From 93169a1f34f180f8a469a25532792f23e55e6966 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Sat, 3 Mar 2001 05:27:26 +0000 Subject: Roll back to using malloc/realloc on some of spoolss in head. I'm having problems with talloc_realloc in the 2.2 branch and I want a stable reference. The only problem is this breaks the clean auto-generated code in *one* call in srv_spoolss.c (the rfnpcnex call). Jeremy. (This used to be commit 57a9340cbafa40f3a41e6c676c6f2477855fd799) --- source3/include/proto.h | 4 +- source3/printing/nt_printing.c | 54 +++++------------ source3/rpc_server/srv_pipe_hnd.c | 4 +- source3/rpc_server/srv_spoolss.c | 3 + source3/rpc_server/srv_spoolss_nt.c | 114 ++++++++++++++++++------------------ 5 files changed, 79 insertions(+), 100 deletions(-) (limited to 'source3') diff --git a/source3/include/proto.h b/source3/include/proto.h index ff004bbabd..d9154cca6f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -1962,9 +1962,9 @@ BOOL parse_lpq_entry(int snum,char *line, #if OLD_NTDOMAIN BOOL nt_printing_init(void); -int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list); +int get_ntforms(nt_forms_struct **list); int write_ntforms(nt_forms_struct **list, int number); -BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count); +BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count); BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret); void update_a_form(nt_forms_struct **list, const FORM *form, int count); int get_ntdrivers(fstring **list, char *architecture, uint32 version); diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 8614c55e82..a2337c25f3 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -52,10 +52,10 @@ static nt_forms_struct default_forms[] = { {"Letter", 0x2, 0x34b5b, 0x44367, 0x0, 0x0, 0x34b5b, 0x44367}, }; + /**************************************************************************** open the NT printing tdb ****************************************************************************/ - BOOL nt_printing_init(void) { static pid_t local_pid; @@ -81,15 +81,14 @@ BOOL nt_printing_init(void) return True; } + /**************************************************************************** -get a form struct list. Returns talloc'ed memory. +get a form struct list ****************************************************************************/ - -int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) +int get_ntforms(nt_forms_struct **list) { TDB_DATA kbuf, newkey, dbuf; nt_forms_struct form; - nt_forms_struct *list_p = NULL; int ret; int i; int n = 0; @@ -111,37 +110,25 @@ int get_ntforms(TALLOC_CTX *ctx, nt_forms_struct **list) /* allocate space and populate the list in correct order */ if (i+1 > n) { - list_p = Realloc(list_p, sizeof(nt_forms_struct)*(i+1)); - if (!list_p) - return 0; + *list = Realloc(*list, sizeof(nt_forms_struct)*(i+1)); n = i+1; } - list_p[i] = form; + (*list)[i] = form; } /* we should never return a null forms list or NT gets unhappy */ if (n == 0) { - list_p = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); - if (!list_p) - return 0; + *list = (nt_forms_struct *)memdup(&default_forms[0], sizeof(default_forms)); n = sizeof(default_forms) / sizeof(default_forms[0]); } - *list = NULL; - if (list_p) { - *list = (nt_forms_struct *)talloc_memdup(ctx, list_p, n * sizeof(nt_forms_struct) ); - free(list_p); - } - if (!*list) - return 0; return n; } /**************************************************************************** write a form struct list ****************************************************************************/ - int write_ntforms(nt_forms_struct **list, int number) { pstring buf, key; @@ -155,26 +142,23 @@ int write_ntforms(nt_forms_struct **list, int number) i, (*list)[i].flag, (*list)[i].width, (*list)[i].length, (*list)[i].left, (*list)[i].top, (*list)[i].right, (*list)[i].bottom); - if (len > sizeof(buf)) - break; + if (len > sizeof(buf)) break; slprintf(key, sizeof(key), "%s%s", FORMS_PREFIX, (*list)[i].name); dos_to_unix(key, True); /* Convert key to unix-codepage */ kbuf.dsize = strlen(key)+1; kbuf.dptr = key; dbuf.dsize = len; dbuf.dptr = buf; - if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) - break; - } + if (tdb_store(tdb, kbuf, dbuf, TDB_REPLACE) != 0) break; + } - return i; + return i; } /**************************************************************************** add a form struct at the end of the list ****************************************************************************/ - -BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int *count) +BOOL add_a_form(nt_forms_struct **list, const FORM *form, int *count) { int n=0; BOOL update; @@ -198,14 +182,8 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int * } if (update==False) { - /* We can't realloc a talloc memory area. */ - nt_forms_struct *new_list = (nt_forms_struct *)talloc(ctx, (n+1)*sizeof(nt_forms_struct) ); - if (!new_list) + if((*list=Realloc(*list, (n+1)*sizeof(nt_forms_struct))) == NULL) return False; - - memcpy(new_list, *list, n*sizeof(nt_forms_struct) ); - *list = new_list; - unistr2_to_ascii((*list)[n].name, &form->name, sizeof((*list)[n].name)-1); (*count)++; } @@ -224,7 +202,6 @@ BOOL add_a_form(TALLOC_CTX *ctx, nt_forms_struct **list, const FORM *form, int * /**************************************************************************** delete a named form struct ****************************************************************************/ - BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 *ret) { pstring key; @@ -273,7 +250,6 @@ BOOL delete_a_form(nt_forms_struct **list, UNISTR2 *del_name, int *count, uint32 /**************************************************************************** update a form struct ****************************************************************************/ - void update_a_form(nt_forms_struct **list, const FORM *form, int count) { int n=0; @@ -281,7 +257,8 @@ void update_a_form(nt_forms_struct **list, const FORM *form, int count) unistr2_to_ascii(form_name, &(form->name), sizeof(form_name)-1); DEBUG(106, ("[%s]\n", form_name)); - for (n=0; nname)); } /* - * Check the data length doesn't go over the 1Mb limit. + * Check the data length doesn't go over the 10Mb limit. */ - if(prs_data_size(&p->in_data.data) + data_len > 1024*1024) { + if(prs_data_size(&p->in_data.data) + data_len > 10*1024*1024) { DEBUG(0,("process_request_pdu: rpc data buffer too large (%u) + (%u)\n", (unsigned int)prs_data_size(&p->in_data.data), (unsigned int)data_len )); set_incoming_fault(p); diff --git a/source3/rpc_server/srv_spoolss.c b/source3/rpc_server/srv_spoolss.c index a2bde97865..0cb72232f2 100755 --- a/source3/rpc_server/srv_spoolss.c +++ b/source3/rpc_server/srv_spoolss.c @@ -270,10 +270,13 @@ static BOOL api_spoolss_rfnpcnex(pipes_struct *p) r_u.status = _spoolss_rfnpcnex(p, &q_u, &r_u); if (!spoolss_io_r_rfnpcnex("", &r_u, rdata, 0)) { + safe_free(r_u.info.data); DEBUG(0,("spoolss_io_r_rfnpcnex: unable to marshall SPOOL_R_RFNPCNEX.\n")); return False; } + safe_free(r_u.info.data); + return True; } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 2b6fb9a7e5..830f5cdcf4 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -149,7 +149,6 @@ static void free_spool_notify_option(SPOOL_NOTIFY_OPTION **pp) safe_free(sp->ctr.type); free(sp); - } /**************************************************************************** @@ -290,7 +289,6 @@ static BOOL srv_spoolss_replycloseprinter(POLICY_HND *handle) /**************************************************************************** close printer index by handle ****************************************************************************/ - static BOOL close_printer_handle(POLICY_HND *hnd) { Printer_entry *Printer = find_printer_index_by_hnd(hnd); @@ -310,6 +308,7 @@ static BOOL close_printer_handle(POLICY_HND *hnd) Printer->notify.localmachine[0]='\0'; Printer->notify.printerlocal=0; free_spool_notify_option(&Printer->notify.option); + Printer->notify.option=NULL; Printer->notify.client_connected=False; clear_handle(hnd); @@ -846,13 +845,13 @@ uint32 _spoolss_open_printer_ex( pipes_struct *p, SPOOL_Q_OPEN_PRINTER_EX *q_u, /* NT doesn't let us connect to a printer if the connecting user doesn't have print permission. */ + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; + /* map an empty access mask to the minimum access mask */ if (printer_default->access_required == 0x0) printer_default->access_required = PRINTER_ACCESS_USE; - if (!get_printer_snum(handle, &snum)) - return ERROR_INVALID_HANDLE; - if (!print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(handle); @@ -1113,7 +1112,6 @@ uint32 _spoolss_deleteprinter(pipes_struct *p, SPOOL_Q_DELETEPRINTER *q_u, SPOOL /******************************************************************** GetPrinterData on a printer server Handle. ********************************************************************/ - static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 *type, uint8 **data, uint32 *needed, uint32 in_size) { int i; @@ -1160,8 +1158,9 @@ static BOOL getprinterdata_printer_server(TALLOC_CTX *ctx, fstring value, uint32 pstring string="You are using a Samba server"; *type = 0x1; *needed = 2*(strlen(string)+1); - if((*data = (uint8 *)talloc_zero( ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); /* it's done by hand ready to go on the wire */ for (i=0; i in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) + if((*data = (uint8 *)talloc(ctx, ((*needed > in_size) ? *needed:in_size) *sizeof(uint8))) == NULL) return False; + memset(*data, 0, (*needed > in_size) ? *needed:in_size); for (i=0; iin_size)?in_size:len *sizeof(uint8)); } else { @@ -1276,7 +1277,7 @@ uint32 _spoolss_getprinterdata(pipes_struct *p, SPOOL_Q_GETPRINTERDATA *q_u, SPO DEBUG(4,("_spoolss_getprinterdata\n")); if (!OPEN_HANDLE(Printer)) { - if((*data=(uint8 *)talloc_zero(p->mem_ctx, 4*sizeof(uint8))) == NULL) + if((*data=(uint8 *)malloc(4*sizeof(uint8))) == NULL) return ERROR_NOT_ENOUGH_MEMORY; DEBUG(0,("_spoolss_getprinterdata: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; @@ -1366,12 +1367,12 @@ uint32 _spoolss_rffpcnex(pipes_struct *p, SPOOL_Q_RFFPCNEX *q_u, SPOOL_R_RFFPCNE } Printer->notify.flags=flags; + Printer->notify.options=options; Printer->notify.printerlocal=printerlocal; if (Printer->notify.option) free_spool_notify_option(&Printer->notify.option); - Printer->notify.options=options; Printer->notify.option=dup_spool_notify_option(option); unistr2_to_ascii(Printer->notify.localmachine, localmachine, sizeof(Printer->notify.localmachine)-1); @@ -2157,12 +2158,12 @@ static void construct_info_data(SPOOL_NOTIFY_INFO_DATA *info_data, uint16 type, info_data->enc_type = type_of_notify_info_data(type, field); } + /******************************************************************* * * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int snum, SPOOL_NOTIFY_OPTION_TYPE *option_type, uint32 id, @@ -2192,7 +2193,7 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int if (!search_notify(type, field, &j) ) continue; - if((info->data=Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { + if((info->data=(SPOOL_NOTIFY_INFO_DATA *)Realloc(info->data, (info->count+1)*sizeof(SPOOL_NOTIFY_INFO_DATA))) == NULL) { return False; } current_data=&info->data[info->count]; @@ -2217,7 +2218,6 @@ static BOOL construct_notify_printer_info(SPOOL_NOTIFY_INFO *info, int * fill a notify_info struct with info asked * ********************************************************************/ - static BOOL construct_notify_jobs_info(print_queue_struct *queue, SPOOL_NOTIFY_INFO *info, NT_PRINTER_INFO_LEVEL *printer, @@ -2228,6 +2228,7 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, int field_num,j; uint16 type; uint16 field; + SPOOL_NOTIFY_INFO_DATA *current_data; DEBUG(4,("construct_notify_jobs_info\n")); @@ -2248,13 +2249,9 @@ static BOOL construct_notify_jobs_info(print_queue_struct *queue, return False; } - current_data=&info->data[info->count]; + current_data=&(info->data[info->count]); construct_info_data(current_data, type, field, id); - - DEBUG(10,("construct_notify_jobs_info: calling [%s] snum=%d printername=[%s])\n", - notify_info_data_table[j].name, snum, printer->info_2->printername )); - notify_info_data_table[j].fn(snum, current_data, queue, printer, mem_ctx); info->count++; @@ -2322,7 +2319,8 @@ static uint32 printserver_notify_info(const POLICY_HND *hnd, for (snum=0; snumversion:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); @@ -2377,7 +2375,9 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, switch ( option_type->type ) { case PRINTER_NOTIFY_TYPE: - if(construct_notify_printer_info(info, snum, option_type, id, mem_ctx)) + if(construct_notify_printer_info(info, snum, + option_type, id, + mem_ctx)) id--; break; @@ -2387,7 +2387,8 @@ static uint32 printer_notify_info(POLICY_HND *hnd, SPOOL_NOTIFY_INFO *info, memset(&status, 0, sizeof(status)); count = print_queue_status(snum, &queue, &status); - if (get_a_printer(&printer, 2, lp_servicename(snum)) != 0) + if (get_a_printer(&printer, 2, + lp_servicename(snum)) != 0) goto done; for (j=0; jversion:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); - DEBUGADD(10,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); + /* + DEBUG(1,("dumping the NOTIFY_INFO\n")); + DEBUGADD(1,("info->version:[%d], info->flags:[%d], info->count:[%d]\n", info->version, info->flags, info->count)); + DEBUGADD(1,("num\ttype\tfield\tres\tid\tsize\tenc_type\n")); for (i=0; icount; i++) { - DEBUGADD(10,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", + DEBUGADD(1,("[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\t[%d]\n", i, info->data[i].type, info->data[i].field, info->data[i].reserved, info->data[i].id, info->data[i].size, info->data[i].enc_type)); } - + */ return NT_STATUS_NO_PROBLEMO; } @@ -2472,25 +2473,7 @@ uint32 _spoolss_rfnpcnex( pipes_struct *p, SPOOL_Q_RFNPCNEX *q_u, SPOOL_R_RFNPCN result = printer_notify_info(handle, info, p->mem_ctx); break; } - - /* - * The data returned in info->data is realloced. We need to - * convert to talloc for return. The data really should come - * back as a linked list, not a realloced array, as realloc can - * fail... JRA. - */ - - if (info->data) { - SPOOL_NOTIFY_INFO_DATA *new_data = (SPOOL_NOTIFY_INFO_DATA *)talloc_memdup(p->mem_ctx, - info->data, - info->count * sizeof(SPOOL_NOTIFY_INFO_DATA)); - if (!new_data) - return NT_STATUS_NO_MEMORY; - - safe_free(info->data); - info->data = new_data; - } - + done: return result; } @@ -5291,14 +5274,14 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - *numofforms = get_ntforms(p->mem_ctx, &list); + *numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", *numofforms)); if (*numofforms == 0) return ERROR_NO_MORE_ITEMS; switch (level) { case 1: - if ((forms_1=(FORM_1 *)talloc(p->mem_ctx, *numofforms * sizeof(FORM_1))) == NULL) { + if ((forms_1=(FORM_1 *)malloc(*numofforms * sizeof(FORM_1))) == NULL) { *numofforms=0; return ERROR_NOT_ENOUGH_MEMORY; } @@ -5309,6 +5292,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E fill_form_1(&forms_1[i], &list[i]); } + safe_free(list); + /* check the required size. */ for (i=0; i<*numofforms; i++) { DEBUGADD(6,("adding form [%d]'s size\n",i)); @@ -5317,8 +5302,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E *needed=buffer_size; - if (!alloc_buffer_size(buffer, buffer_size)) + if (!alloc_buffer_size(buffer, buffer_size)){ + safe_free(forms_1); return ERROR_INSUFFICIENT_BUFFER; + } /* fill the buffer with the form structures */ for (i=0; i<*numofforms; i++) { @@ -5326,6 +5313,8 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E new_smb_io_form_1("", buffer, &forms_1[i], 0); } + safe_free(forms_1); + if (*needed > offered) { *numofforms=0; return ERROR_INSUFFICIENT_BUFFER; @@ -5334,8 +5323,10 @@ uint32 _new_spoolss_enumforms(pipes_struct *p, SPOOL_Q_ENUMFORMS *q_u, SPOOL_R_E return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } + } /**************************************************************************** @@ -5366,7 +5357,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * DEBUGADD(5,("Offered buffer size [%d]\n", offered)); DEBUGADD(5,("Info level [%d]\n", level)); - numofforms = get_ntforms(p->mem_ctx, &list); + numofforms = get_ntforms(&list); DEBUGADD(5,("Number of forms [%d]\n", numofforms)); if (numofforms == 0) @@ -5387,6 +5378,8 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * } } + safe_free(list); + /* check the required size. */ *needed=spoolss_size_form_1(&form_1); @@ -5406,6 +5399,7 @@ uint32 _spoolss_getform(pipes_struct *p, SPOOL_Q_GETFORM *q_u, SPOOL_R_GETFORM * return NT_STATUS_NO_PROBLEMO; default: + safe_free(list); return ERROR_INVALID_LEVEL; } } @@ -6183,12 +6177,14 @@ uint32 _spoolss_addform( pipes_struct *p, SPOOL_Q_ADDFORM *q_u, SPOOL_R_ADDFORM return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); - if(!add_a_form(p->mem_ctx, &list, form, &count)) + count=get_ntforms(&list); + if(!add_a_form(&list, form, &count)) return ERROR_NOT_ENOUGH_MEMORY; write_ntforms(&list, count); - return NT_STATUS_NOPROBLEMO; + safe_free(list); + + return 0x0; } /**************************************************************************** @@ -6211,10 +6207,12 @@ uint32 _spoolss_deleteform( pipes_struct *p, SPOOL_Q_DELETEFORM *q_u, SPOOL_R_DE return ERROR_INVALID_HANDLE; } - count = get_ntforms(p->mem_ctx, &list); + count = get_ntforms(&list); if(!delete_a_form(&list, form_name, &count, &ret)) return ERROR_INVALID_PARAMETER; + safe_free(list); + return ret; } @@ -6238,10 +6236,12 @@ uint32 _spoolss_setform(pipes_struct *p, SPOOL_Q_SETFORM *q_u, SPOOL_R_SETFORM * DEBUG(0,("_spoolss_setform: Invalid handle (%s).\n", OUR_HANDLE(handle))); return ERROR_INVALID_HANDLE; } - count=get_ntforms(p->mem_ctx, &list); + count=get_ntforms(&list); update_a_form(&list, form, count); write_ntforms(&list, count); + safe_free(list); + return 0x0; } -- cgit