The branch, master has been updated
via 9941e730ca239290ffee2b8ab105552a0ff1b002 (commit)
via ca701cfd522fe44fbc6c38ed29472ffe8a2be809 (commit)
via 51dc7b9d82ceb17ee6a53071dbd588f45e5d0000 (commit)
via 422e77f32a317a4a3bc11ae3b03665614899c191 (commit)
via c975ce15eb354ed6d2db452c7de8c717dd140b05 (commit)
via 2fd79e15f76d396674bcb8a1d1c17fa30da15110 (commit)
from 4e79ca61611cf17c522827b36e6113001de36c54 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9941e730ca239290ffee2b8ab105552a0ff1b002
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 18:46:30 2009 +0100
Fix memleaks in chain_reply for async requests
commit ca701cfd522fe44fbc6c38ed29472ffe8a2be809
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 16:54:06 2009 +0100
Fix a couple of memleaks in mapping_ldb.c
commit 51dc7b9d82ceb17ee6a53071dbd588f45e5d0000
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 16:24:08 2009 +0100
Make current_in_pdu in pipes_struct allocated
This makes an open pipe about 4K cheaper
commit 422e77f32a317a4a3bc11ae3b03665614899c191
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 15:30:54 2009 +0100
Convert api_RNetGroupEnum to use samr instead of pdb
commit c975ce15eb354ed6d2db452c7de8c717dd140b05
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 13:32:30 2009 +0100
Fix resume handle for _samr_EnumDomainGroups
commit 2fd79e15f76d396674bcb8a1d1c17fa30da15110
Author: Volker Lendecke <[email protected]>
Date: Sat Feb 7 11:28:38 2009 +0100
Close samr_handle if open_domain failed
-----------------------------------------------------------------------
Summary of changes:
source3/groupdb/mapping_ldb.c | 87 +++++++++++++++++------------
source3/include/ntdomain.h | 2 +-
source3/rpc_server/srv_pipe_hnd.c | 18 ++++++
source3/rpc_server/srv_samr_nt.c | 2 -
source3/smbd/lanman.c | 112 +++++++++++++++++++++++++++----------
source3/smbd/process.c | 2 +
6 files changed, 155 insertions(+), 68 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index af99b86..a162c19 100644
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -217,24 +217,26 @@ static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP
*map)
int ret;
struct ldb_dn *dn;
struct ldb_result *res=NULL;
-
- dn = mapping_dn(ldb, &sid);
- if (dn == NULL) goto failed;
+ bool result = false;
- ret = ldb_search(ldb, ldb, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
- talloc_steal(dn, res);
- if (ret != LDB_SUCCESS || res->count != 1) {
+ dn = mapping_dn(talloc_tos(), &sid);
+ if (dn == NULL) {
goto failed;
}
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, dn, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- talloc_free(dn);
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
-failed:
+ result = true;
+ failed:
talloc_free(dn);
- return False;
+ return result;
}
/*
@@ -244,16 +246,23 @@ static bool get_group_map_from_gid(gid_t gid, GROUP_MAP
*map)
{
int ret;
struct ldb_result *res=NULL;
+ bool result = false;
- ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, NULL,
"(&(gidNumber=%u)(objectClass=groupMap))", (unsigned)gid);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(gidNumber=%u)(objectClass=groupMap))",
+ (unsigned)gid);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
+ result = true;
failed:
- return False;
+ TALLOC_FREE(res);
+ return result;
}
/*
@@ -263,16 +272,22 @@ static bool get_group_map_from_ntname(const char *name,
GROUP_MAP *map)
{
int ret;
struct ldb_result *res=NULL;
+ bool result = false;
- ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, NULL,
"(&(ntName=%s)(objectClass=groupMap))", name);
