FW: Fixed: queryaliasmem always fails in V2.2.5 redhat 7.3 and re dhat 7.2

Phill Bertolus Phill at WebWombat.com
Sun Aug 11 02:52:00 GMT 2002 

Hi List,

I think I'm posting to the right place. It appears samba-bugs at samba.org is
now dead. 

Posting this cause it may help. I probably won't keep a record of this as I
prefer not to fiddle with source code (except when cornered).

-----Original Message-----
From: Phill Bertolus
To: 'samba-bugs at samba.org'
Sent: 8/11/2002 8:36 PM
Subject: Fixed: queryaliasmem always fails in V2.2.5 redhat 7.3 and redhat
7.2

Further to the ealier report, here is how I fixed the issue. It seems
that smb_io_dom_sid2 places data into the DOM_SID2 structure. No
structure is allocated when this happens... results are unpredictable. 

Allocating some space to take the results seems to work. The local
results are then copied to some memory allocated on the "heap" and
returned (this is in the original code). Seems the programmer merely
forgot to allocate the space since everything else is in place which
inturn implies the space is there.

I'm not convinced that I've fixed this correctly. It needs to be checked
by the author to ensure a better degree of quality.

Sorry I don't know how to use the diff stuff otherwise I would have done
a patch (I'd better learn I guess). The source I used was cvs'ed today
(date of this email) using the command on the web page for the SAMBA 2.2
version.

Hope this helps.

Regs
Phill Bertolus

/* Query alias members */

NTSTATUS cli_samr_query_aliasmem(struct cli_state *cli, TALLOC_CTX
*mem_ctx,
                                 POLICY_HND *alias_pol, uint32 *num_mem,
                                 DOM_SID **sids)
{
        prs_struct qbuf, rbuf;
        SAMR_Q_QUERY_ALIASMEM q;
        SAMR_R_QUERY_ALIASMEM r;
        NTSTATUS result = NT_STATUS_UNSUCCESSFUL;
        uint32 i;
>>>>>>ADDED>>>        DOM_SID2 sid2[MAX_LOOKUP_SIDS];

        ZERO_STRUCT(q);
        ZERO_STRUCT(r);
>>>>>>ADDED>>>        r.sid = &sid2[0];



-----Original Message-----
From: Phill Bertolus
To: 'samba-bugs at samba.org'
Sent: 8/11/2002 11:41 AM
Subject: queryaliasmem always fails in V2.2.5 redhat 7.3 and redhat 7.2

Hi Samba-bugs,

Here's what I do:

[phill at devil log]$ rpcclient -U administrator%xxx -W wombat-nt -c
"enumalsgroups domain" isis
cmd = enumalsgroups domain
group:[RAS and IAS Servers] rid:[0x229]
group:[workstation admin] rid:[0x450]
group:[outlook web access] rid:[0x495]
group:[DHCP Users] rid:[0x526]
group:[DHCP Administrators] rid:[0x527]
group:[DnsAdmins] rid:[0x528]
[phill at devil log]$

Then I try to use the rids like so:

[phill at devil log]$ rpcclient -U administrator%xxx -W wombat-nt -c
"queryaliasmem 0x495" isis
cmd = queryaliasmem 0x495
result was NT_STATUS_UNSUCCESSFUL
[phill at devil log]$

It doesn't matter which rid I use it always fails. I've this on two
networks.
1) Win2K Advanced Server FP2.
2) WinNT4 Server
same result on both,

All other functions I've tried seem to work fine.

Here's the last part of the debug trace. I think the error occurs is
cli_samr_query_aliasmem around where the memory is allocated to hold the
sids that come back:

        *num_mem = r.num_sids;
        if (!(*sids = talloc(mem_ctx, sizeof(DOM_SID) * *num_mem))) {
                result = NT_STATUS_UNSUCCESSFUL;
                goto done;
        } 

I think this is the case because the number of sids appears to be 1 (if
I understand what's going on correctly). I think number 1 could be valid
shown below for the sid count.

rpc_api_pipe: len left: 32 smbtrans read: 44
rpc_read: data_to_read: 32 rdata offset: 44 extra_data_size: 32
rpc_read: grew buffer by 32 bytes to 76
size=92
smb_com=0x2e
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=40963
smb_pid=5102
smb_uid=16387
smb_mid=1
smt_wct=12
smb_vwv[0]=255 (0xFF)
smb_vwv[1]=0 (0x0)
smb_vwv[2]=0 (0x0)
smb_vwv[3]=0 (0x0)
smb_vwv[4]=0 (0x0)
smb_vwv[5]=32 (0x20)
smb_vwv[6]=60 (0x3C)
smb_vwv[7]=0 (0x0)
smb_vwv[8]=0 (0x0)
smb_vwv[9]=0 (0x0)
smb_vwv[10]=0 (0x0)
smb_vwv[11]=0 (0x0)
smb_bcc=33
rpc_read: num_read = 32, read offset: 0, to read: 32
000018 samr_io_r_query_aliasmem
    0018 num_sids : 00000001
    001c ptr: 0015a460
    0020 num_sids1: 00000001
    0024 : 0015a464
size=35
smb_com=0x4
smb_rcls=0
smb_reh=0
smb_err=0
smb_flg=136
smb_flg2=49153
smb_tid=40963
smb_pid=5102
smb_uid=16387
smb_mid=1
smt_wct=0
smb_bcc=0
result was NT_STATUS_UNSUCCESSFUL

Any help most welcome.

Regs
Phill.

More information about the samba-technical mailing list