#define MAGIC_DISPLAY_FREQUENCY 0xfade2bad
#define PHANTOM_DEVMODE_KEY "_p_f_a_n_t_0_m_"
-
-/* Table to map the driver version */
-/* to OS */
-static const char * drv_ver_to_os[] = {
- "WIN9X", /* driver version/cversion 0 */
- "", /* unused ? */
- "WINNT", /* driver version/cversion 2 */
- "WIN2K", /* driver version/cversion 3 */
-};
-
-static const char *get_drv_ver_to_os(int ver)
-{
- if (ver < 0 || ver > 3)
- return "";
- return drv_ver_to_os[ver];
-}
-
struct table_node {
const char *long_archi;
const char *short_archi;
/* go ahead and re-read the services immediately */
reload_services( False );
- if ( lp_servicenumber( sharename ) < 0 )
+ if ( !share_defined( sharename ) )
return WERR_ACCESS_DENIED;
return WERR_OK;
if (!make_systemtime(&systime, gmtime((time_t *)msg->notify.data))) {
DEBUG(5, ("notify_system_time: unable to make systemtime\n"));
+ prs_mem_free(&ps);
return;
}
- if (!spoolss_io_system_time("", &ps, 0, &systime))
+ if (!spoolss_io_system_time("", &ps, 0, &systime)) {
+ prs_mem_free(&ps);
return;
+ }
data->notify_data.data.length = prs_offset(&ps);
data->notify_data.data.string = TALLOC(mem_ctx, prs_offset(&ps));
+ if (!data->notify_data.data.string) {
+ prs_mem_free(&ps);
+ return;
+ }
prs_copy_all_data_out((char *)data->notify_data.data.string, &ps);
/* allocate the max entries possible */
data = TALLOC_ARRAY( mem_ctx, SPOOL_NOTIFY_INFO_DATA, msg_group->num_msgs);
+ if (!data) {
+ return;
+ }
+
ZERO_STRUCTP(data);
/* build the array of change notifications */
len = unistrlen(devmode->devicename.buffer);
if (len != -1) {
d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
+ if (!d->devicename.buffer) {
+ return NULL;
+ }
if (unistrcpy(d->devicename.buffer, devmode->devicename.buffer) != len)
return NULL;
}
len = unistrlen(devmode->formname.buffer);
if (len != -1) {
d->devicename.buffer = TALLOC_ARRAY(ctx, uint16, len);
+ if (!d->devicename.buffer) {
+ return NULL;
+ }
if (unistrcpy(d->formname.buffer, devmode->formname.buffer) != len)
return NULL;
}
d->dev_private = TALLOC_MEMDUP(ctx, devmode->dev_private, devmode->driverextra);
-
+ if (!d->dev_private) {
+ return NULL;
+ }
return d;
}
fstring name;
int snum;
- struct current_user user;
Printer_entry *Printer=NULL;
if ( !q_u->printername )
return WERR_INVALID_PRINTER_NAME;
}
- get_current_user(&user, p);
-
/*
* First case: the user is opening the print server:
*
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ((user.ut.uid != 0) &&
- !user_has_privileges(user.nt_user_token,
+ if ((p->pipe_user.ut.uid != 0) &&
+ !user_has_privileges(p->pipe_user.nt_user_token,
&se_printop ) &&
!token_contains_name_in_list(
- uidtoname(user.ut.uid), NULL,
- user.nt_user_token,
+ uidtoname(p->pipe_user.ut.uid), NULL,
+ p->pipe_user.nt_user_token,
lp_printer_admin(snum))) {
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
return WERR_ACCESS_DENIED;
}
- if (!user_ok_token(uidtoname(user.ut.uid), user.nt_user_token,
- snum) ||
- !print_access_check(&user, snum,
+ if (!user_ok_token(uidtoname(p->pipe_user.ut.uid),
+ p->pipe_user.nt_user_token, snum) ||
+ !print_access_check(&p->pipe_user, snum,
printer_default->access_required)) {
DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(p, handle);
NT_PRINTER_DRIVER_INFO_LEVEL info;
NT_PRINTER_DRIVER_INFO_LEVEL info_win2k;
int version;
- struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
- get_current_user(&user, p);
-
