*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
if (type->count2 != type->count)
DEBUG(4,("What a mess, count was %x now is %x !\n", type->count, type->count2));
+ if (type->count2 > MAX_NOTIFY_TYPE_FOR_NOW) {
+ return False;
+ }
+
/* parse the option type data */
for(i=0;i<type->count2;i++)
if(!prs_uint16("fields",ps,depth,&type->fields[i]))
return False;
/* reading */
- if (UNMARSHALLING(ps))
+ if (UNMARSHALLING(ps) && ctr->count)
if((ctr->type=PRS_ALLOC_MEM(ps,SPOOL_NOTIFY_OPTION_TYPE,ctr->count)) == NULL)
return False;
if(!prs_uint32("string length", ps, depth, &data->notify_data.data.length))
return False;
- if (UNMARSHALLING(ps)) {
+ if (UNMARSHALLING(ps) && data->notify_data.data.length) {
data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16,
data->notify_data.data.length);
case NOTIFY_POINTER:
- if (UNMARSHALLING(ps)) {
+ if (UNMARSHALLING(ps) && data->notify_data.data.length) {
data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16,
data->notify_data.data.length);
/* Tallocate memory for string */
- data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2);
- if (!data->notify_data.data.string)
- return False;
+ if (x) {
+ data->notify_data.data.string = PRS_ALLOC_MEM(ps, uint16, x * 2);
+ if (!data->notify_data.data.string)
+ return False;
+ } else {
+ data->notify_data.data.string = NULL;
+ }
if(!prs_uint16uni(True,"string",ps,depth,data->notify_data.data.string,x))
return False;
switch ( q_u->level )
{
case 1:
- if ( !prs_pointer( "" , ps, depth, (void**)&q_u->user.user1,
+ if ( !prs_pointer( "" , ps, depth, (void*)&q_u->user.user1,
sizeof(SPOOL_USER_1), (PRS_POINTER_CAST)spool_io_user_level_1 ))
{
return False;
BOOL smb_io_printer_info_3(const char *desc, RPC_BUFFER *buffer, PRINTER_INFO_3 *info, int depth)
{
+ uint32 offset = 0;
prs_struct *ps=&buffer->prs;
prs_debug(ps, depth, desc, "smb_io_printer_info_3");
buffer->struct_start=prs_offset(ps);
- if (!prs_uint32("flags", ps, depth, &info->flags))
- return False;
+ if (MARSHALLING(ps)) {
+ /* Ensure the SD is 8 byte aligned in the buffer. */
+ uint start = prs_offset(ps); /* Remember the start position. */
+ uint off_val = 0;
+
+ /* Write a dummy value. */
+ if (!prs_uint32("offset", ps, depth, &off_val))
+ return False;
+
+ /* 8 byte align. */
+ if (!prs_align_uint64(ps))
+ return False;
+
+ /* Remember where we must seek back to write the SD. */
+ offset = prs_offset(ps);
+
+ /* Calculate the real offset for the SD. */
+
+ off_val = offset - start;
+
+ /* Seek back to where we store the SD offset & store. */
+ prs_set_offset(ps, start);
+ if (!prs_uint32("offset", ps, depth, &off_val))
+ return False;
+
+ /* Return to after the 8 byte align. */
+ prs_set_offset(ps, offset);
+
+ } else {
+ if (!prs_uint32("offset", ps, depth, &offset))
+ return False;
+ /* Seek within the buffer. */
+ if (!prs_set_offset(ps, offset))
+ return False;
+ }
if (!sec_io_desc("sec_desc", &info->secdesc, ps, depth))
return False;
return True;
}
+/*******************************************************************
+ Parse a PRINTER_INFO_6 structure.
+********************************************************************/
+
+BOOL smb_io_printer_info_6(const char *desc, RPC_BUFFER *buffer,
+ PRINTER_INFO_6 *info, int depth)
+{
+ prs_struct *ps=&buffer->prs;
+
+ prs_debug(ps, depth, desc, "smb_io_printer_info_6");
+ depth++;
+
+ if (!prs_uint32("status", ps, depth, &info->status))
+ return False;
+
+ return True;
+}
+
/*******************************************************************
Parse a PRINTER_INFO_7 structure.
