summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h12
-rwxr-xr-xsource3/include/rpc_spoolss.h2
-rw-r--r--source3/printing/nt_printing.c4
-rw-r--r--source3/rpc_parse/parse_dfs.c8
-rw-r--r--source3/rpc_parse/parse_misc.c2
-rw-r--r--source3/rpc_parse/parse_sec.c37
-rw-r--r--source3/rpc_parse/parse_spoolss.c78
-rwxr-xr-xsource3/rpc_server/srv_spoolss.c6
8 files changed, 74 insertions, 75 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index b5846a45ad..e1b444545b 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1945,7 +1945,7 @@ BOOL smb_io_buffer3(char *desc, BUFFER3 *buf3, prs_struct *ps, int depth);
BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth);
void init_buffer2(BUFFER2 *str, uint8 *buf, int len);
BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, int depth);
-void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf);
+void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf);
void copy_unistr2(UNISTR2 *str, UNISTR2 *from);
void init_string2(STRING2 *str, char *buf, int len);
BOOL smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, int depth);
@@ -2424,13 +2424,14 @@ SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list);
SEC_ACL *dup_sec_acl( SEC_ACL *src);
void free_sec_acl(SEC_ACL **ppsa);
BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth);
+size_t sec_desc_size(SEC_DESC *psd);
SEC_DESC *make_sec_desc(uint16 revision, uint16 type,
DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size);
+ SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size);
SEC_DESC *dup_sec_desc( SEC_DESC *src);
void free_sec_desc(SEC_DESC **ppsd);
SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *dacl, size_t *sec_desc_size);
+ SEC_ACL *dacl, size_t *sd_size);
BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth);
SEC_DESC_BUF *make_sec_desc_buf(size_t len, SEC_DESC *sec_desc);
SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src);
@@ -2450,10 +2451,6 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u,
const fstring user_name);
BOOL spoolss_io_q_open_printer_ex(char *desc, SPOOL_Q_OPEN_PRINTER_EX *q_u, prs_struct *ps, int depth);
BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_struct *ps, int depth);
-BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
- const POLICY_HND *handle,
- const UNISTR2 *valuename,
- uint32 size);
BOOL spoolss_io_q_getprinterdata(char *desc, SPOOL_Q_GETPRINTERDATA *q_u, prs_struct *ps, int depth);
BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_struct *ps, int depth);
BOOL make_spoolss_q_closeprinter(SPOOL_Q_CLOSEPRINTER *q_u, POLICY_HND *hnd);
@@ -2530,6 +2527,7 @@ BOOL spoolss_io_q_getprinter(char *desc, SPOOL_Q_GETPRINTER *q_u, prs_struct *ps
BOOL make_spoolss_q_getprinter(SPOOL_Q_GETPRINTER *q_u, const POLICY_HND *hnd, uint32 level,
NEW_BUFFER *buffer, uint32 offered);
BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps, int depth);
+void free_spoolss_q_setprinter(SPOOL_Q_SETPRINTER *q_u);
BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps, int depth);
BOOL spoolss_io_r_fcpn(char *desc, SPOOL_R_FCPN *r_u, prs_struct *ps, int depth);
BOOL spoolss_io_q_fcpn(char *desc, SPOOL_Q_FCPN *q_u, prs_struct *ps, int depth);
diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h
index 9f127f3e5d..40851533cf 100755
--- a/source3/include/rpc_spoolss.h
+++ b/source3/include/rpc_spoolss.h
@@ -1356,7 +1356,7 @@ typedef struct spool_q_setprinter
POLICY_HND handle;
uint32 level;
SPOOL_PRINTER_INFO_LEVEL info;
- SEC_DESC_BUF secdesc_ctr;
+ SEC_DESC_BUF *secdesc_ctr;
DEVMODE_CTR devmode_ctr;
uint32 command;
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index d63fdfd1b9..023f4ce9d1 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1374,15 +1374,13 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
fstring key;
uint32 status;
- prs_init(&ps, 0, 4, MARSHALL);
- ps.is_dynamic = True;
+ prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec), 4, MARSHALL);
if (!sec_io_desc_buf("nt_printing_setsec", &secdesc_ctr, &ps, 1)) {
status = ERROR_INVALID_FUNCTION;
goto out;
}
-
slprintf(key, sizeof(key), "SECDESC/%s", printername);
if (tdb_prs_store(tdb, key, &ps)==0) {
diff --git a/source3/rpc_parse/parse_dfs.c b/source3/rpc_parse/parse_dfs.c
index 71e866e59a..31ca53a850 100644
--- a/source3/rpc_parse/parse_dfs.c
+++ b/source3/rpc_parse/parse_dfs.c
@@ -281,7 +281,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries,
depth++;
/* should depend on whether marshalling or unmarshalling! */
if(UNMARSHALLING(ps))
- ctr->dfs.info1 = g_new0(DFS_INFO_1, num_entries);
