summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/nt_printing.h2
-rw-r--r--source3/printing/print_cups.c4
-rw-r--r--source3/registry/reg_printing.c2
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c538
4 files changed, 311 insertions, 235 deletions
diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
index 8e8d87bc55..479404d6fd 100644
--- a/source3/include/nt_printing.h
+++ b/source3/include/nt_printing.h
@@ -312,7 +312,7 @@ typedef struct nt_printer_info_level_2
fstring sharename;
fstring portname;
fstring drivername;
- pstring comment;
+ char comment[1024];
fstring location;
NT_DEVICEMODE *devmode;
fstring sepfile;
diff --git a/source3/printing/print_cups.c b/source3/printing/print_cups.c
index 6e62306d67..593c5c7a1f 100644
--- a/source3/printing/print_cups.c
+++ b/source3/printing/print_cups.c
@@ -1298,7 +1298,9 @@ bool cups_pull_comment_location(NT_PRINTER_INFO_LEVEL_2 *printer)
{
DEBUG(5,("cups_pull_comment_location: Using cups comment: %s\n",
attr->values[0].string.text));
- pstrcpy(printer->comment,attr->values[0].string.text);
+ strlcpy(printer->comment,
+ attr->values[0].string.text,
+ sizeof(printer->comment));
}
/* Grab the location if we don't have one */
diff --git a/source3/registry/reg_printing.c b/source3/registry/reg_printing.c
index 8c1de763bd..2ca74f7c16 100644
--- a/source3/registry/reg_printing.c
+++ b/source3/registry/reg_printing.c
@@ -296,7 +296,7 @@ static bool add_printers_by_registry( REGSUBKEY_CTR *subkeys )
if ( snum == -1 ) {
fstrcpy( info2.printername, printername );
fstrcpy( info2.sharename, printername );
- if ( !add_printer_hook( NULL, &printer ) ) {
+ if ( !add_printer_hook(talloc_tos(), NULL, &printer ) ) {
DEBUG(0,("add_printers_by_registry: Failed to add printer [%s]\n",
printername));
}
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index a6f3bfba17..b01f10b71d 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -284,10 +284,11 @@ static bool close_printer_handle(pipes_struct *p, POLICY_HND *hnd)
/****************************************************************************
Delete a printer given a handle.
****************************************************************************/
-WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
+
+WERROR delete_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *sharename )
{
char *cmd = lp_deleteprinter_cmd();
- pstring command;
+ char *command = NULL;
int ret;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
bool is_print_op = False;
@@ -297,8 +298,12 @@ WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
if ( !*cmd )
return WERR_OK;
- pstr_sprintf(command, "%s \"%s\"", cmd, sharename);
-
+ command = talloc_asprintf(ctx,
+ "%s \"%s\"",
+ cmd, sharename);
+ if (!command) {
+ return WERR_NOMEM;
+ }
if ( token )
is_print_op = user_has_privileges( token, &se_printop );
@@ -322,6 +327,8 @@ WERROR delete_printer_hook( NT_USER_TOKEN *token, const char *sharename )
DEBUGADD(10,("returned [%d]\n", ret));
+ TALLOC_FREE(command);
+
if (ret != 0)
return WERR_BADFID; /* What to return here? */
@@ -367,7 +374,7 @@ static WERROR delete_printer_handle(pipes_struct *p, POLICY_HND *hnd)
return WERR_BADFID;
}
- return delete_printer_hook( p->pipe_user.nt_user_token, Printer->sharename );
+ return delete_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, Printer->sharename );
}
/****************************************************************************
@@ -2719,20 +2726,17 @@ void spoolss_notify_server_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->servername, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->servername);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2748,7 +2752,7 @@ void spoolss_notify_printer_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
/* the notify name should not contain the \\server\ part */
@@ -2760,16 +2764,14 @@ void spoolss_notify_printer_name(int snum,
p++;
}