********************************************************************/
if (!smb_io_relarraystr("previousdrivernames", buffer, depth, &info->previousdrivernames))
return False;
- if (!prs_uint32("date.low", ps, depth, &info->driver_date.low))
- return False;
- if (!prs_uint32("date.high", ps, depth, &info->driver_date.high))
+ if (!prs_uint64("date", ps, depth, &info->driver_date))
return False;
if (!prs_uint32("padding", ps, depth, &info->padding))
return size;
}
+/*******************************************************************
+return the size required by a struct in the stream
+********************************************************************/
+
+uint32 spoolss_size_printer_info_6(PRINTER_INFO_6 *info)
+{
+ return sizeof(uint32);
+}
/*******************************************************************
return the size required by a struct in the stream
uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info)
{
- /* The 4 is for the self relative pointer.. */
- /* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
- return 4 + (uint32)sec_desc_size( info->secdesc );
+ /* The 8 is for the self relative pointer - 8 byte aligned.. */
+ return 8 + (uint32)sec_desc_size( info->secdesc );
}
/*******************************************************************
q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
if (!q_u->secdesc_ctr)
return False;
- q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
- q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->sec = secdesc;
+ q_u->secdesc_ctr->sd = secdesc;
+ q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
q_u->devmode_ctr.devmode_ptr = (devmode != NULL) ? 1 : 0;
q_u->devmode_ctr.size = (devmode != NULL) ? sizeof(DEVICEMODE) + (3*sizeof(uint32)) : 0;
q_u->secdesc_ctr = SMB_MALLOC_P(SEC_DESC_BUF);
if (!q_u->secdesc_ctr)
return False;
- q_u->secdesc_ctr->ptr = (secdesc != NULL) ? 1: 0;
- q_u->secdesc_ctr->max_len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->len = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
- q_u->secdesc_ctr->sec = secdesc;
+ q_u->secdesc_ctr->sd_size = (secdesc) ? sizeof(SEC_DESC) + (2*sizeof(uint32)) : 0;
+ q_u->secdesc_ctr->sd = secdesc;
break;
case 7:
}
case 3:
{
- ptr_sec_desc = q_u->info.info_3->secdesc_ptr;
+ /* FIXME ! Our parsing here is wrong I think,
+ * but for a level3 it makes no sense for
+ * ptr_sec_desc to be NULL. JRA. Based on
+ * a Vista sniff from Martin Zielinski <mz@seh.de>.
+ */
+ if (UNMARSHALLING(ps)) {
+ ptr_sec_desc = 1;
+ } else {
+ ptr_sec_desc = q_u->info.info_3->secdesc_ptr;
+ }
break;
}
}
prs_debug(ps, depth, "", "sec_io_desc_buf");
if (!prs_uint32("size", ps, depth + 1, &dummy))
return False;
- if (!prs_uint32("ptr", ps, depth + 1, &dummy)) return
- False;
+ if (!prs_uint32("ptr", ps, depth + 1, &dummy))
+ return False;
}
if(!prs_uint32("command", ps, depth, &q_u->command))
dynamically allocate memory
********************************************************************/
+
static BOOL uniarray_2_dosarray(BUFFER5 *buf5, fstring **ar)
{
fstring f;
return False;
src = (char *)buf5->buffer;
- *ar = NULL;
+ *ar = SMB_MALLOC_ARRAY(fstring, 1);
+ if (!*ar) {
+ return False;
+ }
while (src < ((char *)buf5->buffer) + buf5->buf_len*2) {
rpcstr_pull(f, src, sizeof(f)-1, -1, STR_TERMINATE);
src = skip_unibuf(src, 2*buf5->buf_len - PTR_DIFF(src,buf5->buffer));
*ar = SMB_REALLOC_ARRAY(*ar, fstring, n+2);
- if (!*ar)
+ if (!*ar) {
return False;
+ }
fstrcpy((*ar)[n], f);
n++;
}
+
fstrcpy((*ar)[n], "");
return True;
}
-
-
-
/*******************************************************************
read a UNICODE array with null terminated strings
and null terminated array
DRIVER_INFO_3 *info3)
{
uint32 len = 0;
- uint16 *ptr = info3->dependentfiles;
- BOOL done = False;
- BOOL null_char = False;
SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *inf;
if (!(inf=TALLOC_ZERO_P(mem_ctx, SPOOL_PRINTER_DRIVER_INFO_LEVEL_3)))
init_unistr2_from_unistr(&inf->monitorname, &info3->monitorname);
init_unistr2_from_unistr(&inf->defaultdatatype, &info3->defaultdatatype);
- while (!done)
- {
- switch (*ptr)
- {
- case 0:
- /* the null_char BOOL is used to help locate
- two '\0's back to back */
- if (null_char)
- done = True;
- else
- null_char = True;
- break;
+ if (info3->dependentfiles) {
+ BOOL done = False;
+ BOOL null_char = False;
+ uint16 *ptr = info3->dependentfiles;
+
+ while (!done) {
+ switch (*ptr) {
+ case 0:
+ /* the null_char BOOL is used to help locate
+ two '\0's back to back */
+ if (null_char) {
+ done = True;
+ } else {
+ null_char = True;
+ }
+ break;
