From ec1c58fcc0dc19138fe04533484b8acffef2cf0f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Sat, 24 Jun 2000 00:15:08 +0000
Subject: lib/util_sid.c: Uninitialized memory read. rpc_parse/parse_spoolss.c:
 Added note about prs_align when marshalling a SEC_DESC...
 rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone'
 group 						when doing file access with no
 winbindd running. This is a partial 					
 fix - more when I have analysed this more. rpc_server/srv_spoolss_nt.c: Fix
 for the 'change driver' problem ! Hurrah !

Jeremy.
(This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)
---
 source3/lib/util_sid.c              |  2 ++
 source3/rpc_parse/parse_spoolss.c   |  6 ++++--
 source3/rpc_server/srv_lsa.c        |  5 +++++
 source3/rpc_server/srv_spoolss_nt.c | 16 +++++++++-------
 4 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index add2494346..43fd7ecc59 100644
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -344,6 +344,8 @@ void sid_copy(DOM_SID *dst, const DOM_SID *src)
 {
 	int i;
 
+	memset((char *)dst, '\0', sizeof(DOM_SID));
+
 	dst->sid_rev_num = src->sid_rev_num;
 	dst->num_auths = src->num_auths;
 
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index d5f3b1c7c8..86fee3017f 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1694,7 +1694,7 @@ BOOL new_smb_io_printer_info_0(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_0 *i
 ********************************************************************/  
 BOOL new_smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *info, int depth)
 {
-	prs_struct *ps=&(buffer->prs);
+	prs_struct *ps=&buffer->prs;
 
 	prs_debug(ps, depth, desc, "new_smb_io_printer_info_1");
 	depth++;	
@@ -1718,7 +1718,7 @@ BOOL new_smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *i
 ********************************************************************/  
 BOOL new_smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, int depth)
 {
-	prs_struct *ps=&(buffer->prs);
+	prs_struct *ps=&buffer->prs;
 
 	prs_debug(ps, depth, desc, "new_smb_io_printer_info_2");
 	depth++;	
@@ -2355,6 +2355,7 @@ uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info)
 	uint32 size=0;
 		
 	size += 4;
+	/* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
 	size += sec_desc_size( info->secdesc );
 	
 	size+=size_of_device_mode( info->devmode );
@@ -2389,6 +2390,7 @@ return the size required by a struct in the stream
 uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info)
 {
 	/* The 4 is for the self relative pointer.. */
+	/* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
 	return 4 + (uint32)sec_desc_size( info->secdesc );
 }
 
diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5855f6c030..da8929bbc6 100644
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -324,6 +324,11 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
 	if (result == WINBINDD_OK) {
 		parse_domain_user(response.data.name.name, dom_name, name);
 		*name_type = response.data.name.type;
+	} else {
+		sid_copy(&tmp_sid, sid);
+		sid_split_rid(&tmp_sid, &rid);
+		return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+			lookup_local_rid(rid, name, name_type);
 	}
 
 	return (result == WINBINDD_OK);
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b8b25a1ecb..d1ff58404e 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -413,7 +413,7 @@ static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername)
 			if ( !(lp_snum_ok(snum) && lp_print_ok(snum) ) )
 				continue;
 		
-			DEBUGADD(5,("share:%s\n",lp_servicename(snum)));
+			DEBUGADD(5,("set_printer_hnd_printername: share:%s\n",lp_servicename(snum)));
 
 			if (get_a_printer(&printer, 2, lp_servicename(snum))!=0)
 				continue;
@@ -441,7 +441,9 @@ static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername)
 	}
 	
 	snum--;
-	DEBUGADD(4,("Printer found: %s -> %s[%x]\n",printer->info_2->printername, lp_servicename(snum),snum));
+	DEBUGADD(4,("set_printer_hnd_printername: Printer found: %s -> %s[%x]\n",
+			printer->info_2->printername, lp_servicename(snum),snum));
+
 	ZERO_STRUCT(Printer->dev.printername);
 	strncpy(Printer->dev.printername, lp_servicename(snum), strlen(lp_servicename(snum)));
 	
@@ -1667,11 +1669,11 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum, fstring
 	
 	/* the description and the name are of the form \\server\share */
 	slprintf(chaine,sizeof(chaine)-1,"\\\\%s\\%s",servername, ntprinter->info_2->printername);
-							    
-	init_unistr(&(printer->printername), chaine);
+
+	init_unistr(&printer->printername, chaine);
 	
 	slprintf(chaine,sizeof(chaine)-1,"\\\\%s", servername);
-	init_unistr(&(printer->servername), chaine);
+	init_unistr(&printer->servername, chaine);
 	
 	printer->cjobs = count;
 	printer->total_jobs = 0;
@@ -1801,8 +1803,8 @@ static DEVICEMODE *construct_dev_mode(int snum, char *servername)
 		goto fail;
 
 	DEBUGADD(8,("loading DEVICEMODE\n"));
-	snprintf(adevice, sizeof(adevice), "\\\\%s\\%s", global_myname, 
-	                                                 printer->info_2->printername);
+	snprintf(adevice, sizeof(adevice), "%s", printer->info_2->printername);
+
 	init_unistr(&devmode->devicename, adevice);
 
 	snprintf(aform, sizeof(aform), ntdevmode->formname);
-- 
cgit