- len = rpcstr_push(temp, p, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, p);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2785,19 +2787,17 @@ void spoolss_notify_share_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, lp_servicename(snum), sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, lp_servicename(snum));
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2814,23 +2814,19 @@ void spoolss_notify_port_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
/* even if it's strange, that's consistant in all the code */
- len = rpcstr_push(temp, printer->info_2->portname, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->portname);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2847,21 +2843,17 @@ void spoolss_notify_driver_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->drivername, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->drivername);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2877,24 +2869,20 @@ void spoolss_notify_comment(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
if (*printer->info_2->comment == '\0')
- len = rpcstr_push(temp, lp_comment(snum), sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, lp_comment(snum));
else
- len = rpcstr_push(temp, printer->info_2->comment, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->comment);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2911,21 +2899,17 @@ void spoolss_notify_location(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->location,sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->location);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2957,21 +2941,17 @@ void spoolss_notify_sepfile(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->sepfile, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->sepfile);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -2988,21 +2968,17 @@ void spoolss_notify_print_processor(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->printprocessor, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->printprocessor);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3019,21 +2995,17 @@ void spoolss_notify_parameters(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->parameters, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->parameters);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3050,21 +3022,17 @@ void spoolss_notify_datatype(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, printer->info_2->datatype, sizeof(pstring)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, printer->info_2->datatype);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3214,21 +3182,17 @@ static void spoolss_notify_username(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, queue->fs_user, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, queue->fs_user);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3258,21 +3222,17 @@ static void spoolss_notify_job_name(int snum,
NT_PRINTER_INFO_LEVEL *printer,
TALLOC_CTX *mem_ctx)
{
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
- len = rpcstr_push(temp, queue->fs_file, sizeof(temp)-2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, queue->fs_file);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3293,7 +3253,7 @@ static void spoolss_notify_job_status_string(int snum,
*/
const char *p = "";
- pstring temp;
+ smb_ucs2_t *temp = NULL;
uint32 len;
#if 0 /* NO LONGER NEEDED - JRA. 02/22/2001 */
@@ -3315,18 +3275,14 @@ static void spoolss_notify_job_status_string(int snum,
}
#endif /* NO LONGER NEEDED. */
- len = rpcstr_push(temp, p, sizeof(temp) - 2, STR_TERMINATE);
+ len = rpcstr_push_talloc(mem_ctx, &temp, p);
+ if (len == (uint32)-1) {
+ len = 0;
+ }
data->notify_data.data.length = len;
if (len) {
- data->notify_data.data.string = (uint16 *)TALLOC(mem_ctx, len);
-
- if (!data->notify_data.data.string) {
- data->notify_data.data.length = 0;
- return;
- }
-
- memcpy(data->notify_data.data.string, temp, len);
+ data->notify_data.data.string = (uint16 *)temp;
} else {
data->notify_data.data.string = NULL;
}
@@ -3954,7 +3910,7 @@ done:
static bool construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *printer, int snum)
{
- pstring chaine;
