diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2002-01-26 10:02:23 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2002-01-26 10:02:23 +0000 |
| commit | 6e7667125d142670db7393ed7a48386f3821d896 (patch) | |
| tree | c2edadac543dffdd24fcc2a33512a8913da1488c | |
| parent | 100d2705ddfa1fde73a0bb06e8e097b2b1cbf36a (diff) | |
| download | samba-6e7667125d142670db7393ed7a48386f3821d896.tar.gz samba-6e7667125d142670db7393ed7a48386f3821d896.tar.xz samba-6e7667125d142670db7393ed7a48386f3821d896.zip | |
Move the lsa code across to the changed args for lookup_name, and surround it
in become_root()/unbecome_root().
Also only allocate the memory the client reqests - and don't allow the client
to trigger an SMB_ASSERT if they ask for 'more'.
Up the maximum number of sids allowed, and note that this is an arbiary guess,
and can be raised without consequence.
Andrew Bartlett
| -rw-r--r-- | source/include/rpc_lsa.h | 6 | ||||
| -rw-r--r-- | source/rpc_server/srv_lsa_nt.c | 13 |
2 files changed, 13 insertions, 6 deletions
diff --git a/source/include/rpc_lsa.h b/source/include/rpc_lsa.h index 0bae09480b8..8388877dd1d 100644 --- a/source/include/rpc_lsa.h +++ b/source/include/rpc_lsa.h @@ -90,9 +90,6 @@ enum SID_NAME_USE /* XXXX these are here to get a compile! */ #define LSA_LOOKUPRIDS 0xFD -#define LSA_MAX_GROUPS 96 -#define LSA_MAX_SIDS 128 - /* DOM_QUERY - info class 3 and 5 LSA Query response */ typedef struct dom_query_info { @@ -362,7 +359,8 @@ typedef struct lsa_trans_name_info } LSA_TRANS_NAME; -#define MAX_LOOKUP_SIDS 30 +/* This number purly arbitary - just to prevent a client from requesting large amounts of memory */ +#define MAX_LOOKUP_SIDS 256 /* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ typedef struct lsa_trans_name_enum_info diff --git a/source/rpc_server/srv_lsa_nt.c b/source/rpc_server/srv_lsa_nt.c index 9916b99c8ab..412d0e775e8 100644 --- a/source/rpc_server/srv_lsa_nt.c +++ b/source/rpc_server/srv_lsa_nt.c @@ -140,6 +140,8 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, SMB_ASSERT(num_entries <= MAX_LOOKUP_SIDS); + become_root(); /* lookup_name can require root privs */ + for (i = 0; i < num_entries; i++) { BOOL status = False; DOM_SID sid; @@ -158,7 +160,7 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, DEBUG(5, ("init_lsa_rid2s: looking up name %s\n", full_name)); - status = lookup_name(full_name, &sid, &name_type); + status = lookup_name(dom_name, user, &sid, &name_type); DEBUG(5, ("init_lsa_rid2s: %s\n", status ? "found" : "not found")); @@ -176,6 +178,8 @@ static void init_lsa_rid2s(DOM_R_REF *ref, DOM_RID2 *rid2, init_dom_rid2(&rid2[total], rid, name_type, dom_idx); total++; } + + unbecome_root(); } /*************************************************************************** @@ -612,8 +616,13 @@ NTSTATUS _lsa_lookup_names(pipes_struct *p,LSA_Q_LOOKUP_NAMES *q_u, LSA_R_LOOKUP if (!(handle->access & POLICY_LOOKUP_NAMES)) return NT_STATUS_ACCESS_DENIED; + if (num_entries > MAX_LOOKUP_SIDS) { + num_entries = MAX_LOOKUP_SIDS; + DEBUG(5,("_lsa_lookup_names: truncating name lookup list to %d\n", num_entries)); + } + ref = (DOM_R_REF *)talloc_zero(p->mem_ctx, sizeof(DOM_R_REF)); - rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*MAX_LOOKUP_SIDS); + rids = (DOM_RID2 *)talloc_zero(p->mem_ctx, sizeof(DOM_RID2)*num_entries); if (!ref || !rids) return NT_STATUS_NO_MEMORY; |