[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha6-612-g9941e73

Volker Lendecke vlendec at samba.org
Sat Feb 7 18:26:21 GMT 2009


The branch, master has been updated
       via  9941e730ca239290ffee2b8ab105552a0ff1b002 (commit)
       via  ca701cfd522fe44fbc6c38ed29472ffe8a2be809 (commit)
       via  51dc7b9d82ceb17ee6a53071dbd588f45e5d0000 (commit)
       via  422e77f32a317a4a3bc11ae3b03665614899c191 (commit)
       via  c975ce15eb354ed6d2db452c7de8c717dd140b05 (commit)
       via  2fd79e15f76d396674bcb8a1d1c17fa30da15110 (commit)
      from  4e79ca61611cf17c522827b36e6113001de36c54 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 9941e730ca239290ffee2b8ab105552a0ff1b002
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 18:46:30 2009 +0100

    Fix memleaks in chain_reply for async requests

commit ca701cfd522fe44fbc6c38ed29472ffe8a2be809
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 16:54:06 2009 +0100

    Fix a couple of memleaks in mapping_ldb.c

commit 51dc7b9d82ceb17ee6a53071dbd588f45e5d0000
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 16:24:08 2009 +0100

    Make current_in_pdu in pipes_struct allocated
    
    This makes an open pipe about 4K cheaper

commit 422e77f32a317a4a3bc11ae3b03665614899c191
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 15:30:54 2009 +0100

    Convert api_RNetGroupEnum to use samr instead of pdb

commit c975ce15eb354ed6d2db452c7de8c717dd140b05
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 13:32:30 2009 +0100

    Fix resume handle for _samr_EnumDomainGroups

commit 2fd79e15f76d396674bcb8a1d1c17fa30da15110
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Feb 7 11:28:38 2009 +0100

    Close samr_handle if open_domain failed

-----------------------------------------------------------------------

Summary of changes:
 source3/groupdb/mapping_ldb.c     |   87 +++++++++++++++++------------
 source3/include/ntdomain.h        |    2 +-
 source3/rpc_server/srv_pipe_hnd.c |   18 ++++++
 source3/rpc_server/srv_samr_nt.c  |    2 -
 source3/smbd/lanman.c             |  112 +++++++++++++++++++++++++++----------
 source3/smbd/process.c            |    2 +
 6 files changed, 155 insertions(+), 68 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/groupdb/mapping_ldb.c b/source3/groupdb/mapping_ldb.c
index af99b86..a162c19 100644
--- a/source3/groupdb/mapping_ldb.c
+++ b/source3/groupdb/mapping_ldb.c
@@ -217,24 +217,26 @@ static bool get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map)
 	int ret;
 	struct ldb_dn *dn;
 	struct ldb_result *res=NULL;
-	
-	dn = mapping_dn(ldb, &sid);
-	if (dn == NULL) goto failed;
+	bool result = false;
 
-	ret = ldb_search(ldb, ldb, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
-	talloc_steal(dn, res);
-	if (ret != LDB_SUCCESS || res->count != 1) {
+	dn = mapping_dn(talloc_tos(), &sid);
+	if (dn == NULL) {
 		goto failed;
 	}
 
-	if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+	ret = ldb_search(ldb, dn, &res, dn, LDB_SCOPE_BASE, NULL, NULL);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
 
-	talloc_free(dn);
-	return True;
+	if (!msg_to_group_map(res->msgs[0], map)) {
+		goto failed;
+	}
 
-failed:
+	result = true;
+ failed:
 	talloc_free(dn);
-	return False;
+	return result;
 }
 
 /*
@@ -244,16 +246,23 @@ static bool get_group_map_from_gid(gid_t gid, GROUP_MAP *map)
 {
 	int ret;
 	struct ldb_result *res=NULL;
+	bool result = false;
 
-	ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "(&(gidNumber=%u)(objectClass=groupMap))", (unsigned)gid);
-	if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-	
-	if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+	ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+			 NULL, "(&(gidNumber=%u)(objectClass=groupMap))",
+			 (unsigned)gid);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
 
-	return True;
+	if (!msg_to_group_map(res->msgs[0], map)) {
+		goto failed;
+	}
 
+	result = true;
 failed:
-	return False;
+	TALLOC_FREE(res);
+	return result;
 }
 
