diff options
-rw-r--r-- | source3/include/proto.h | 12 | ||||
-rwxr-xr-x | source3/include/rpc_spoolss.h | 2 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 4 | ||||
-rw-r--r-- | source3/rpc_parse/parse_dfs.c | 8 | ||||
-rw-r--r-- | source3/rpc_parse/parse_misc.c | 2 | ||||
-rw-r--r-- | source3/rpc_parse/parse_sec.c | 37 | ||||
-rw-r--r-- | source3/rpc_parse/parse_spoolss.c | 78 | ||||
-rwxr-xr-x | source3/rpc_server/srv_spoolss.c | 6 |
8 files changed, 74 insertions, 75 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index b5846a45ad..e1b444545b 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1945,7 +1945,7 @@ BOOL smb_io_buffer3(char *desc, BUFFER3 *buf3, prs_struct *ps, int depth); BOOL smb_io_buffer5(char *desc, BUFFER5 *buf5, prs_struct *ps, int depth); void init_buffer2(BUFFER2 *str, uint8 *buf, int len); BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, int depth); -void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf); +void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf); void copy_unistr2(UNISTR2 *str, UNISTR2 *from); void init_string2(STRING2 *str, char *buf, int len); BOOL smb_io_string2(char *desc, STRING2 *str2, uint32 buffer, prs_struct *ps, int depth); @@ -2424,13 +2424,14 @@ SEC_ACL *make_sec_acl(uint16 revision, int num_aces, SEC_ACE *ace_list); SEC_ACL *dup_sec_acl( SEC_ACL *src); void free_sec_acl(SEC_ACL **ppsa); BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth); +size_t sec_desc_size(SEC_DESC *psd); SEC_DESC *make_sec_desc(uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size); + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size); SEC_DESC *dup_sec_desc( SEC_DESC *src); void free_sec_desc(SEC_DESC **ppsd); SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sec_desc_size); + SEC_ACL *dacl, size_t *sd_size); BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth); SEC_DESC_BUF *make_sec_desc_buf(size_t len, SEC_DESC *sec_desc); SEC_DESC_BUF *dup_sec_desc_buf(SEC_DESC_BUF *src); @@ -2450,10 +2451,6 @@ BOOL make_spoolss_q_open_printer_ex(SPOOL_Q_OPEN_PRINTER_EX *q_u, const fstring user_name); BOOL spoolss_io_q_open_printer_ex(char *desc, SPOOL_Q_OPEN_PRINTER_EX *q_u, prs_struct *ps, int depth); BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_struct *ps, int depth); -BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u, - const POLICY_HND *handle, - const UNISTR2 *valuename, - uint32 size); BOOL spoolss_io_q_getprinterdata(char *desc, SPOOL_Q_GETPRINTERDATA *q_u, prs_struct *ps, int depth); BOOL spoolss_io_r_getprinterdata(char *desc, SPOOL_R_GETPRINTERDATA *r_u, prs_struct *ps, int depth); BOOL make_spoolss_q_closeprinter(SPOOL_Q_CLOSEPRINTER *q_u, POLICY_HND *hnd); @@ -2530,6 +2527,7 @@ BOOL spoolss_io_q_getprinter(char *desc, SPOOL_Q_GETPRINTER *q_u, prs_struct *ps BOOL make_spoolss_q_getprinter(SPOOL_Q_GETPRINTER *q_u, const POLICY_HND *hnd, uint32 level, NEW_BUFFER *buffer, uint32 offered); BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps, int depth); +void free_spoolss_q_setprinter(SPOOL_Q_SETPRINTER *q_u); BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps, int depth); BOOL spoolss_io_r_fcpn(char *desc, SPOOL_R_FCPN *r_u, prs_struct *ps, int depth); BOOL spoolss_io_q_fcpn(char *desc, SPOOL_Q_FCPN *q_u, prs_struct *ps, int depth); diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h index 9f127f3e5d..40851533cf 100755 --- a/source3/include/rpc_spoolss.h +++ b/source3/include/rpc_spoolss.h @@ -1356,7 +1356,7 @@ typedef struct spool_q_setprinter POLICY_HND handle; uint32 level; SPOOL_PRINTER_INFO_LEVEL info; - SEC_DESC_BUF secdesc_ctr; + SEC_DESC_BUF *secdesc_ctr; DEVMODE_CTR devmode_ctr; uint32 command; diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index d63fdfd1b9..023f4ce9d1 