- if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-
- if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ NULL, "(&(ntName=%s)(objectClass=groupMap))", name);
+ if (ret != LDB_SUCCESS || res->count != 1) {
+ goto failed;
+ }
- return True;
+ if (!msg_to_group_map(res->msgs[0], map)) {
+ goto failed;
+ }
-failed:
- return False;
+ result = true;
+ failed:
+ TALLOC_FREE(res);
+ return result;
}
/*
@@ -318,15 +333,14 @@ static bool enum_group_mapping(const DOM_SID *domsid,
enum lsa_SidType sid_name_
}
if (sid_name_use == SID_NAME_UNKNOWN) {
- ret = ldb_search(ldb, ldb, &res, basedn, LDB_SCOPE_SUBTREE,
NULL,
- "(&(objectClass=groupMap))");
+ ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+ NULL, "(&(objectClass=groupMap))");
} else {
- ret = ldb_search(ldb, ldb, &res, basedn, LDB_SCOPE_SUBTREE,
NULL,
-
"(&(sidNameUse=%u)(objectClass=groupMap))",
- sid_name_use);
+ ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+ NULL,
"(&(sidNameUse=%u)(objectClass=groupMap))",
+ sid_name_use);
}
- talloc_steal(tmp_ctx, res);
if (ret != LDB_SUCCESS) goto failed;
(*pp_rmap) = NULL;
@@ -367,14 +381,17 @@ static NTSTATUS one_alias_membership(const DOM_SID
*member,
int ret, i;
struct ldb_result *res=NULL;
fstring string_sid;
- NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+ NTSTATUS status;
if (!sid_to_fstring(string_sid, member)) {
return NT_STATUS_INVALID_PARAMETER;
}
- ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, attrs,
"(&(member=%s)(objectClass=groupMap))", string_sid);
+ ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+ attrs, "(&(member=%s)(objectClass=groupMap))",
+ string_sid);
if (ret != LDB_SUCCESS) {
+ status = NT_STATUS_INTERNAL_DB_CORRUPTION;
goto failed;
}
@@ -392,9 +409,9 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
}
}
- return NT_STATUS_OK;
-
-failed:
+ status = NT_STATUS_OK;
+ failed:
+ TALLOC_FREE(res);
return status;
}
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 2d6a358..7ac4dce 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -89,7 +89,7 @@ typedef struct _input_data {
* pdu is seen, then the data is copied into the in_data
* structure. The maximum size of this is 0x1630 (RPC_MAX_PDU_FRAG_LEN).
*/
- unsigned char current_in_pdu[RPC_MAX_PDU_FRAG_LEN];
+ uint8_t *current_in_pdu;
/*
* The amount of data needed to complete the in_pdu.
diff --git a/source3/rpc_server/srv_pipe_hnd.c
b/source3/rpc_server/srv_pipe_hnd.c
index 4cbe8d6..56c4a31 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -192,6 +192,15 @@ static ssize_t fill_rpc_header(pipes_struct *p, char
*data, size_t data_to_copy)
(unsigned int)data_to_copy, (unsigned
int)len_needed_to_complete_hdr,
(unsigned int)p->in_data.pdu_received_len ));
+ if (p->in_data.current_in_pdu == NULL) {
+ p->in_data.current_in_pdu = talloc_array(p, uint8_t,
+ RPC_HEADER_LEN);
+ }
+ if (p->in_data.current_in_pdu == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ return -1;
+ }
+
memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len],
data, len_needed_to_complete_hdr);
p->in_data.pdu_received_len += len_needed_to_complete_hdr;
@@ -312,6 +321,14 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p)
prs_mem_free(&rpc_in);
+ p->in_data.current_in_pdu = TALLOC_REALLOC_ARRAY(
+ p, p->in_data.current_in_pdu, uint8_t, p->hdr.frag_len);
+ if (p->in_data.current_in_pdu == NULL) {
+ DEBUG(0, ("talloc failed\n"));
+ set_incoming_fault(p);
+ return -1;
+ }
+
return 0; /* No extra data processed. */
}
@@ -635,6 +652,7 @@ static void process_complete_pdu(pipes_struct *p)
/*
* Reset the lengths. We're ready for a new pdu.