 /*
@@ -263,16 +272,22 @@ static bool get_group_map_from_ntname(const char *name, GROUP_MAP *map)
 {
 	int ret;
 	struct ldb_result *res=NULL;
+	bool result = false;
 
-	ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, NULL, "(&(ntName=%s)(objectClass=groupMap))", name);
-	if (ret != LDB_SUCCESS || res->count != 1) goto failed;
-	
-	if (!msg_to_group_map(res->msgs[0], map)) goto failed;
+	ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+			 NULL, "(&(ntName=%s)(objectClass=groupMap))", name);
+	if (ret != LDB_SUCCESS || res->count != 1) {
+		goto failed;
+	}
 
-	return True;
+	if (!msg_to_group_map(res->msgs[0], map)) {
+		goto failed;
+	}
 
-failed:
-	return False;
+	result = true;
+ failed:
+	TALLOC_FREE(res);
+	return result;
 }
 
 /*
@@ -318,15 +333,14 @@ static bool enum_group_mapping(const DOM_SID *domsid, enum lsa_SidType sid_name_
 	}
 
 	if (sid_name_use == SID_NAME_UNKNOWN) {
-		ret = ldb_search(ldb, ldb, &res, basedn, LDB_SCOPE_SUBTREE, NULL, 
-						 "(&(objectClass=groupMap))");
+		ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+				 NULL, "(&(objectClass=groupMap))");
 	} else {
-		ret = ldb_search(ldb, ldb, &res, basedn, LDB_SCOPE_SUBTREE, NULL, 
-						 "(&(sidNameUse=%u)(objectClass=groupMap))",
-						 sid_name_use);
+		ret = ldb_search(ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
+				 NULL, "(&(sidNameUse=%u)(objectClass=groupMap))",
+				 sid_name_use);
 	}
 
-	talloc_steal(tmp_ctx, res);
 	if (ret != LDB_SUCCESS) goto failed;
 
 	(*pp_rmap) = NULL;
@@ -367,14 +381,17 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
 	int ret, i;
 	struct ldb_result *res=NULL;
 	fstring string_sid;
-	NTSTATUS status = NT_STATUS_INTERNAL_DB_CORRUPTION;
+	NTSTATUS status;
 
       	if (!sid_to_fstring(string_sid, member)) {
 		return NT_STATUS_INVALID_PARAMETER;
 	}
 
-	ret = ldb_search(ldb, ldb, &res, NULL, LDB_SCOPE_SUBTREE, attrs, "(&(member=%s)(objectClass=groupMap))", string_sid);
+	ret = ldb_search(ldb, talloc_tos(), &res, NULL, LDB_SCOPE_SUBTREE,
+			 attrs, "(&(member=%s)(objectClass=groupMap))",
+			 string_sid);
 	if (ret != LDB_SUCCESS) {
+		status = NT_STATUS_INTERNAL_DB_CORRUPTION;
 		goto failed;
 	}
 
@@ -392,9 +409,9 @@ static NTSTATUS one_alias_membership(const DOM_SID *member,
 		}
 	}
 
-	return NT_STATUS_OK;
-
-failed:
+	status = NT_STATUS_OK;
+ failed:
+	TALLOC_FREE(res);
 	return status;
 }
 
diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h
index 2d6a358..7ac4dce 100644
--- a/source3/include/ntdomain.h
+++ b/source3/include/ntdomain.h
@@ -89,7 +89,7 @@ typedef struct _input_data {
 	 * pdu is seen, then the data is copied into the in_data
 	 * structure. The maximum size of this is 0x1630 (RPC_MAX_PDU_FRAG_LEN).
 	 */
-	unsigned char current_in_pdu[RPC_MAX_PDU_FRAG_LEN];
+	uint8_t *current_in_pdu;
 
 	/*
 	 * The amount of data needed to complete the in_pdu.
diff --git a/source3/rpc_server/srv_pipe_hnd.c b/source3/rpc_server/srv_pipe_hnd.c
index 4cbe8d6..56c4a31 100644
--- a/source3/rpc_server/srv_pipe_hnd.c
+++ b/source3/rpc_server/srv_pipe_hnd.c
@@ -192,6 +192,15 @@ static ssize_t fill_rpc_header(pipes_struct *p, char *data, size_t data_to_copy)
 			(unsigned int)data_to_copy, (unsigned int)len_needed_to_complete_hdr,
 			(unsigned int)p->in_data.pdu_received_len ));
 