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1374,15 +1374,13 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) fstring key; uint32 status; - prs_init(&ps, 0, 4, MARSHALL); - ps.is_dynamic = True; + prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec), 4, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &secdesc_ctr, &ps, 1)) { status = ERROR_INVALID_FUNCTION; goto out; } - slprintf(key, sizeof(key), "SECDESC/%s", printername); if (tdb_prs_store(tdb, key, &ps)==0) { diff --git a/source3/rpc_parse/parse_dfs.c b/source3/rpc_parse/parse_dfs.c index 71e866e59a..31ca53a850 100644 --- a/source3/rpc_parse/parse_dfs.c +++ b/source3/rpc_parse/parse_dfs.c @@ -281,7 +281,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries, depth++; /* should depend on whether marshalling or unmarshalling! */ if(UNMARSHALLING(ps)) - ctr->dfs.info1 = g_new0(DFS_INFO_1, num_entries); + ctr->dfs.info1 = (DFS_INFO_1 *)malloc(sizeof(DFS_INFO_1)*num_entries); for(i=0;i<num_entries;i++) { @@ -302,7 +302,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries, int i=0; depth++; if(UNMARSHALLING(ps)) - ctr->dfs.info2 = g_new0(DFS_INFO_2, num_entries); + ctr->dfs.info2 = (DFS_INFO_2 *)calloc(num_entries, sizeof(DFS_INFO_2)); for(i=0;i<num_entries;i++) { @@ -331,7 +331,7 @@ BOOL dfs_io_dfs_info_ctr(char* desc, DFS_INFO_CTR* ctr, uint32 num_entries, int i=0; depth++; if(UNMARSHALLING(ps)) - ctr->dfs.info3 = g_new0(DFS_INFO_3, num_entries); + ctr->dfs.info3 = (DFS_INFO_3 *)calloc(num_entries, sizeof(DFS_INFO_3)); for(i=0;i<num_entries;i++) { @@ -406,7 +406,7 @@ BOOL dfs_io_dfs_storage_info(char *desc, DFS_INFO_3* info3, depth++; if(UNMARSHALLING(ps)) - info3->storages = g_new0(DFS_STORAGE_INFO, info3->num_storage_infos); + info3->storages = (DFS_STORAGE_INFO *)calloc(info3->num_storage_infos, sizeof(DFS_STORAGE_INFO)); for(i=0;i<info3->num_storage_infos;i++) { diff --git a/source3/rpc_parse/parse_misc.c b/source3/rpc_parse/parse_misc.c index 935d83cafa..da2aa4450e 100644 --- a/source3/rpc_parse/parse_misc.c +++ b/source3/rpc_parse/parse_misc.c @@ -686,7 +686,7 @@ BOOL smb_io_buffer2(char *desc, BUFFER2 *buf2, uint32 buffer, prs_struct *ps, in creates a UNISTR2 structure: sets up the buffer, too ********************************************************************/ -void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, char *buf) +void init_buf_unistr2(UNISTR2 *str, uint32 *ptr, const char *buf) { if (buf != NULL) { diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index 76e246ca9e..2aba894834 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -251,17 +251,40 @@ BOOL sec_io_acl(char *desc, SEC_ACL **ppsa, prs_struct *ps, int depth) } /******************************************************************* + Works out the linearization size of a SEC_DESC. +********************************************************************/ + +size_t sec_desc_size(SEC_DESC *psd) +{ + size_t offset = SD_HEADER_SIZE; + + if (psd->owner_sid != NULL) + offset += ((sid_size(psd->owner_sid) + 3) & ~3); + + if (psd->grp_sid != NULL) + offset += ((sid_size(psd->grp_sid) + 3) & ~3); + + if (psd->sacl != NULL) + offset += ((psd->sacl->size + 3) & ~3); + + if (psd->dacl != NULL) + offset += ((psd->dacl->size + 3) & ~3); + + return offset; +} + +/******************************************************************* Creates a SEC_DESC structure ********************************************************************/ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *sacl, SEC_ACL *dacl, size_t *sec_desc_size) + SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size) { SEC_DESC *dst; uint32 offset; - *sec_desc_size = 0; + *sd_size = 0; if(( dst = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) return NULL; @@ -288,7 +311,7 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, if(dacl && ((dst->dacl = dup_sec_acl(dacl)) == NULL)) goto error_exit; - offset = 0x0; + offset = 0; /* * Work out the linearization sizes. @@ -330,12 +353,12 @@ SEC_DESC *make_sec_desc(uint16 revision, uint16 type, offset += ((dacl->size + 3) & ~3); } - *sec_desc_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); + *sd_size = (size_t)((offset == 0) ? SD_HEADER_SIZE : offset); return dst; error_exit: - *sec_desc_size = 0; + *sd_size = 0; free_sec_desc(&dst); return NULL; } @@ -382,10 +405,10 @@ void free_sec_desc(SEC_DESC **ppsd) ********************************************************************/ SEC_DESC *make_standard_sec_desc(DOM_SID *owner_sid, DOM_SID *grp_sid, - SEC_ACL *dacl, size_t *sec_desc_size) + SEC_ACL *dacl, size_t *sd_size) { return make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - owner_sid, grp_sid, NULL, dacl, sec_desc_size); + owner_sid, grp_sid, NULL, dacl, sd_size); } diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c index db86695365..2565439a21 100644 --- a/source3/rpc_parse/parse_spoolss.c +++ b/source3/rpc_parse/parse_spoolss.c @@ -775,26 +775,6 @@ BOOL spoolss_io_r_open_printer_ex(char *desc, SPOOL_R_OPEN_PRINTER_EX *r_u, prs_ return True; } -/******************************************************************* - * make a structure. - ********************************************************************/ -BOOL make_spoolss_q_getprinterdata(SPOOL_Q_GETPRINTERDATA *q_u, - const POLICY_HND *handle, - const UNISTR2 *valuename, - uint32 size) -{ - int len_name = valuename != NULL ? strlen(valuename) : 0; - - if (q_u == NULL) return False; - - DEBUG(5,("make_spoolss_q_getprinterdata\n")); - - q_u->handle = *handle; - init_unistr2(&(q_u->valuename), valuename, len_name); - q_u->size = size; - - return True; -} /******************************************************************* * read a structure. @@ -1300,14 +1280,6 @@ static uint32 size_of_relative_string(UNISTR *string) } /******************************************************************* - * return the length of a uint32 + sec desc - ********************************************************************/ -static uint32 size_of_sec_desc(SEC_DESC *sec) -{ - return 4+1024; -} - -/******************************************************************* * return the length of a uint32 (obvious, but the code is clean) ********************************************************************/ static uint32 size_of_device_mode(DEVICEMODE *devmode) @@ -1518,7 +1490,7 @@ static BOOL new_smb_io_relsecdesc(char *desc, NEW_BUFFER *buffer, int depth, prs_set_offset(ps, buffer->string_at_end); /* write the secdesc */ - if (!sec_io_desc(desc, *secdesc, ps, depth)) + if (!sec_io_desc(desc, secdesc, ps, depth)) return False; prs_set_offset(ps, struct_offset); @@ -1801,7 +1773,7 @@ BOOL new_smb_io_printer_info_3(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_3 *i if (!prs_uint32("flags", ps, depth, &info->flags)) return False; - if (!sec_io_desc("sec_desc", &info->sec, ps, depth)) + if (!sec_io_desc("sec_desc", &info->secdesc, ps, depth)) return False; return True; @@ -2350,10 +2322,10 @@ uint32 spoolss_size_printer_info_1(PRINTER_INFO_1 *info) { int size=0; - size+=size_of_uint32( &(info->flags) ); - size+=size_of_relative_string( &(info->description) ); - size+=size_of_relative_string( &(info->name) ); - size+=size_of_relative_string( &(info->comment) ); + size+=size_of_uint32( &info->flags ); + size+=size_of_relative_string( &info->description ); + size+=size_of_relative_string( &info->name ); + size+=size_of_relative_string( &info->comment ); return size; } @@ -2363,9 +2335,10 @@ return the size required by a struct in the stream ********************************************************************/ uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info) { - int size=0; + uint32 size=0; - size += size_of_sec_desc( info->secdesc ); + size += 4; + size += sec_desc_size( info->secdesc ); size+=size_of_device_mode( info->devmode ); @@ -2398,11 +2371,8 @@ return the size required by a struct in the stream ********************************************************************/ uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info) { - /* well, we don't actually *know* the damn size of the - * security descriptor. spoolss is a stupidly designed - * api. - */ - return size_of_sec_desc( &info->sec ); + /* The 4 is for the self relative pointer.. */ + return 4 + (uint32)sec_desc_size( info->secdesc ); } /******************************************************************* @@ -2642,9 +2612,7 @@ BOOL make_spoolss_q_getprinterdriver2(SPOOL_Q_GETPRINTERDRIVER2 *q_u, NEW_BUFFER *buffer, uint32 offered) { if (q_u == NULL) - { return False; - } memcpy(&q_u->handle, hnd, sizeof(q_u->handle)); @@ -2906,7 +2874,18 @@ BOOL spoolss_io_r_setprinter(char *desc, SPOOL_R_SETPRINTER *r_u, prs_struct *ps } /******************************************************************* + Delete the dynamic parts of a SPOOL_Q_SETPRINTE struct. ********************************************************************/ + +void free_spoolss_q_setprinter(SPOOL_Q_SETPRINTER *q_u) +{ + free_sec_desc_buf( &q_u->secdesc_ctr ); +} + +/******************************************************************* + Marshall/unmarshall a SPOOL_Q_SETPRINTER struct. +********************************************************************/ + BOOL spoolss_io_q_setprinter(char *desc, SPOOL_Q_SETPRINTER *q_u, prs_struct *ps, int depth) { uint32 ptr_sec_desc = 0; @@ -3538,8 +3517,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s case 1: { if (UNMARSHALLING(ps)) { - il->info_1=g_new(SPOOL_PRINTER_INFO_LEVEL_1, 1); - if(il->info_1 == NULL) + if ((il->info_1=(SPOOL_PRINTER_INFO_LEVEL_1 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_1))) == NULL) return False; } if (!spool_io_printer_info_level_1("", il->info_1, ps, depth)) @@ -3548,8 +3526,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s } case 2: if (UNMARSHALLING(ps)) { - il->info_2=g_new(SPOOL_PRINTER_INFO_LEVEL_2, 1); - if(il->info_2 == NULL) + if ((il->info_2=(SPOOL_PRINTER_INFO_LEVEL_2 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_2))) == NULL) return False; } if (!spool_io_printer_info_level_2("", il->info_2, ps, depth)) @@ -3558,8 +3535,7 @@ BOOL spool_io_printer_info_level(char *desc, SPOOL_PRINTER_INFO_LEVEL *il, prs_s case 3: { if (UNMARSHALLING(ps)) { - il->info_3=g_new(SPOOL_PRINTER_INFO_LEVEL_3, 1); - if(il->info_3 == NULL) + if ((il->info_3=(SPOOL_PRINTER_INFO_LEVEL_3 *)malloc(sizeof(SPOOL_PRINTER_INFO_LEVEL_3))) == NULL) return False; } if (!spool_io_printer_info_level_3("", il->info_3, ps, depth)) @@ -4754,8 +4730,8 @@ void free_devmode(DEVICEMODE *devmode) void free_printer_info_3(PRINTER_INFO_3 *printer) { if (printer!=NULL) { - if (printer->sec != NULL) - free_sec_desc(&printer->sec); + if (printer->secdesc != NULL) + free_sec_desc(&printer->secdesc); free(printer); } } diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index 0e6c456ec3..74901efa78 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -498,14 +498,18 @@ static BOOL api_spoolss_setprinter(prs_struct *data, prs_struct *rdata) } r_u.status = _spoolss_setprinter(&q_u.handle, q_u.level, &q_u.info, - q_u.devmode_ctr, &q_u.secdesc_ctr, + q_u.devmode_ctr, q_u.secdesc_ctr, q_u.command); if(!spoolss_io_r_setprinter("",&r_u,rdata,0)) { DEBUG(0,("spoolss_io_r_setprinter: unable to marshall SPOOL_R_SETPRINTER.\n")); + free_spoolss_q_setprinter(&q_u); return False; } + /* Free anything allocated in the unparse. */ + free_spoolss_q_setprinter(&q_u); + return True; } |