From 79bfb14318423f5a26a4d0dc6fc6faa62b1401f8 Mon Sep 17 00:00:00 2001
From: Jean-François Micouleau <jfm@samba.org>
Date: Mon, 13 Mar 2000 11:09:20 +0000
Subject: parse correctly getprinterdriver2 found a stupid bug in enumprinters
 fixed some memleaks found a coredump in enumprinterdata getprinterdriverdir
 responds correctly now.

	J.F.
(This used to be commit 07f2e194ba61e72320636fb7e5d0f041e255868b)
---
 source3/include/proto.h             |  7 +--
 source3/include/rpc_spoolss.h       |  7 +--
 source3/rpc_parse/parse_spoolss.c   | 14 +++---
 source3/rpc_server/srv_spoolss.c    |  5 ++-
 source3/rpc_server/srv_spoolss_nt.c | 85 +++++++++++++++++++------------------
 5 files changed, 63 insertions(+), 55 deletions(-)

(limited to 'source3')

diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5db9f300d2..1d8bf77020 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -2651,9 +2651,10 @@ uint32 _spoolss_enumprinters( uint32 flags, const UNISTR2 *servername, uint32 le
 			      uint32 *needed, uint32 *returned);
 uint32 _spoolss_getprinter(POLICY_HND *handle, uint32 level,
 			   NEW_BUFFER *buffer, uint32 offered, uint32 *needed);
-uint32 _spoolss_getprinterdriver2(const POLICY_HND *handle, const UNISTR2 *uni_arch, uint32 level, uint32 unknown,
+uint32 _spoolss_getprinterdriver2(const POLICY_HND *handle, const UNISTR2 *uni_arch, uint32 level, 
+				uint32 clientmajorversion, uint32 clientminorversion,
 				NEW_BUFFER *buffer, uint32 offered,
-				uint32 *needed, uint32 *unknown0, uint32 *unknown1);
+				uint32 *needed, uint32 *servermajorversion, uint32 *serverminorversion);
 uint32 _spoolss_startpageprinter(const POLICY_HND *handle);
 uint32 _spoolss_endpageprinter(const POLICY_HND *handle);
 uint32 _spoolss_startdocprinter( const POLICY_HND *handle, uint32 level,
@@ -2691,7 +2692,7 @@ uint32 _spoolss_enumports( UNISTR2 *name, uint32 level,
 uint32 _spoolss_addprinterex( const UNISTR2 *uni_srv_name, uint32 level,
 				const SPOOL_PRINTER_INFO_LEVEL *info,
 				uint32 unk0, uint32 unk1, uint32 unk2, uint32 unk3,
-				uint32 user_switch, const  SPOOL_USER_CTR *user,
+				uint32 user_switch, const SPOOL_USER_CTR *user,
 				POLICY_HND *handle);
 uint32 _spoolss_addprinterdriver( const UNISTR2 *server_name,
 				uint32 level,
diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h
index 43e5e40738..aef9afd590 100755
--- a/source3/include/rpc_spoolss.h
+++ b/source3/include/rpc_spoolss.h
@@ -908,7 +908,8 @@ typedef struct spool_q_getprinterdriver2
 	uint32 level;
 	NEW_BUFFER *buffer;
 	uint32 offered;
-	uint32 unknown;
+	uint32 clientmajorversion;
+	uint32 clientminorversion;
 }
 SPOOL_Q_GETPRINTERDRIVER2;
 
@@ -916,8 +917,8 @@ typedef struct spool_r_getprinterdriver2
 {
 	NEW_BUFFER *buffer;
 	uint32 needed;
-	uint32 unknown0;
-	uint32 unknown1;
+	uint32 servermajorversion;
+	uint32 serverminorversion;
 	uint32 status;
 }
 SPOOL_R_GETPRINTERDRIVER2;
diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index 902cc058c3..85d295eb3f 100644
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1933,7 +1933,7 @@ BOOL new_smb_io_driverdir_1(char *desc, NEW_BUFFER *buffer, DRIVER_DIRECTORY_1 *
 
 	buffer->struct_start=prs_offset(ps);
 
-	if(!new_smb_io_relstr("name", buffer, depth, &info->name))
+	if (!spoolss_smb_io_unistr(desc, &info->name, ps, depth))
 		return False;
 
 	return True;
@@ -2318,7 +2318,9 @@ uint32 spoolss_size_driverdir_info_1(DRIVER_DIRECTORY_1 *info)
 {
 	int size=0;
 