+ char *chaine = NULL;
int count;
NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
counter_printer_0 *session_counter;
@@ -3962,10 +3918,19 @@ static bool construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *p
struct tm *t;
time_t setuptime;
print_status_struct status;
+ TALLOC_CTX *ctx = talloc_tos();
if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
return False;
+ init_unistr(&printer->printername, ntprinter->info_2->printername);
+
+ chaine = talloc_asprintf(ctx, "\\\\%s", get_server_name(print_hnd));
+ if (!chaine) {
+ free_a_printer(&ntprinter,2);
+ return false;
+ }
+
count = print_queue_length(snum, &status);
/* check if we already have a counter for this printer */
@@ -3974,6 +3939,8 @@ static bool construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *p
break;
}
+ init_unistr(&printer->servername, chaine);
+
/* it's the first time, add it to the list */
if (session_counter==NULL) {
if((session_counter=SMB_MALLOC_P(counter_printer_0)) == NULL) {
@@ -3994,14 +3961,6 @@ static bool construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *p
* and should be zeroed on samba startup
*/
global_counter=session_counter->counter;
-
- pstrcpy(chaine,ntprinter->info_2->printername);
-
- init_unistr(&printer->printername, chaine);
-
- slprintf(chaine,sizeof(chaine)-1,"\\\\%s", get_server_name(print_hnd));
- init_unistr(&printer->servername, chaine);
-
printer->cjobs = count;
printer->total_jobs = 0;
printer->total_bytes = 0;
@@ -4059,30 +4018,35 @@ static bool construct_printer_info_0(Printer_entry *print_hnd, PRINTER_INFO_0 *p
********************************************************************/
static bool construct_printer_info_1(Printer_entry *print_hnd, uint32 flags, PRINTER_INFO_1 *printer, int snum)
{
- pstring chaine;
- pstring chaine2;
+ char *chaine = NULL;
NT_PRINTER_INFO_LEVEL *ntprinter = NULL;
+ TALLOC_CTX *ctx = talloc_tos();
if (!W_ERROR_IS_OK(get_a_printer(print_hnd, &ntprinter, 2, lp_const_servicename(snum))))
- return False;
+ return false;
printer->flags=flags;
if (*ntprinter->info_2->comment == '\0') {
init_unistr(&printer->comment, lp_comment(snum));
- slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername,
- ntprinter->info_2->drivername, lp_comment(snum));
+ chaine = talloc_asprintf(ctx,
+ "%s,%s,%s", ntprinter->info_2->printername,
+ ntprinter->info_2->drivername, lp_comment(snum));
}
else {
init_unistr(&printer->comment, ntprinter->info_2->comment); /* saved comment. */
- slprintf(chaine,sizeof(chaine)-1,"%s,%s,%s", ntprinter->info_2->printername,
- ntprinter->info_2->drivername, ntprinter->info_2->comment);
+ chaine = talloc_asprintf(ctx,
+ "%s,%s,%s", ntprinter->info_2->printername,
+ ntprinter->info_2->drivername, ntprinter->info_2->comment);
}
- slprintf(chaine2,sizeof(chaine)-1,"%s", ntprinter->info_2->printername);
+ if (!chaine) {
+ free_a_printer(&ntprinter,2);
+ return false;
+ }
init_unistr(&printer->description, chaine);
- init_unistr(&printer->name, chaine2);
+ init_unistr(&printer->name, ntprinter->info_2->printername);
free_a_printer(&ntprinter,2);
@@ -5160,7 +5124,8 @@ static WERROR construct_printer_driver_info_1(DRIVER_INFO_1 *info, int snum, fst
static void fill_printer_driver_info_2(DRIVER_INFO_2 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
{
- pstring temp;
+ TALLOC_CTX *ctx = talloc_tos();
+ char *temp = NULL;
info->version=driver.info_3->cversion;
@@ -5168,20 +5133,32 @@ static void fill_printer_driver_info_2(DRIVER_INFO_2 *info, NT_PRINTER_DRIVER_IN
init_unistr( &info->architecture, driver.info_3->environment );
- if (strlen(driver.info_3->driverpath)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);
+ if (strlen(driver.info_3->driverpath)) {
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->driverpath);
init_unistr( &info->driverpath, temp );
- } else
- init_unistr( &info->driverpath, "" );
+ } else {
+ init_unistr( &info->driverpath, "" );
+ }
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->datafile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->datafile);
