summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/printing/nt_printing.c21
-rw-r--r--source3/rpc_parse/parse_prs.c3
-rw-r--r--source3/rpc_parse/parse_sec.c17
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c2
-rw-r--r--source3/smbd/lanman.c2
-rw-r--r--source3/smbd/nttrans.c5
-rw-r--r--source3/smbd/pipes.c2
-rw-r--r--source3/tdb/tdbutil.c12
8 files changed, 45 insertions, 19 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 768e97ffdb..991f66a8ac 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1465,7 +1465,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
fstring key;
uint32 status;
- prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec), 4, MARSHALL);
+ prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec) + sizeof(SEC_DESC_BUF), 4, MARSHALL);
if (!sec_io_desc_buf("nt_printing_setsec", &secdesc_ctr, &ps, 1)) {
status = ERROR_INVALID_FUNCTION;
@@ -1493,11 +1493,22 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr)
static SEC_DESC_BUF *construct_default_printer_sdb(void)
{
extern DOM_SID global_sid_World;
+ SEC_ACE ace;
+ SEC_ACCESS sa;
+ SEC_ACL *psa = NULL;
SEC_DESC_BUF *sdb = NULL;
+ SEC_DESC *psd = NULL;
size_t sd_size;
- SEC_DESC *psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
- &global_sid_World, &global_sid_World,
- NULL, NULL, &sd_size);
+
+ init_sec_access(&sa,PRINTER_ALL_ACCESS);
+ init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
+
+ if ((psa = make_sec_acl( 3, 1, &ace)) != NULL) {
+ psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+ &global_sid_World, &global_sid_World,
+ NULL, psa, &sd_size);
+ free_sec_acl(&psa);
+ }
if (!psd) {
DEBUG(0,("construct_default_printer_sd: Failed to make SEC_DESC.\n"));
@@ -1506,6 +1517,8 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void)
sdb = make_sec_desc_buf(sd_size, psd);
+ DEBUG(4,("construct_default_printer_sdb: size = %u.\n", (unsigned int)sd_size));
+
free_sec_desc(&psd);
return sdb;
}
diff --git a/source3/rpc_parse/parse_prs.c b/source3/rpc_parse/parse_prs.c
index d277182043..b7fe19f9ab 100644
--- a/source3/rpc_parse/parse_prs.c
+++ b/source3/rpc_parse/parse_prs.c
@@ -201,6 +201,9 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space)
if(UNMARSHALLING(ps) || !ps->is_dynamic) {
DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n",
(unsigned int)extra_space));
+ /* JRATEST */
+ smb_panic("prs_grow");
+ /* JRATEST */
return False;
}
diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c
index 51cf52f706..25450e0b19 100644
--- a/source3/rpc_parse/parse_sec.c
+++ b/source3/rpc_parse/parse_sec.c
@@ -431,11 +431,16 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth)
psd = *ppsd;
- if(UNMARSHALLING(ps) && psd == NULL) {
- if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL)
- return False;
- ZERO_STRUCTP(psd);
- *ppsd = psd;
+ if (psd == NULL) {
+ if(UNMARSHALLING(ps)) {
+ if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL)
+ return False;
+ ZERO_STRUCTP(psd);
+ *ppsd = psd;
+ } else {
+ /* Marshalling - just ignore. */
+ return True;
+ }
}
prs_debug(ps, depth, desc, "sec_io_desc");
@@ -629,7 +634,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth
old_offset = prs_offset(ps);
/* reading, length is non-zero; writing, descriptor is non-NULL */
- if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) {
+ if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) {
if(!sec_io_desc("sec ", &psdb->sec, ps, depth))
return False;
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b341dbe12a..e3552c3879 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1971,6 +1971,8 @@ static BOOL construct_printer_info_3(fstring servername,
DEBUG(0,("construct_printer_info_3: malloc fail.\n"));
return False;
}
+
+ ZERO_STRUCTP(printer);
printer->flags = 4; /* This is the offset to the SEC_DESC. */
if (ntprinter->info_2->secdesc_buf->len != 0) {
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index fe2cc3ae7d..cfc0e08d47 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -776,6 +776,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
desc.subcount = count;
fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status);
} else if(uLevel == 0) {
+#if 0
/*
* This is a *disgusting* hack.
* This is *so* bad that even I'm embarrassed (and I
@@ -795,6 +796,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn,
*/
fail_next_srvsvc_open();
+#endif
}
*rdata_len = desc.usedlen;
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e3874e1b3e..aad09a75b6 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -487,6 +487,7 @@ to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access,
return smb_open_mode;
}
+#if 0
/*
* This is a *disgusting* hack.
* This is *so* bad that even I'm embarrassed (and I
@@ -547,7 +548,7 @@ BOOL should_fail_next_srvsvc_open(const char *pipename)
}
return False;
}
-
+#endif
/****************************************************************************
Reply to an NT create and X call on a pipe.
@@ -573,8 +574,10 @@ static int nt_open_pipe(char *fname, connection_struct *conn,
/* Strip \\ off the name. */
fname++;
+#if 0
if(should_fail_next_srvsvc_open(fname))
return (ERROR(ERRSRV,ERRaccess));
+#endif
DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname));
diff --git a/source3/smbd/pipes.c b/source3/smbd/pipes.c
index c1d5c261fe..df7141764c 100644
--- a/source3/smbd/pipes.c
+++ b/source3/smbd/pipes.c
@@ -74,11 +74,13 @@ int reply_open_pipe_and_X(connection_struct *conn,
/* Strip \PIPE\ off the name. */
pstrcpy(fname,smb_buf(inbuf) + PIPELEN);
+#if 0
/*
* Hack for NT printers... JRA.
*/
if(should_fail_next_srvsvc_open(fname))
return(ERROR(ERRSRV,ERRaccess));
+#endif
/* Known pipes arrive with DIR attribs. Remove it so a regular file */
/* can be opened and add it in after the open. */
diff --git a/source3/tdb/tdbutil.c b/source3/tdb/tdbutil.c
index 5675061b37..d2eb6b5ec7 100644
--- a/source3/tdb/tdbutil.c
+++ b/source3/tdb/tdbutil.c
@@ -258,8 +258,8 @@ int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
TDB_DATA kbuf, dbuf;
kbuf.dptr = keystr;
kbuf.dsize = strlen(keystr)+1;
- dbuf.dptr = ps->data_p;
- dbuf.dsize = ps->data_offset;
+ dbuf.dptr = prs_data_p(ps);
+ dbuf.dsize = prs_offset(ps);
return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE);
}
@@ -275,12 +275,8 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps)
if (!dbuf.dptr) return -1;
ZERO_STRUCTP(ps);
- ps->io = UNMARSHALL;
- ps->align = 4;
- ps->data_p = dbuf.dptr;
- ps->data_offset = 0;
- ps->buffer_size = dbuf.dsize;
- ps->grow_size = dbuf.dsize;
+ prs_init(ps, 0, 4, UNMARSHALL);
+ prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True);
return 0;
}