-	size+=size_of_relative_string( &info->name );
+	size=str_len_uni(&info->name);	/* the string length       */
+	size=size+1;			/* add the leading zero    */
+	size=size*2;			/* convert in char         */
 
 	return size;
 }
@@ -2419,7 +2421,9 @@ BOOL spoolss_io_q_getprinterdriver2(char *desc, SPOOL_Q_GETPRINTERDRIVER2 *q_u,
 	if(!prs_uint32("offered", ps, depth, &q_u->offered))
 		return False;
 		
-	if(!prs_uint32("unknown", ps, depth, &q_u->unknown))
+	if(!prs_uint32("clientmajorversion", ps, depth, &q_u->clientmajorversion))
+		return False;
+	if(!prs_uint32("clientminorversion", ps, depth, &q_u->clientminorversion))
 		return False;
 
 	return True;
@@ -2444,9 +2448,9 @@ BOOL spoolss_io_r_getprinterdriver2(char *desc, SPOOL_R_GETPRINTERDRIVER2 *r_u,
 		return False;
 	if (!prs_uint32("needed", ps, depth, &r_u->needed))
 		return False;
-	if (!prs_uint32("unknown0", ps, depth, &r_u->unknown0))
+	if (!prs_uint32("servermajorversion", ps, depth, &r_u->servermajorversion))
 		return False;
-	if (!prs_uint32("unknown1", ps, depth, &r_u->unknown1))
+	if (!prs_uint32("serverminorversion", ps, depth, &r_u->serverminorversion))
 		return False;		
 	if (!prs_uint32("status", ps, depth, &r_u->status))
 		return False;
diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c
index 75493b7a30..1cf187d825 100755
--- a/source3/rpc_server/srv_spoolss.c
+++ b/source3/rpc_server/srv_spoolss.c
@@ -286,9 +286,10 @@ static BOOL api_spoolss_getprinterdriver2(uint16 vuid, prs_struct *data, prs_str
 	/* that's an [in out] buffer */
 	new_spoolss_move_buffer(q_u.buffer, &r_u.buffer);
 
-	r_u.status = _spoolss_getprinterdriver2(&q_u.handle, &q_u.architecture, q_u.level, q_u.unknown,
+	r_u.status = _spoolss_getprinterdriver2(&q_u.handle, &q_u.architecture, q_u.level, 
+						q_u.clientmajorversion, q_u.clientminorversion,
 						r_u.buffer, q_u.offered,
-						&r_u.needed, &r_u.unknown0, &r_u.unknown1);
+						&r_u.needed, &r_u.servermajorversion, &r_u.serverminorversion);
 	
 	if(!spoolss_io_r_getprinterdriver2("",&r_u,rdata,0)) {
 		DEBUG(0,("spoolss_io_r_getprinterdriver2: unable to marshall SPOOL_R_GETPRINTERDRIVER2.\n"));
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index ef0b7fad9b..d0fc839154 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1991,19 +1991,15 @@ static uint32 enumprinters_level2( uint32 flags, fstring servername,
 	fstrcat(temp, global_myname);
 
 	if (flags & PRINTER_ENUM_LOCAL) {
-		if (!strcmp(servername, temp)) {
-			fstrcat(temp, "\\");
+		if (!strcmp(servername, temp))
 			return enum_all_printers_info_2(temp, buffer, offered, needed, returned);
-		}
 		else
 			return enum_all_printers_info_2("", buffer, offered, needed, returned);
 	}
 
 	if (flags & PRINTER_ENUM_NAME) {
-		if (!strcmp(servername, temp)) {
-			fstrcat(temp, "\\");
+		if (!strcmp(servername, temp))
 			return enum_all_printers_info_2(temp, buffer, offered, needed, returned);
-		}
 		else
 			return ERROR_INVALID_NAME;
 	}
@@ -2055,6 +2051,7 @@ uint32 _spoolss_enumprinters( uint32 flags, const UNISTR2 *servername, uint32 le
 	 */
 
 	unistr2_to_ascii(name, servername, sizeof(name)-1);
+	strupper(name);
 
 	switch (level) {
 	case 1:
@@ -2391,8 +2388,10 @@ static uint32 getprinterdriver2_level1(pstring servername, pstring architecture,
 	/* check the required size. */	
 	*needed += spoolss_size_printer_driver_info_1(info);
 
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(info);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	/* fill the buffer with the structures */
 	new_smb_io_printer_driver_info_1("", buffer, info, 0);	
@@ -2400,9 +2399,8 @@ static uint32 getprinterdriver2_level1(pstring servername, pstring architecture,
 	/* clear memory */
 	safe_free(info);
 