+ ctr->dfs.info1 = (DFS_INFO_1 *)malloc(sizeof(DFS_INFO_1)*num_entries);
for(i=0;i<num_entries;i++)
{
@@ -302,7 +302,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries,
int i=0;
depth++;
if(UNMARSHALLING(ps))
- ctr->dfs.info2 = g_new0(DFS_INFO_2, num_entries);
+ ctr->dfs.info2 = (DFS_INFO_2 *)calloc(num_entries, sizeof(DFS_INFO_2));
for(i=0;i<num_entries;i++)
{
@@ -331,7 +331,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries,
int i=0;
depth++;
if(UNMARSHALLING(ps))
- ctr->dfs.info3 = g_new0(DFS_INFO_3, num_entries);
+ ctr->dfs.info3 = (DFS_INFO_3 *)calloc(num_entries, sizeof(DFS_INFO_3));
for(i=0;i<num_entries;i++)
{
@@ -406,7 +406,7 @@ BOOL dfs_io_dfs_storage_info(char *desc, DFS_INFO_3* info3,
depth++;
if(UNMARSHALLING(ps))
- info3->storages = g_new0(DFS_STORAGE_INFO, info3->num_storage_infos);
+ info3->storages = (DFS_STORAGE_INFO *)calloc(info3->num_storage_infos, sizeof(DFS_STORAGE_INFO));
for(i=0;i<info3->num_storage_infos;i++)
{
diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c
index 935d83cafa..da2aa4450e 100644
--- a/source3/rpc_parse/parse_misc.c
+++ b/source3/rpc_parse/parse_misc.c
@@ -686,7 +686,7 @@ BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, in
creates a UNISTR2 structure: sets up the buffer, too
********************************************************************/
-void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf)
+void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf)
{
if (buf != NULL) {
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 76e246ca9e..2aba894834 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -251,17 +251,40 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth)
}
/*******************************************************************
+ Works out the linearization size of a SEC_DESC.
+********************************************************************/
+
+size_t sec_desc_size(SEC_DESC *psd)
+{
+ size_t offset = SD_HEADER_SIZE;
+
+ if (psd->owner_sid != NULL)
+ offset += ((sid_size(psd->owner_sid) + 3) & ~3);
+
+ if (psd->grp_sid != NULL)
+ offset += ((sid_size(psd->grp_sid) + 3) & ~3);
+
+ if (psd->sacl != NULL)
+ offset += ((psd->sacl->size + 3) & ~3);
+
+ if (psd->dacl != NULL)
+ offset += ((psd->dacl->size + 3) & ~3);
+
+ return offset;
+}
+
+/*******************************************************************
Creates a SEC_DESC structure
********************************************************************/
SEC_DESC *make_sec_desc(uint16 revision, uint16 type,
DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size)
+ SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
{
SEC_DESC *dst;
uint32 offset;
- *sec_desc_size = 0;
+ *sd_size = 0;
if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL)
return NULL;
@@ -288,7 +311,7 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type,
if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL))
goto error_exit;
- offset = 0x0;
+ offset = 0;
/*
* Work out the linearization sizes.
@@ -330,12 +353,12 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type,
offset += ((dacl->size + 3) & ~3);
}
- *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset);
+ *sd_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset);
return dst;
error_exit:
- *sec_desc_size = 0;
+ *sd_size = 0;
free_sec_desc(&dst);
return NULL;
}
@@ -382,10 +405,10 @@ void free_sec_desc(SEC_DESC **ppsd)
********************************************************************/
SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid,
- SEC_ACL *dacl, size_t *sec_desc_size)
+ SEC_ACL *dacl, size_t *sd_size)
{
return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
- owner_sid, grp_sid, NULL, dacl, sec_desc_size);
+ owner_sid, grp_sid, NULL, dacl, sd_size);
}
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index db86695365..2565439a21 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -775,26 +775,6 @@ BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_
return True;
}
-/*******************************************************************
- * make a structure.
- ********************************************************************/
-BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u,
- const POLICY_HND *handle,
- const UNISTR2 *valuename,
- uint32 size)
-{
- int len_name = valuename != NULL ? strlen(valuename) : 0;
-
- if (q_u == NULL) return False;
-
- DEBUG(5,("make_spoolss_q_getprinterdata\n"));
-
- q_u->handle = *handle;
- init_unistr2(&(q_u->valuename), valuename, len_name);
- q_u->size = size;
-
- return True;
-}
/*******************************************************************
* read a structure.