*/
+ TALLOC_FREE(p->in_data.current_in_pdu);
p->in_data.pdu_needed_len = 0;
p->in_data.pdu_received_len = 0;
}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5f616ec..0b8cb35 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1173,9 +1173,7 @@ NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
*r->out.sam = samr_array;
*r->out.num_entries = num_groups;
- /* this was missing, IMHO:
*r->out.resume_handle = num_groups + *r->in.resume_handle;
- */
DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4807e62..f4df58d 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2037,10 +2037,11 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
char *str2 = skip_string(param,tpscnt,str1);
char *p = skip_string(param,tpscnt,str2);
- struct pdb_search *search;
- struct samr_displayentry *entries;
-
- int num_entries;
+ uint32_t num_groups;
+ uint32_t resume_handle;
+ struct rpc_pipe_client *samr_pipe;
+ struct policy_handle samr_handle, domain_handle;
+ NTSTATUS status;
if (!str1 || !str2 || !p) {
return False;
@@ -2062,14 +2063,31 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
return False;
}
- /* get list of domain groups SID_DOMAIN_GRP=2 */
- become_root();
- search = pdb_search_groups();
- unbecome_root();
+ status = rpc_pipe_open_internal(
+ talloc_tos(), &ndr_table_samr.syntax_id, rpc_samr_dispatch,
+ conn->server_info, &samr_pipe);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n",
+ nt_errstr(status)));
+ return false;
+ }
- if (search == NULL) {
- DEBUG(3,("api_RNetGroupEnum:failed to get group list"));
- return False;
+ status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
+ SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
+ nt_errstr(status)));
+ return false;
+ }
+
+ status = rpccli_samr_OpenDomain(samr_pipe, talloc_tos(), &samr_handle,
+ SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+ get_global_sam_sid(), &domain_handle);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n",
+ nt_errstr(status)));
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
+ return false;
}
resume_context = get_safe_SVAL(param,tpscnt,p,0,-1);
@@ -2077,11 +2095,6 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: "
"%d\n", resume_context, cli_buf_size));
- become_root();
- num_entries = pdb_search_entries(search, resume_context, 0xffffffff,
- &entries);
- unbecome_root();
-
*rdata_len = cli_buf_size;
*rdata = smb_realloc_limit(*rdata,*rdata_len);
if (!*rdata) {
@@ -2090,25 +2103,63 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
p = *rdata;
- for(i=0; i<num_entries; i++) {
- fstring name;
- fstrcpy(name, entries[i].account_name);
- if( ((PTR_DIFF(p,*rdata)+21) <= *rdata_len) ) {
+ errflags = NERR_Success;
+ num_groups = 0;
+ resume_handle = 0;
+
+ while (true) {
+ struct samr_SamArray *sam_entries;
+ uint32_t num_entries;
+
+ status = rpccli_samr_EnumDomainGroups(samr_pipe, talloc_tos(),
+ &domain_handle,
+ &resume_handle,
+ &sam_entries, 1,
+ &num_entries);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("rpccli_samr_EnumDomainGroups returned "
+ "%s\n", nt_errstr(status)));
+ break;
+ }
+
+ if (num_entries == 0) {
+ DEBUG(10, ("rpccli_samr_EnumDomainGroups returned "
+ "no entries -- done\n"));
+ break;
+ }
+
+ for(i=0; i<num_entries; i++) {
+ const char *name;
+
+ name = sam_entries->entries[i].name.string;
+
+ if( ((PTR_DIFF(p,*rdata)+21) > *rdata_len) ) {
+ /* set overflow error */
+ DEBUG(3,("overflow on entry %d group %s\n", i,
+ name));
+ errflags=234;
+ break;
+ }
+
/* truncate the name at 21 chars. */
- memcpy(p, name, 21);
+ memset(p, 0, 21);
+ strlcpy(p, name, 21);
DEBUG(10,("adding entry %d group %s\n", i, p));
p += 21;
- p += 5; /* Both NT4 and W2k3SP1 do padding here.
- No idea why... */
- } else {
- /* set overflow error */
- DEBUG(3,("overflow on entry %d group %s\n", i, name));
- errflags=234;
+ p += 5; /* Both NT4 and W2k3SP1 do padding here. No
+ * idea why... */
+ num_groups += 1;
+ }
+
+ if (errflags != NERR_Success) {
break;
}
+
+ TALLOC_FREE(sam_entries);
}
- pdb_search_destroy(search);
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &domain_handle);
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
*rdata_len = PTR_DIFF(p,*rdata);
@@ -2119,8 +2170,8 @@ static bool api_RNetGroupEnum(connection_struct
*conn,uint16 vuid,
}
SSVAL(*rparam, 0, errflags);
SSVAL(*rparam, 2, 0); /* converter word */
- SSVAL(*rparam, 4, i); /* is this right?? */
- SSVAL(*rparam, 6, resume_context+num_entries); /* is this right?? */
+ SSVAL(*rparam, 4, num_groups); /* is this right?? */
+ SSVAL(*rparam, 6, resume_context+num_groups); /* is this right?? */
return(True);
}
@@ -2353,6 +2404,7 @@ static bool api_RNetUserEnum(connection_struct *conn,
uint16 vuid,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n",
nt_errstr(status)));
+ rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
return false;
}
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c9fc1fb..8539e04 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1623,6 +1623,7 @@ void chain_reply(struct smb_request *req)
exit_server_cleanly("chain_reply: srv_send_smb "
"failed.");
}
+ TALLOC_FREE(req);
return;
}
@@ -1737,6 +1738,7 @@ void chain_reply(struct smb_request *req)
IS_CONN_ENCRYPTED(req->conn)||req->encrypted)) {
exit_server_cleanly("construct_reply: srv_send_smb failed.");
}
+ TALLOC_FREE(req);
}
/****************************************************************************
--
Samba Shared Repository