init_unistr( &info->datafile, temp );
} else
init_unistr( &info->datafile, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->configfile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->configfile);
init_unistr( &info->configfile, temp );
} else
init_unistr( &info->configfile, "" );
@@ -5226,17 +5203,16 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c
int i=0;
int j=0;
const char *v;
- pstring line;
+ char *line = NULL;
+ TALLOC_CTX *ctx = talloc_tos();
DEBUG(6,("init_unistr_array\n"));
*uni_array=NULL;
- while (True)
- {
- if ( !char_array )
+ while (true) {
+ if ( !char_array ) {
v = "";
- else
- {
+ } else {
v = char_array[i];
if (!v)
v = ""; /* hack to handle null lists */
@@ -5244,12 +5220,21 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c
/* hack to allow this to be used in places other than when generating
the list of dependent files */
-
- if ( servername )
- slprintf( line, sizeof(line)-1, "\\\\%s%s", servername, v );
- else
- pstrcpy( line, v );
+ TALLOC_FREE(line);
+ if ( servername ) {
+ line = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ v);
+ } else {
+ line = talloc_strdup(ctx, v);
+ }
+
+ if (!line) {
+ SAFE_FREE(*uni_array);
+ return 0;
+ }
DEBUGADD(6,("%d:%s:%lu\n", i, line, (unsigned long)strlen(line)));
/* add one extra unit16 for the second terminating NULL */
@@ -5287,7 +5272,8 @@ static uint32 init_unistr_array(uint16 **uni_array, fstring *char_array, const c
static void fill_printer_driver_info_3(DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
{
- pstring temp;
+ char *temp = NULL;
+ TALLOC_CTX *ctx = talloc_tos();
ZERO_STRUCTP(info);
@@ -5297,29 +5283,45 @@ static void fill_printer_driver_info_3(DRIVER_INFO_3 *info, NT_PRINTER_DRIVER_IN
init_unistr( &info->architecture, driver.info_3->environment );
if (strlen(driver.info_3->driverpath)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->driverpath);
init_unistr( &info->driverpath, temp );
} else
init_unistr( &info->driverpath, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->datafile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->datafile);
init_unistr( &info->datafile, temp );
} else
init_unistr( &info->datafile, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->configfile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->configfile);
init_unistr( &info->configfile, temp );
} else
init_unistr( &info->configfile, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->helpfile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->helpfile);
init_unistr( &info->helpfile, temp );
} else
init_unistr( &info->helpfile, "" );
+ TALLOC_FREE(temp);
init_unistr( &info->monitorname, driver.info_3->monitorname );
init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype );
@@ -5393,8 +5395,9 @@ static WERROR construct_printer_driver_info_3(DRIVER_INFO_3 *info, int snum, fst
static void fill_printer_driver_info_6(DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_INFO_LEVEL driver, fstring servername)
{
- pstring temp;
+ char *temp = NULL;
fstring nullstr;
+ TALLOC_CTX *ctx = talloc_tos();
ZERO_STRUCTP(info);
memset(&nullstr, '\0', sizeof(fstring));
@@ -5405,29 +5408,45 @@ static void fill_printer_driver_info_6(DRIVER_INFO_6 *info, NT_PRINTER_DRIVER_IN
init_unistr( &info->architecture, driver.info_3->environment );
if (strlen(driver.info_3->driverpath)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->driverpath);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->driverpath);
init_unistr( &info->driverpath, temp );
} else
init_unistr( &info->driverpath, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->datafile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->datafile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->datafile);
init_unistr( &info->datafile, temp );
} else
init_unistr( &info->datafile, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->configfile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->configfile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->configfile);