-	if (*needed > offered) {
+	if (*needed > offered)
 		return ERROR_INSUFFICIENT_BUFFER;
-	}
 	else
 		return NT_STATUS_NO_PROBLEMO;
 }
@@ -2420,8 +2418,10 @@ static uint32 getprinterdriver2_level2(pstring servername, pstring architecture,
 	/* check the required size. */	
 	*needed += spoolss_size_printer_driver_info_2(info);
 
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(info);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	/* fill the buffer with the structures */
 	new_smb_io_printer_driver_info_2("", buffer, info, 0);	
@@ -2429,9 +2429,8 @@ static uint32 getprinterdriver2_level2(pstring servername, pstring architecture,
 	/* clear memory */
 	safe_free(info);
 
-	if (*needed > offered) {
+	if (*needed > offered)
 		return ERROR_INSUFFICIENT_BUFFER;
-	}
 	else
 		return NT_STATUS_NO_PROBLEMO;
 }
@@ -2449,8 +2448,10 @@ static uint32 getprinterdriver2_level3(pstring servername, pstring architecture,
 	/* check the required size. */	
 	*needed += spoolss_size_printer_driver_info_3(info);
 
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(info);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	/* fill the buffer with the structures */
 	new_smb_io_printer_driver_info_3("", buffer, info, 0);	
@@ -2458,18 +2459,18 @@ static uint32 getprinterdriver2_level3(pstring servername, pstring architecture,
 	/* clear memory */
 	safe_free(info);
 
-	if (*needed > offered) {
+	if (*needed > offered)
 		return ERROR_INSUFFICIENT_BUFFER;
-	}
 	else
 		return NT_STATUS_NO_PROBLEMO;
 }
 
 /****************************************************************************
 ****************************************************************************/
-uint32 _spoolss_getprinterdriver2(const POLICY_HND *handle, const UNISTR2 *uni_arch, uint32 level, uint32 unknown,
+uint32 _spoolss_getprinterdriver2(const POLICY_HND *handle, const UNISTR2 *uni_arch, uint32 level, 
+				uint32 clientmajorversion, uint32 clientminorversion,
 				NEW_BUFFER *buffer, uint32 offered,
-				uint32 *needed, uint32 *unknown0, uint32 *unknown1)
+				uint32 *needed, uint32 *servermajorversion, uint32 *serverminorversion)
 {
 	pstring servername;
 	fstring architecture;
@@ -2478,16 +2479,14 @@ uint32 _spoolss_getprinterdriver2(const POLICY_HND *handle, const UNISTR2 *uni_a
 	DEBUG(4,("_spoolss_getprinterdriver2\n"));
 
 	*needed=0;
-	*unknown0=0;
-	*unknown1=0;
+	*servermajorversion=0;
+	*serverminorversion=0;
 
 	pstrcpy(servername, global_myname);
 	unistr2_to_ascii(architecture, uni_arch, sizeof(architecture)-1);
 
 	if (!get_printer_snum(handle, &snum))
-	{
 		return NT_STATUS_INVALID_HANDLE;
-	}
 
 	switch (level) {
 	case 1:
@@ -3381,8 +3380,10 @@ uint32 _new_spoolss_enumforms( const POLICY_HND *handle, uint32 level,
 
 		*needed=buffer_size;		
 		
-		if (!alloc_buffer_size(buffer, buffer_size))
+		if (!alloc_buffer_size(buffer, buffer_size)){
+			safe_free(list);
 			return ERROR_INSUFFICIENT_BUFFER;
+		}
 
 		/* fill the buffer with the form structures */
 		for (i=0; i<*numofforms; i++)
@@ -3400,7 +3401,7 @@ uint32 _new_spoolss_enumforms( const POLICY_HND *handle, uint32 level,
 			
 	default:
 		safe_free(list);
-		return NT_STATUS_INVALID_INFO_CLASS;
+		return ERROR_INVALID_LEVEL;
 	}
 
 }
@@ -3441,8 +3442,7 @@ static uint32 enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 
 	ports=(PORT_INFO_1 *)malloc( (*returned+1) * sizeof(PORT_INFO_1) );
 	
-	for (snum=0; snum<n_services; snum++)
-	{
+	for (snum=0; snum<n_services; snum++) {
 		if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
 			DEBUGADD(6,("Filling port number [%d]\n", i));
 			fill_port_1(&(ports[i]), lp_servicename(snum));
@@ -3451,18 +3451,18 @@ static uint32 enumports_level_1(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 	}
 