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (user.ut.uid != 0)
- && !user_has_privileges(user.nt_user_token, &se_printop )
- && !token_contains_name_in_list( uidtoname(user.ut.uid),
- NULL, user.nt_user_token, lp_printer_admin(-1)) )
+ if ( (p->pipe_user.ut.uid != 0)
+ && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop )
+ && !token_contains_name_in_list( uidtoname(p->pipe_user.ut.uid),
+ NULL, p->pipe_user.nt_user_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
/* if we get to here, we now have 2 driver info structures to remove */
/* remove the Win2k driver first*/
- status_win2k = delete_printer_driver(info_win2k.info_3, &user, 3, False );
+ status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, False );
free_a_printer_driver( info_win2k, 3 );
/* this should not have failed---if it did, report to client */
}
}
- status = delete_printer_driver(info.info_3, &user, version, False);
+ status = delete_printer_driver(info.info_3, &p->pipe_user, version, False);
/* if at least one of the deletes succeeded return OK */
int version;
uint32 flags = q_u->delete_flags;
BOOL delete_files;
- struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
- get_current_user(&user, p);
-
/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
and not a printer admin, then fail */
- if ( (user.ut.uid != 0)
- && !user_has_privileges(user.nt_user_token, &se_printop )
- && !token_contains_name_in_list( uidtoname(user.ut.uid),
- NULL, user.nt_user_token, lp_printer_admin(-1)) )
+ if ( (p->pipe_user.ut.uid != 0)
+ && !user_has_privileges(p->pipe_user.nt_user_token, &se_printop )
+ && !token_contains_name_in_list( uidtoname(p->pipe_user.ut.uid),
+ NULL, p->pipe_user.nt_user_token, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
}
/* if we get to here, we now have 2 driver info structures to remove */
/* remove the Win2k driver first*/
- status_win2k = delete_printer_driver(info_win2k.info_3, &user, 3, delete_files);
+ status_win2k = delete_printer_driver(info_win2k.info_3, &p->pipe_user, 3, delete_files);
free_a_printer_driver( info_win2k, 3 );
/* this should not have failed---if it did, report to client */
}
}
- status = delete_printer_driver(info.info_3, &user, version, delete_files);
+ status = delete_printer_driver(info.info_3, &p->pipe_user, version, delete_files);
if ( W_ERROR_IS_OK(status) || W_ERROR_IS_OK(status_win2k) )
status = WERR_OK;
{
int i=0;
- for (i = 0; i < sizeof(notify_info_data_table); i++)
- {
+ for (i = 0; i < (sizeof(notify_info_data_table)/sizeof(struct s_notify_info_data_table)); i++) {
if ( (notify_info_data_table[i].type == type)
- && (notify_info_data_table[i].field == field) )
- {
- switch(notify_info_data_table[i].size)
- {
- case NOTIFY_ONE_VALUE:
- case NOTIFY_TWO_VALUE:
- return 1;
- case NOTIFY_STRING:
- return 2;
-
- /* The only pointer notify data I have seen on
- the wire is the submitted time and this has
- the notify size set to 4. -tpot */
-
- case NOTIFY_POINTER:
- return 4;
+ && (notify_info_data_table[i].field == field) ) {
+ switch(notify_info_data_table[i].size) {
+ case NOTIFY_ONE_VALUE:
+ case NOTIFY_TWO_VALUE:
+ return 1;
+ case NOTIFY_STRING:
+ return 2;
+
+ /* The only pointer notify data I have seen on
+ the wire is the submitted time and this has
+ the notify size set to 4. -tpot */
+
+ case NOTIFY_POINTER:
+ return 4;
case NOTIFY_SECDESC:
return 5;
Return the type of notify_info_data.