init_unistr( &info->configfile, temp );
} else
init_unistr( &info->configfile, "" );
+ TALLOC_FREE(temp);
if (strlen(driver.info_3->helpfile)) {
- slprintf(temp, sizeof(temp)-1, "\\\\%s%s", servername, driver.info_3->helpfile);
+ temp = talloc_asprintf(ctx,
+ "\\\\%s%s",
+ servername,
+ driver.info_3->helpfile);
init_unistr( &info->helpfile, temp );
} else
init_unistr( &info->helpfile, "" );
+ TALLOC_FREE(temp);
init_unistr( &info->monitorname, driver.info_3->monitorname );
init_unistr( &info->defaultdatatype, driver.info_3->defaultdatatype );
@@ -5786,10 +5805,10 @@ WERROR _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, S
POLICY_HND *handle = &q_u->handle;
DOC_INFO *docinfo = &q_u->doc_info_container.docinfo;
uint32 *jobid = &r_u->jobid;
-
+ TALLOC_CTX *ctx = p->mem_ctx;
DOC_INFO_1 *info_1 = &docinfo->doc_info_1;
int snum;
- pstring jobname;
+ char *jobname = NULL;
fstring datatype;
Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
@@ -5819,7 +5838,7 @@ WERROR _spoolss_startdocprinter(pipes_struct *p, SPOOL_Q_STARTDOCPRINTER *q_u, S
return WERR_BADFID;
}
- unistr2_to_ascii(jobname, &info_1->docname, sizeof(jobname));
+ jobname = unistr2_to_ascii_talloc(ctx, &info_1->docname);
Printer->jobid = print_job_start(&p->pipe_user, snum, jobname, Printer->nt_devmode);
@@ -6109,10 +6128,10 @@ static bool check_printer_ok(NT_PRINTER_INFO_LEVEL_2 *info, int snum)
/****************************************************************************
****************************************************************************/
-WERROR add_port_hook(NT_USER_TOKEN *token, const char *portname, const char *uri )
+WERROR add_port_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, const char *portname, const char *uri )
{
char *cmd = lp_addport_cmd();
- pstring command;
+ char *command = NULL;
int ret;
int fd;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
@@ -6122,7 +6141,11 @@ WERROR add_port_hook(NT_USER_TOKEN *token, const char *portname, const char *uri
return WERR_ACCESS_DENIED;
}
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\"", cmd, portname, uri );
+ command = talloc_asprintf(ctx,
+ "%s \"%s\" \"%s\"", cmd, portname, uri );
+ if (!command) {
+ return WERR_NOMEM;
+ }
if ( token )
is_print_op = user_has_privileges( token, &se_printop );
@@ -6143,6 +6166,8 @@ WERROR add_port_hook(NT_USER_TOKEN *token, const char *portname, const char *uri
DEBUGADD(10,("returned [%d]\n", ret));
+ TALLOC_FREE(command);
+
if ( ret != 0 ) {
if (fd != -1)
close(fd);
@@ -6155,26 +6180,37 @@ WERROR add_port_hook(NT_USER_TOKEN *token, const char *portname, const char *uri
/****************************************************************************
****************************************************************************/
-bool add_printer_hook(NT_USER_TOKEN *token, NT_PRINTER_INFO_LEVEL *printer)
+bool add_printer_hook(TALLOC_CTX *ctx, NT_USER_TOKEN *token, NT_PRINTER_INFO_LEVEL *printer)
{
char *cmd = lp_addprinter_cmd();
char **qlines;
- pstring command;
+ char *command = NULL;
int numlines;
int ret;
int fd;
- fstring remote_machine = "%m";
SE_PRIV se_printop = SE_PRINT_OPERATOR;
bool is_print_op = False;
+ char *remote_machine = talloc_strdup(ctx, "%m");
- standard_sub_basic(current_user_info.smb_name,
- current_user_info.domain,
- remote_machine,sizeof(remote_machine));
+ if (!remote_machine) {
+ return false;
+ }
+ remote_machine = talloc_sub_basic(ctx,
+ current_user_info.smb_name,
+ current_user_info.domain,
+ remote_machine);
+ if (!remote_machine) {
+ return false;
+ }
- slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"",
+ command = talloc_asprintf(ctx,
+ "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"",
cmd, printer->info_2->printername, printer->info_2->sharename,
printer->info_2->portname, printer->info_2->drivername,
printer->info_2->location, printer->info_2->comment, remote_machine);
+ if (!command) {
+ return false;
+ }
if ( token )
is_print_op = user_has_privileges( token, &se_printop );
@@ -6199,6 +6235,9 @@ bool add_printer_hook(NT_USER_TOKEN *token, NT_PRINTER_INFO_LEVEL *printer)