+	if (p->in_data.current_in_pdu == NULL) {
+		p->in_data.current_in_pdu = talloc_array(p, uint8_t,
+							 RPC_HEADER_LEN);
+	}
+	if (p->in_data.current_in_pdu == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		return -1;
+	}
+
 	memcpy((char *)&p->in_data.current_in_pdu[p->in_data.pdu_received_len], data, len_needed_to_complete_hdr);
 	p->in_data.pdu_received_len += len_needed_to_complete_hdr;
 
@@ -312,6 +321,14 @@ static ssize_t unmarshall_rpc_header(pipes_struct *p)
 
 	prs_mem_free(&rpc_in);
 
+	p->in_data.current_in_pdu = TALLOC_REALLOC_ARRAY(
+		p, p->in_data.current_in_pdu, uint8_t, p->hdr.frag_len);
+	if (p->in_data.current_in_pdu == NULL) {
+		DEBUG(0, ("talloc failed\n"));
+		set_incoming_fault(p);
+		return -1;
+	}
+
 	return 0; /* No extra data processed. */
 }
 
@@ -635,6 +652,7 @@ static void process_complete_pdu(pipes_struct *p)
 		/*
 		 * Reset the lengths. We're ready for a new pdu.
 		 */
+		TALLOC_FREE(p->in_data.current_in_pdu);
 		p->in_data.pdu_needed_len = 0;
 		p->in_data.pdu_received_len = 0;
 	}
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 5f616ec..0b8cb35 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -1173,9 +1173,7 @@ NTSTATUS _samr_EnumDomainGroups(pipes_struct *p,
 
 	*r->out.sam = samr_array;
 	*r->out.num_entries = num_groups;
-	/* this was missing, IMHO:
 	*r->out.resume_handle = num_groups + *r->in.resume_handle;
-	*/
 
 	DEBUG(5,("_samr_EnumDomainGroups: %d\n", __LINE__));
 
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 4807e62..f4df58d 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -2037,10 +2037,11 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
 	char *str2 = skip_string(param,tpscnt,str1);
 	char *p = skip_string(param,tpscnt,str2);
 
-	struct pdb_search *search;
-	struct samr_displayentry *entries;
-
-	int num_entries;
+	uint32_t num_groups;
+	uint32_t resume_handle;
+	struct rpc_pipe_client *samr_pipe;
+	struct policy_handle samr_handle, domain_handle;
+	NTSTATUS status;
 
 	if (!str1 || !str2 || !p) {
 		return False;
@@ -2062,14 +2063,31 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
 		return False;
 	}
 
-	/* get list of domain groups SID_DOMAIN_GRP=2 */
-	become_root();
-	search = pdb_search_groups();
-	unbecome_root();
+	status = rpc_pipe_open_internal(
+		talloc_tos(), &ndr_table_samr.syntax_id, rpc_samr_dispatch,
+		conn->server_info, &samr_pipe);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("api_RNetUserEnum: Could not connect to samr: %s\n",
+			  nt_errstr(status)));
+		return false;
+	}
 
-	if (search == NULL) {
-		DEBUG(3,("api_RNetGroupEnum:failed to get group list"));
-		return False;
+	status = rpccli_samr_Connect2(samr_pipe, talloc_tos(), global_myname(),
+				      SAMR_ACCESS_OPEN_DOMAIN, &samr_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("api_RNetUserEnum: samr_Connect2 failed: %s\n",
+			  nt_errstr(status)));
+		return false;
+	}
+
+	status = rpccli_samr_OpenDomain(samr_pipe, talloc_tos(), &samr_handle,
+					SAMR_DOMAIN_ACCESS_ENUM_ACCOUNTS,
+					get_global_sam_sid(), &domain_handle);
+	if (!NT_STATUS_IS_OK(status)) {
+		DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n",
+			  nt_errstr(status)));
+		rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
+		return false;
 	}
 
 	resume_context = get_safe_SVAL(param,tpscnt,p,0,-1);
@@ -2077,11 +2095,6 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
 	DEBUG(10,("api_RNetGroupEnum:resume context: %d, client buffer size: "
 		  "%d\n", resume_context, cli_buf_size));
 
-	become_root();
-	num_entries = pdb_search_entries(search, resume_context, 0xffffffff,
-					 &entries);
-	unbecome_root();
-
 	*rdata_len = cli_buf_size;
 	*rdata = smb_realloc_limit(*rdata,*rdata_len);
 	if (!*rdata) {
@@ -2090,25 +2103,63 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
 
 	p = *rdata;
 
