From a2b0dcbb525b7aa3a6f79ca8f8cca4ef7fc2f8f7 Mon Sep 17 00:00:00 2001 From: Andreas Schneider Date: Tue, 16 Jul 2019 15:45:51 +0200 Subject: [PATCH 060/187] s3:rpcclient: Use a stackframe for temporary memory Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 9158a6ba8693070f3b2b71dd15089488869ab6cd) --- source3/rpcclient/cmd_samr.c | 56 +++++++++++++++++++++++++----------- 1 file changed, 39 insertions(+), 17 deletions(-) diff --git a/source3/rpcclient/cmd_samr.c b/source3/rpcclient/cmd_samr.c index b1b7c06515c..0cd8b50058e 100644 --- a/source3/rpcclient/cmd_samr.c +++ b/source3/rpcclient/cmd_samr.c @@ -3043,6 +3043,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, DATA_BLOB session_key; uint8_t password_expired = 0; struct dcerpc_binding_handle *b = cli->binding_handle; + TALLOC_CTX *frame = NULL; if (argc < 4) { printf("Usage: %s username level password [password_expired]\n", @@ -3050,6 +3051,8 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_PARAMETER; } + frame = talloc_stackframe(); + user = argv[1]; level = atoi(argv[2]); param = argv[3]; @@ -3058,18 +3061,18 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, password_expired = atoi(argv[4]); } - status = cli_get_session_key(mem_ctx, cli, &session_key); + status = cli_get_session_key(frame, cli, &session_key); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } status = init_samr_CryptPassword(param, &session_key, &pwd_buf); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } status = init_samr_CryptPasswordEx(param, &session_key, &pwd_buf_ex); if (!NT_STATUS_IS_OK(status)) { - return status; + goto done; } nt_lm_owf_gen(param, nt_hash, lm_hash); @@ -3078,14 +3081,22 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, { DATA_BLOB in,out; in = data_blob_const(nt_hash, 16); - out = data_blob_talloc_zero(mem_ctx, 16); + out = data_blob_talloc_zero(frame, 16); + if (out.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } sess_crypt_blob(&out, &in, &session_key, true); memcpy(nt_hash, out.data, out.length); } { DATA_BLOB in,out; in = data_blob_const(lm_hash, 16); - out = data_blob_talloc_zero(mem_ctx, 16); + out = data_blob_talloc_zero(frame, 15); + if (out.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } sess_crypt_blob(&out, &in, &session_key, true); memcpy(lm_hash, out.data, out.length); } @@ -3118,18 +3129,26 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, { DATA_BLOB in,out; in = data_blob_const(nt_hash, 16); - out = data_blob_talloc_zero(mem_ctx, 16); + out = data_blob_talloc_zero(frame, 16); + if (out.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } sess_crypt_blob(&out, &in, &session_key, true); info.info21.nt_owf_password.array = - (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + (uint16_t *)talloc_memdup(frame, out.data, 16); } { DATA_BLOB in,out; in = data_blob_const(lm_hash, 16); - out = data_blob_talloc_zero(mem_ctx, 16); + out = data_blob_talloc_zero(frame, 16); sess_crypt_blob(&out, &in, &session_key, true); info.info21.lm_owf_password.array = - (uint16_t *)talloc_memdup(mem_ctx, out.data, 16); + (uint16_t *)talloc_memdup(frame, out.data, 16); + if (out.data == NULL) { + status = NT_STATUS_NO_MEMORY; + goto done; + } } break; @@ -3175,7 +3194,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, /* Get sam policy handle */ - status = rpccli_try_samr_connects(cli, mem_ctx, + status = rpccli_try_samr_connects(cli, frame, MAXIMUM_ALLOWED_ACCESS, &connect_pol); if (!NT_STATUS_IS_OK(status)) { @@ -3184,7 +3203,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, /* Get domain policy handle */ - status = dcerpc_samr_OpenDomain(b, mem_ctx, + status = dcerpc_samr_OpenDomain(b, frame, &connect_pol, access_mask, &domain_sid, @@ -3200,7 +3219,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, user_rid = strtol(user, NULL, 0); if (user_rid) { - status = dcerpc_samr_OpenUser(b, mem_ctx, + status = dcerpc_samr_OpenUser(b, frame, &domain_pol, access_mask, user_rid, @@ -3222,7 +3241,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, init_lsa_String(&lsa_acct_name, user); - status = dcerpc_samr_LookupNames(b, mem_ctx, + status = dcerpc_samr_LookupNames(b, frame, &domain_pol, 1, &lsa_acct_name, @@ -3242,7 +3261,7 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, return NT_STATUS_INVALID_NETWORK_RESPONSE; } - status = dcerpc_samr_OpenUser(b, mem_ctx, + status = dcerpc_samr_OpenUser(b, frame, &domain_pol, access_mask, rids.ids[0], @@ -3258,14 +3277,14 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, switch (opcode) { case NDR_SAMR_SETUSERINFO: - status = dcerpc_samr_SetUserInfo(b, mem_ctx, + status = dcerpc_samr_SetUserInfo(b, frame, &user_pol, level, &info, &result); break; case NDR_SAMR_SETUSERINFO2: - status = dcerpc_samr_SetUserInfo2(b, mem_ctx, + status = dcerpc_samr_SetUserInfo2(b, frame, &user_pol, level, &info, @@ -3283,7 +3302,10 @@ static NTSTATUS cmd_samr_setuserinfo_int(struct rpc_pipe_client *cli, DEBUG(0,("result: %s\n", nt_errstr(status))); goto done; } + + status = NT_STATUS_OK; done: + TALLOC_FREE(frame); return status; } -- 2.23.0