DEBUGADD(10,("returned [%d]\n", ret));
+ TALLOC_FREE(command);
+ TALLOC_FREE(remote_machine);
+
if ( ret != 0 ) {
if (fd != -1)
close(fd);
@@ -6318,7 +6357,7 @@ static WERROR update_printer(pipes_struct *p, POLICY_HND *handle, uint32 level,
{
/* add_printer_hook() will call reload_services() */
- if ( !add_printer_hook(p->pipe_user.nt_user_token, printer) ) {
+ if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) {
result = WERR_ACCESS_DENIED;
goto done;
}
@@ -7395,11 +7434,11 @@ static void fill_port_2(PORT_INFO_2 *port, const char *name)
wrapper around the enumer ports command
****************************************************************************/
-WERROR enumports_hook( int *count, char ***lines )
+WERROR enumports_hook(TALLOC_CTX *ctx, int *count, char ***lines )
{
char *cmd = lp_enumports_cmd();
- char **qlines;
- pstring command;
+ char **qlines = NULL;
+ char *command = NULL;
int numlines;
int ret;
int fd;
@@ -7423,11 +7462,15 @@ WERROR enumports_hook( int *count, char ***lines )
else {
/* we have a valid enumport command */
- slprintf(command, sizeof(command)-1, "%s \"%d\"", cmd, 1);
+ command = talloc_asprintf(ctx, "%s \"%d\"", cmd, 1);
+ if (!command) {
+ return WERR_NOMEM;
+ }
DEBUG(10,("Running [%s]\n", command));
ret = smbrun(command, &fd);
DEBUG(10,("Returned [%d]\n", ret));
+ TALLOC_FREE(command);
if (ret != 0) {
if (fd != -1) {
close(fd);
@@ -7459,7 +7502,7 @@ static WERROR enumports_level_1(RPC_BUFFER *buffer, uint32 offered, uint32 *need
char **qlines = NULL;
int numlines = 0;
- result = enumports_hook( &numlines, &qlines );
+ result = enumports_hook(talloc_tos(), &numlines, &qlines );
if (!W_ERROR_IS_OK(result)) {
file_lines_free(qlines);
return result;
@@ -7525,7 +7568,7 @@ static WERROR enumports_level_2(RPC_BUFFER *buffer, uint32 offered, uint32 *need
char **qlines = NULL;
int numlines = 0;
- result = enumports_hook( &numlines, &qlines );
+ result = enumports_hook(talloc_tos(), &numlines, &qlines );
if ( !W_ERROR_IS_OK(result)) {
file_lines_free(qlines);
return result;
@@ -7652,7 +7695,7 @@ static WERROR spoolss_addprinterex_level_2( pipes_struct *p, const UNISTR2 *uni_
trying to add a printer like this --jerry */
if (*lp_addprinter_cmd() ) {
- if ( !add_printer_hook(p->pipe_user.nt_user_token, printer) ) {
+ if ( !add_printer_hook(p->mem_ctx, p->pipe_user.nt_user_token, printer) ) {
free_a_printer(&printer,2);
return WERR_ACCESS_DENIED;
}
@@ -7916,16 +7959,23 @@ static void fill_driverdir_1(DRIVER_DIRECTORY_1 *info, char *name)
static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environment, RPC_BUFFER *buffer, uint32 offered, uint32 *needed)
{
- pstring path;
- pstring long_archi;
- fstring servername;
- char *pservername;
+ char *path = NULL;
+ char *long_archi = NULL;
+ char *servername = NULL;
+ char *pservername = NULL;
const char *short_archi;
DRIVER_DIRECTORY_1 *info=NULL;
WERROR result = WERR_OK;
+ TALLOC_CTX *ctx = talloc_tos();
- unistr2_to_ascii(servername, name, sizeof(servername));
- unistr2_to_ascii(long_archi, uni_environment, sizeof(long_archi));
+ servername = unistr2_to_ascii_talloc(ctx, name);
+ if (!servername) {
+ return WERR_NOMEM;
+ }
+ long_archi = unistr2_to_ascii_talloc(ctx, uni_environment);
+ if (!long_archi) {
+ return WERR_NOMEM;
+ }
/* check for beginning double '\'s and that the server
long enough */
@@ -7944,7 +7994,12 @@ static WERROR getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen
if((info=SMB_MALLOC_P(DRIVER_DIRECTORY_1)) == NULL)
return WERR_NOMEM;
- slprintf(path, sizeof(path)-1, "\\\\%s\\print$\\%s", pservername, short_archi);
+ path = talloc_asprintf(ctx,
+ "\\\\%s\\print$\\%s", pservername, short_archi);
+ if (!path) {
+ result = WERR_NOMEM;
+ goto out;
+ }
DEBUG(4,("printer driver directory: [%s]\n", path));
@@ -8313,7 +8368,8 @@ WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_
int snum=0;
WERROR status = WERR_OK;
Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
- pstring valuename;
+ char *valuename = NULL;
+ TALLOC_CTX *ctx = p->mem_ctx;