-	for(i=0; i<num_entries; i++) {
-		fstring name;
-		fstrcpy(name, entries[i].account_name);
-		if( ((PTR_DIFF(p,*rdata)+21) <= *rdata_len) ) {
+	errflags = NERR_Success;
+	num_groups = 0;
+	resume_handle = 0;
+
+	while (true) {
+		struct samr_SamArray *sam_entries;
+		uint32_t num_entries;
+
+		status = rpccli_samr_EnumDomainGroups(samr_pipe, talloc_tos(),
+						      &domain_handle,
+						      &resume_handle,
+						      &sam_entries, 1,
+						      &num_entries);
+		if (!NT_STATUS_IS_OK(status)) {
+			DEBUG(10, ("rpccli_samr_EnumDomainGroups returned "
+				   "%s\n", nt_errstr(status)));
+			break;
+		}
+
+		if (num_entries == 0) {
+			DEBUG(10, ("rpccli_samr_EnumDomainGroups returned "
+				   "no entries -- done\n"));
+			break;
+		}
+
+		for(i=0; i<num_entries; i++) {
+			const char *name;
+
+			name = sam_entries->entries[i].name.string;
+
+			if( ((PTR_DIFF(p,*rdata)+21) > *rdata_len) ) {
+				/* set overflow error */
+				DEBUG(3,("overflow on entry %d group %s\n", i,
+					 name));
+				errflags=234;
+				break;
+			}
+
 			/* truncate the name at 21 chars. */
-			memcpy(p, name, 21); 
+			memset(p, 0, 21);
+			strlcpy(p, name, 21);
 			DEBUG(10,("adding entry %d group %s\n", i, p));
 			p += 21;
-			p += 5; /* Both NT4 and W2k3SP1 do padding here.
-				   No idea why... */
-		} else {
-			/* set overflow error */
-			DEBUG(3,("overflow on entry %d group %s\n", i, name));
-			errflags=234;
+			p += 5; /* Both NT4 and W2k3SP1 do padding here.  No
+				 * idea why... */
+			num_groups += 1;
+		}
+
+		if (errflags != NERR_Success) {
 			break;
 		}
+
+		TALLOC_FREE(sam_entries);
 	}
 
-	pdb_search_destroy(search);
+	rpccli_samr_Close(samr_pipe, talloc_tos(), &domain_handle);
+	rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
 
 	*rdata_len = PTR_DIFF(p,*rdata);
 
@@ -2119,8 +2170,8 @@ static bool api_RNetGroupEnum(connection_struct *conn,uint16 vuid,
 	}
   	SSVAL(*rparam, 0, errflags);
   	SSVAL(*rparam, 2, 0);		/* converter word */
-  	SSVAL(*rparam, 4, i);	/* is this right?? */
- 	SSVAL(*rparam, 6, resume_context+num_entries);	/* is this right?? */
+	SSVAL(*rparam, 4, num_groups);	/* is this right?? */
+	SSVAL(*rparam, 6, resume_context+num_groups);	/* is this right?? */
 
 	return(True);
 }
@@ -2353,6 +2404,7 @@ static bool api_RNetUserEnum(connection_struct *conn, uint16 vuid,
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(0, ("api_RNetUserEnum: samr_OpenDomain failed: %s\n",
 			  nt_errstr(status)));
+		rpccli_samr_Close(samr_pipe, talloc_tos(), &samr_handle);
 		return false;
 	}
 
diff --git a/source3/smbd/process.c b/source3/smbd/process.c
index c9fc1fb..8539e04 100644
--- a/source3/smbd/process.c
+++ b/source3/smbd/process.c
@@ -1623,6 +1623,7 @@ void chain_reply(struct smb_request *req)
 			exit_server_cleanly("chain_reply: srv_send_smb "
 					    "failed.");
 		}
+		TALLOC_FREE(req);
 		return;
 	}
 
@@ -1737,6 +1738,7 @@ void chain_reply(struct smb_request *req)
 			  IS_CONN_ENCRYPTED(req->conn)||req->encrypted)) {
 		exit_server_cleanly("construct_reply: srv_send_smb failed.");
 	}
+	TALLOC_FREE(req);
 }
 
 /****************************************************************************


-- 
Samba Shared Repository


More information about the samba-cvs mailing list