 	/* check the required size. */
-	for (i=0; i<*returned; i++)
-	{
+	for (i=0; i<*returned; i++) {
 		DEBUGADD(6,("adding port [%d]'s size\n", i));
 		*needed += spoolss_size_port_info_1(&(ports[i]));
 	}
 		
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(ports);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	/* fill the buffer with the ports structures */
-	for (i=0; i<*returned; i++)
-	{
+	for (i=0; i<*returned; i++) {
 		DEBUGADD(6,("adding port [%d] to buffer\n", i));
 		new_smb_io_port_1("", buffer, &(ports[i]), 0);
 	}
@@ -3495,8 +3495,7 @@ static uint32 enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 
 	ports=(PORT_INFO_2 *)malloc( (*returned+1) * sizeof(PORT_INFO_2) );
 	
-	for (snum=0; snum<n_services; snum++)
-	{
+	for (snum=0; snum<n_services; snum++) {
 		if ( lp_browseable(snum) && lp_snum_ok(snum) && lp_print_ok(snum) ) {
 			DEBUGADD(6,("Filling port number [%d]\n", i));
 			fill_port_2(&(ports[i]), lp_servicename(snum));
@@ -3505,18 +3504,18 @@ static uint32 enumports_level_2(NEW_BUFFER *buffer, uint32 offered, uint32 *need
 	}
 
 	/* check the required size. */
-	for (i=0; i<*returned; i++)
-	{
+	for (i=0; i<*returned; i++) {
 		DEBUGADD(6,("adding port [%d]'s size\n", i));
 		*needed += spoolss_size_port_info_2(&(ports[i]));
 	}
 		
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(ports);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	/* fill the buffer with the ports structures */
-	for (i=0; i<*returned; i++)
-	{
+	for (i=0; i<*returned; i++) {
 		DEBUGADD(6,("adding port [%d] to buffer\n", i));
 		new_smb_io_port_2("", buffer, &(ports[i]), 0);
 	}
@@ -3561,7 +3560,7 @@ uint32 _spoolss_enumports( UNISTR2 *name, uint32 level,
 uint32 _spoolss_addprinterex( const UNISTR2 *uni_srv_name, uint32 level,
 				const SPOOL_PRINTER_INFO_LEVEL *info,
 				uint32 unk0, uint32 unk1, uint32 unk2, uint32 unk3,
-				uint32 user_switch, const  SPOOL_USER_CTR *user,
+				uint32 user_switch, const SPOOL_USER_CTR *user,
 				POLICY_HND *handle)
 {
 	NT_PRINTER_INFO_LEVEL printer;	
@@ -3654,8 +3653,10 @@ static uint32 getprinterdriverdir_level_1(UNISTR2 *name, UNISTR2 *uni_environmen
 	
 	*needed += spoolss_size_driverdir_info_1(info);							    
 
-	if (!alloc_buffer_size(buffer, *needed))
+	if (!alloc_buffer_size(buffer, *needed)) {
+		safe_free(info);
 		return ERROR_INSUFFICIENT_BUFFER;
+	}
 
 	new_smb_io_driverdir_1("", buffer, info, 0);
 
@@ -3682,7 +3683,7 @@ uint32 _spoolss_getprinterdriverdirectory(UNISTR2 *name, UNISTR2 *uni_environmen
 		return getprinterdriverdir_level_1(name, uni_environment, buffer, offered, needed);
 		break;
 	default:
-		return NT_STATUS_INVALID_INFO_CLASS;
+		return ERROR_INVALID_LEVEL;
 		break;
 	}
 }
@@ -3767,7 +3768,7 @@ uint32 _spoolss_enumprinterdata(const POLICY_HND *handle, uint32 idx,
 	 * the value len is wrong in NT sp3
 	 * that's the number of bytes not the number of unicode chars
 	 */
- 
+
 	if (!get_specific_param_by_index(printer, 2, idx, value, &data, &type, &data_len)) {
 		free_a_printer(printer, 2);
 		return ERROR_NO_MORE_ITEMS;
@@ -3792,7 +3793,7 @@ uint32 _spoolss_enumprinterdata(const POLICY_HND *handle, uint32 idx,
 	/* the data is counted in bytes */
 	*out_max_data_len=in_data_len;
 	*data_out=(uint8 *)malloc(in_data_len*sizeof(uint8));
-	memcpy(*out_data, data, data_len);
+	memcpy(*data_out, data, data_len);
 	*out_data_len=data_len;
 
 	safe_free(data);
-- 
cgit