DEBUG(5,("spoolss_deleteprinterdata\n"));
@@ -8334,7 +8390,11 @@ WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_
if (!W_ERROR_IS_OK(status))
return status;
- unistr2_to_ascii(valuename, value, sizeof(valuename));
+ valuename = unistr2_to_ascii_talloc(ctx, value);
+ if (!valuename) {
+ free_a_printer(&printer, 2);
+ return WERR_NOMEM;
+ }
status = delete_printer_dataex( printer, SPOOL_PRINTERDATA_KEY, valuename );
@@ -8342,6 +8402,7 @@ WERROR _spoolss_deleteprinterdata(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATA *q_
mod_a_printer( printer, 2 );
free_a_printer(&printer, 2);
+ TALLOC_FREE(valuename);
return status;
}
@@ -9245,7 +9306,9 @@ WERROR _spoolss_deleteprinterdataex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATAEX
int snum=0;
WERROR status = WERR_OK;
Printer_entry *Printer=find_printer_index_by_hnd(p, handle);
- pstring valuename, keyname;
+ char *valuename = NULL;
+ char *keyname = NULL;
+ TALLOC_CTX *ctx = p->mem_ctx;
DEBUG(5,("spoolss_deleteprinterdataex\n"));
@@ -9262,13 +9325,16 @@ WERROR _spoolss_deleteprinterdataex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDATAEX
return WERR_ACCESS_DENIED;
}
+ valuename = unistr2_to_ascii_talloc(ctx, value);
+ keyname = unistr2_to_ascii_talloc(ctx, key);
+ if (!valuename || !keyname) {
+ return WERR_NOMEM;
+ }
+
status = get_a_printer(Printer, &printer, 2, lp_const_servicename(snum));
if (!W_ERROR_IS_OK(status))
return status;
- unistr2_to_ascii(valuename, value, sizeof(valuename));
- unistr2_to_ascii(keyname, key, sizeof(keyname));
-
status = delete_printer_dataex( printer, keyname, valuename );
if ( W_ERROR_IS_OK(status) )
@@ -9562,7 +9628,7 @@ done:
/****************************************************************************
****************************************************************************/
-static void fill_printprocessordirectory_1(PRINTPROCESSOR_DIRECTORY_1 *info, char *name)
+static void fill_printprocessordirectory_1(PRINTPROCESSOR_DIRECTORY_1 *info, const char *name)
{
init_unistr(&info->name, name);
}
@@ -9573,12 +9639,15 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name,
uint32 offered,
uint32 *needed)
{
- pstring path;
- pstring long_archi;
+ char *long_archi = NULL;
PRINTPROCESSOR_DIRECTORY_1 *info=NULL;
WERROR result = WERR_OK;
+ TALLOC_CTX *ctx = talloc_tos();
- unistr2_to_ascii(long_archi, environment, sizeof(long_archi));
+ long_archi = unistr2_to_ascii_talloc(ctx, environment);
+ if (!long_archi) {
+ return WERR_NOMEM;
+ }
if (!get_short_archi(long_archi))
return WERR_INVALID_ENVIRONMENT;
@@ -9586,9 +9655,7 @@ static WERROR getprintprocessordirectory_level_1(UNISTR2 *name,
if((info=SMB_MALLOC_P(PRINTPROCESSOR_DIRECTORY_1)) == NULL)
return WERR_NOMEM;
- pstrcpy(path, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86");
-
- fill_printprocessordirectory_1(info, path);
+ fill_printprocessordirectory_1(info, "C:\\WINNT\\System32\\spool\\PRTPROCS\\W32X86");
*needed += spoolss_size_printprocessordirectory_info_1(info);
@@ -9673,7 +9740,8 @@ static WERROR xcvtcp_addport( NT_USER_TOKEN *token, RPC_BUFFER *in,
RPC_BUFFER *out, uint32 *needed )
{
NT_PORT_DATA_1 port1;
- pstring device_uri;
+ TALLOC_CTX *ctx = talloc_tos();
+ char *device_uri = NULL;
ZERO_STRUCT( port1 );
@@ -9687,18 +9755,24 @@ static WERROR xcvtcp_addport( NT_USER_TOKEN *token, RPC_BUFFER *in,
switch ( port1.protocol ) {
case PORT_PROTOCOL_DIRECT:
- pstr_sprintf( device_uri, "socket://%s:%d/", port1.hostaddr, port1.port );
+ device_uri = talloc_asprintf(ctx,
+ "socket://%s:%d/", port1.hostaddr, port1.port );
break;
case PORT_PROTOCOL_LPR:
- pstr_sprintf( device_uri, "lpr://%s/%s", port1.hostaddr, port1.queue );
+ device_uri = talloc_asprintf(ctx,
+ "lpr://%s/%s", port1.hostaddr, port1.queue );
break;
default:
return WERR_UNKNOWN_PORT;
}
- return add_port_hook( token, port1.name, device_uri );
+ if (!device_uri) {
+ return WERR_NOMEM;
+ }
+
+ return add_port_hook(ctx, token, port1.name, device_uri );
}
/*******************************************************************