 
-
        /******************/
        /* Function: 0x09 */
        WERROR winreg_EnumKey(
@@ -151,13 +150,22 @@
                [in,out,unique] NTTIME           *last_changed_time
        );
 
+       typedef struct {
+               [value(strlen_m_term(name)*2)] uint16 length; 
+               /* size cannot be auto-set by value() as it is the
+                  amount of space the server is allowed to use for this
+                  string in the reply, not its current size */
+               uint16 size;
+               [size_is(size/2),length_is(length/2),charset(UTF16)] uint16 
*name;
+       } winreg_ValNameBuf;
+
        /******************/
        /* Function: 0x0a */
 
        WERROR winreg_EnumValue(
                [in,ref]        policy_handle *handle,
                [in]            uint32 enum_index,
-               [in,out,ref]    winreg_StringBuf *name,
+               [in,out,ref]    winreg_ValNameBuf *name,
                [in,out,unique] winreg_Type *type,
                [in,out,unique,size_is(*data_size),length_is(*value_length)] 
uint8 *data,
                [in,out,unique] uint32 *data_size,

Modified: branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c
===================================================================
--- branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c        2006-11-27 
07:44:19 UTC (rev 19913)
+++ branches/SAMBA_3_0/source/rpc_server/srv_winreg_nt.c        2006-11-27 
07:52:46 UTC (rev 19914)
@@ -626,7 +626,7 @@
  ****************************************************************************/
 
 WERROR _winreg_EnumValue(pipes_struct *p, struct policy_handle *handle,
-                        uint32_t enum_index, struct winreg_StringBuf *name,
+                        uint32_t enum_index, struct winreg_ValNameBuf *name,
                         enum winreg_Type *type, uint8_t *data,
                         uint32_t *data_size, uint32_t *value_length)
 {
@@ -1317,14 +1317,6 @@
 
        key = info->key;
 
-       if (!name.name || (strlen(name.name) == 0)) {
-               /*
-                * This is the "Standard Value" for a key, we don't support
-                * that (yet...)
-                */
-               return WERR_ACCESS_DENIED;
-       }
-               
        /* access checks first */
        
        if ( !(key->access_granted & SEC_RIGHTS_SET_VALUE) )

Modified: branches/SAMBA_3_0/source/utils/net_rpc_registry.c
===================================================================
--- branches/SAMBA_3_0/source/utils/net_rpc_registry.c  2006-11-27 07:44:19 UTC 
(rev 19913)
+++ branches/SAMBA_3_0/source/utils/net_rpc_registry.c  2006-11-27 07:52:46 UTC 
(rev 19914)
@@ -265,7 +265,7 @@
                uint32 *pvalue_length = &value_length;
 
                char n;
-               struct winreg_StringBuf name_buf;
+               struct winreg_ValNameBuf name_buf;
 
                n = '\0';
                name_buf.name = &n;

Reply via email to