- default:
- null_char = False;
- ;;
- break;
+ default:
+ null_char = False;
+ break;
+ }
+ len++;
+ ptr++;
}
- len++;
- ptr++;
}
+
inf->dependentfiles_ptr = (info3->dependentfiles != NULL) ? 1 : 0;
- inf->dependentfilessize = len;
- if(!make_spoolss_buffer5(mem_ctx, &inf->dependentfiles, len, info3->dependentfiles))
- {
+ inf->dependentfilessize = (info3->dependentfiles != NULL) ? len : 0;
+ if(!make_spoolss_buffer5(mem_ctx, &inf->dependentfiles, len, info3->dependentfiles)) {
SAFE_FREE(inf);
return False;
}
/*******************************************************************
make a BUFFER5 struct from a uint16*
******************************************************************/
+
BOOL make_spoolss_buffer5(TALLOC_CTX *mem_ctx, BUFFER5 *buf5, uint32 len, uint16 *src)
{
buf5->buf_len = len;
- if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
- DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
- return False;
+ if (src) {
+ if (len) {
+ if((buf5->buffer=(uint16*)TALLOC_MEMDUP(mem_ctx, src, sizeof(uint16)*len)) == NULL) {
+ DEBUG(0,("make_spoolss_buffer5: Unable to malloc memory for buffer!\n"));
+ return False;
+ }
+ } else {
+ buf5->buffer = NULL;
+ }
+ } else {
+ buf5->buffer=NULL;
}
return True;
case REG_BINARY:
case REG_DWORD:
case REG_MULTI_SZ:
- if (q_u->max_len) {
- if (UNMARSHALLING(ps))
- q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len);
- if(q_u->data == NULL)
- return False;
- if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
- return False;
- }
+ if (q_u->max_len) {
+ if (UNMARSHALLING(ps))
+ q_u->data=PRS_ALLOC_MEM(ps, uint8, q_u->max_len);
+ if(q_u->data == NULL)
+ return False;
+ if(!prs_uint8s(False,"data", ps, depth, q_u->data, q_u->max_len))
+ return False;
+ }
if(!prs_align(ps))
return False;
break;
SAFE_FREE(printer);
}
+void free_printer_info_6(PRINTER_INFO_6 *printer)
+{
+ SAFE_FREE(printer);
+}
+
void free_printer_info_7(PRINTER_INFO_7 *printer)
{
SAFE_FREE(printer);
data_offset,
current_offset;
const uint32 basic_unit = 20; /* size of static portion of enum_values */
-
+
prs_debug(ps, depth, desc, "spoolss_io_printer_enum_values_ctr");
depth++;
-
+
/*
* offset data begins at 20 bytes per structure * size_of_array.
* Don't forget the uint32 at the beginning
/* first loop to write basic enum_value information */
- if (UNMARSHALLING(ps)) {
+ if (UNMARSHALLING(ps) && ctr->size_of_array) {
ctr->values = PRS_ALLOC_MEM(ps, PRINTER_ENUM_VALUES, ctr->size_of_array);
if (!ctr->values)
return False;
}
for (i=0; i<ctr->size_of_array; i++) {
+ uint32 base_offset, return_offset;
+
+ base_offset = prs_offset(ps);
+
valuename_offset = current_offset;
if (!prs_uint32("valuename_offset", ps, depth, &valuename_offset))
return False;
+ /* Read or write the value. */
+
+ return_offset = prs_offset(ps);
+
+ if (!prs_set_offset(ps, base_offset + valuename_offset)) {
+ return False;
+ }
+
+ if (!prs_unistr("valuename", ps, depth, &ctr->values[i].valuename))
+ return False;
+
+ /* And go back. */
+ if (!prs_set_offset(ps, return_offset))
+ return False;
+
if (!prs_uint32("value_len", ps, depth, &ctr->values[i].value_len))
return False;
if (!prs_uint32("data_len", ps, depth, &ctr->values[i].data_len))
return False;
- current_offset = data_offset + ctr->values[i].data_len - basic_unit;
- /* account for 2 byte alignment */
- current_offset += (current_offset % 2);
- }
+ /* Read or write the data. */
- /*
- * loop #2 for writing the dynamically size objects; pay
- * attention to 2-byte alignment here....
- */
-
- for (i=0; i<ctr->size_of_array; i++) {
-
- if (!prs_unistr("valuename", ps, depth, &ctr->values[i].valuename))
+ return_offset = prs_offset(ps);
+
+ if (!prs_set_offset(ps, base_offset + data_offset)) {
return False;
-
+ }
+
if ( ctr->values[i].data_len ) {
if ( UNMARSHALLING(ps) ) {
ctr->values[i].data = PRS_ALLOC_MEM(ps, uint8, ctr->values[i].data_len);
if (!prs_uint8s(False, "data", ps, depth, ctr->values[i].data, ctr->values[i].data_len))
return False;
}
-
- if ( !prs_align_uint16(ps) )
+
+ current_offset = data_offset + ctr->values[i].data_len - basic_unit;
+ /* account for 2 byte alignment */
+ current_offset += (current_offset % 2);
+
+ /* Remember how far we got. */
+ data_offset = prs_offset(ps);
+
+ /* And go back. */
+ if (!prs_set_offset(ps, return_offset))
return False;
+
}
+ /* Go to the last data offset we got to. */
+
+ if (!prs_set_offset(ps, data_offset))
+ return False;
+
+ /* And ensure we're 2 byte aligned. */
+
+ if ( !prs_align_uint16(ps) )
+ return False;
+
return True;
}
git.samba.org / amitay / samba.git / blobdiff