@@ -1300,14 +1280,6 @@ static uint32 size_of_relative_string(UNISTR *string)
}
/*******************************************************************
- * return the length of a uint32 + sec desc
- ********************************************************************/
-static uint32 size_of_sec_desc(SEC_DESC *sec)
-{
- return 4+1024;
-}
-
-/*******************************************************************
* return the length of a uint32 (obvious, but the code is clean)
********************************************************************/
static uint32 size_of_device_mode(DEVICEMODE *devmode)
@@ -1518,7 +1490,7 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth,
prs_set_offset(ps, buffer->string_at_end);
/* write the secdesc */
- if (!sec_io_desc(desc, *secdesc, ps, depth))
+ if (!sec_io_desc(desc, secdesc, ps, depth))
return False;
prs_set_offset(ps, struct_offset);
@@ -1801,7 +1773,7 @@ BOOL new_smb_io_printer_info_3(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_3 *i
if (!prs_uint32("flags", ps, depth, &info->flags))
return False;
- if (!sec_io_desc("sec_desc", &info->sec, ps, depth))
+ if (!sec_io_desc("sec_desc", &info->secdesc, ps, depth))
return False;
return True;
@@ -2350,10 +2322,10 @@ uint32 spoolss_size_printer_info_1(PRINTER_INFO_1 *info)
{
int size=0;
- size+=size_of_uint32( &(info->flags) );
- size+=size_of_relative_string( &(info->description) );
- size+=size_of_relative_string( &(info->name) );
- size+=size_of_relative_string( &(info->comment) );
+ size+=size_of_uint32( &info->flags );
+ size+=size_of_relative_string( &info->description );
+ size+=size_of_relative_string( &info->name );
+ size+=size_of_relative_string( &info->comment );
return size;
}
@@ -2363,9 +2335,10 @@ return the size required by a struct in the stream
********************************************************************/
uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info)
{
- int size=0;
+ uint32 size=0;
- size += size_of_sec_desc( info->secdesc );
+ size += 4;
+ size += sec_desc_size( info->secdesc );
size+=size_of_device_mode( info->devmode );
@@ -2398,11 +2371,8 @@ return the size required by a struct in the stream
********************************************************************/
uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info)
{
- /* well, we don't actually *know* the damn size of the
- * security descriptor. spoolss is a stupidly designed
- * api.
- */
- return size_of_sec_desc( &info->sec );
+ /* The 4 is for the self relative pointer.. */
+ return 4 + (uint32)sec_desc_size( info->secdesc );
}
/*******************************************************************
@@ -2642,9 +2612,7 @@ BOOL make_spoolss_q_getprinterdriver2(SPOOL_Q_GETPRINTERDRIVER2 *q_u,
NEW_BUFFER *buffer, uint32 offered)
{
if (q_u == NULL)
- {
return False;
- }
memcpy(&q_u->handle, hnd, sizeof(q_u->handle));
@@ -2906,7 +2874,18 @@ BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps
}
/*******************************************************************
+ Delete the dynamic parts of a SPOOL_Q_SETPRINTE struct.
********************************************************************/
+
+void free_spoolss_q_setprinter(SPOOL_Q_SETPRINTER *q_u)
+{
+ free_sec_desc_buf( &q_u->secdesc_ctr );
+}
+
+/*******************************************************************
+ Marshall/unmarshall a SPOOL_Q_SETPRINTER struct.
+********************************************************************/
+
BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps, int depth)
{
uint32 ptr_sec_desc = 0;
@@ -3538,8 +3517,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
case 1:
{
if (UNMARSHALLING(ps)) {
- il->info_1=g_new(SPOOL_PRINTER_INFO_LEVEL_1, 1);
- if(il->info_1 == NULL)
+ if ((il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_1))) == NULL)
return False;
}
if (!spool_io_printer_info_level_1("", il->info_1, ps, depth))
@@ -3548,8 +3526,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
}
case 2:
if (UNMARSHALLING(ps)) {
- il->info_2=g_new(SPOOL_PRINTER_INFO_LEVEL_2, 1);
- if(il->info_2 == NULL)
+ if ((il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_2))) == NULL)
return False;
}
if (!spool_io_printer_info_level_2("", il->info_2, ps, depth))
@@ -3558,8 +3535,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s
case 3:
{
if (UNMARSHALLING(ps)) {
- il->info_3=g_new(SPOOL_PRINTER_INFO_LEVEL_3, 1);
- if(il->info_3 == NULL)
+ if ((il->info_3=(SPOOL_PRINTER_INFO_LEVEL_3 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_3))) == NULL)
return False;
}
if (!spool_io_printer_info_level_3("", il->info_3, ps, depth))
@@ -4754,8 +4730,8 @@ void free_devmode(DEVICEMODE *devmode)
void free_printer_info_3(PRINTER_INFO_3 *printer)
{
if (printer!=NULL) {
- if (printer->sec != NULL)
- free_sec_desc(&printer->sec);
+ if (printer->secdesc != NULL)
+ free_sec_desc(&printer->secdesc);
free(printer);
}
}
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 0e6c456ec3..74901efa78 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -498,14 +498,18 @@ static BOOL api_spoolss_setprinter(prs_struct *data, prs_struct *rdata)
}
r_u.status = _spoolss_setprinter(&q_u.handle, q_u.level, &q_u.info,
- q_u.devmode_ctr, &q_u.secdesc_ctr,
+ q_u.devmode_ctr, q_u.secdesc_ctr,
q_u.command);
if(!spoolss_io_r_setprinter("",&r_u,rdata,0)) {
DEBUG(0,("spoolss_io_r_setprinter: unable to marshall SPOOL_R_SETPRINTER.\n"));
+ free_spoolss_q_setprinter(&q_u);
return False;
}
+ /* Free anything allocated in the unparse. */
+ free_spoolss_q_setprinter(&q_u);
+
return True;
}