********************************************************************/
-static int type_of_notify_info_data(uint16 type, uint16 field)
+static uint32 type_of_notify_info_data(uint16 type, uint16 field)
{
- int i=0;
+ uint32 i=0;
- for (i = 0; i < sizeof(notify_info_data_table); i++) {
+ for (i = 0; i < (sizeof(notify_info_data_table)/sizeof(struct s_notify_info_data_table)); i++) {
if (notify_info_data_table[i].type == type &&
notify_info_data_table[i].field == field)
return notify_info_data_table[i].size;
}
- return False;
+ return 0;
}
/****************************************************************************
****************************************************************************/
-static int search_notify(uint16 type, uint16 field, int *value)
+static BOOL search_notify(uint16 type, uint16 field, int *value)
{
int i;
info_data->enc_type = type_of_notify_info_data(type, field);
info_data->id = id;
-
}
-
/*******************************************************************
*
* fill a notify_info struct with info asked
Create a DEVMODE struct. Returns malloced memory.
****************************************************************************/
-DEVICEMODE *construct_dev_mode(int snum)
+DEVICEMODE *construct_dev_mode(const char *servicename)
{
NT_PRINTER_INFO_LEVEL *printer = NULL;
DEVICEMODE *devmode = NULL;
DEBUGADD(8,("getting printer characteristics\n"));
- if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, lp_const_servicename(snum))))
+ if (!W_ERROR_IS_OK(get_a_printer(NULL, &printer, 2, servicename)))
return NULL;
if ( !printer->info_2->devmode ) {
printer->cjobs = count; /* jobs */
printer->averageppm = ntprinter->info_2->averageppm; /* average pages per minute */
- if ( !(printer->devmode = construct_dev_mode(snum)) )
+ if ( !(printer->devmode = construct_dev_mode(lp_const_servicename(snum))) )
DEBUG(8, ("Returning NULL Devicemode!\n"));
printer->secdesc = NULL;
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
pstring jobname;
fstring datatype;
Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
- struct current_user user;
if (!Printer) {
DEBUG(2,("_spoolss_startdocprinter: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
return WERR_BADFID;
}
- get_current_user(&user, p);
-
/*
* a nice thing with NT is it doesn't listen to what you tell it.
* when asked to send _only_ RAW datas, it tries to send datas
unistr2_to_ascii(jobname, &info_1->docname, sizeof(jobname));
- Printer->jobid = print_job_start(&user, snum, jobname, Printer->nt_devmode);
+ Printer->jobid = print_job_start(&p->pipe_user, snum, jobname, Printer->nt_devmode);
/* An error occured in print_job_start() so return an appropriate
NT error code. */
static WERROR control_printer(POLICY_HND *handle, uint32 command,
pipes_struct *p)
{
- struct current_user user;
int snum;
WERROR errcode = WERR_BADFUNC;
Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
- get_current_user(&user, p);
-
if (!Printer) {
DEBUG(2,("control_printer: Invalid handle (%s:%u:%u)\n", OUR_HANDLE(handle)));
return WERR_BADFID;
switch (command) {
case PRINTER_CONTROL_PAUSE:
- if (print_queue_pause(&user, snum, &errcode)) {
+ if (print_queue_pause(&p->pipe_user, snum, &errcode)) {
errcode = WERR_OK;
}
break;
case PRINTER_CONTROL_RESUME:
case PRINTER_CONTROL_UNPAUSE:
- if (print_queue_resume(&user, snum, &errcode)) {
+ if (print_queue_resume(&p->pipe_user, snum, &errcode)) {
errcode = WERR_OK;
}
break;
case PRINTER_CONTROL_PURGE:
- if (print_queue_purge(&user, snum, &errcode)) {
+ if (print_queue_purge(&p->pipe_user, snum, &errcode)) {
errcode = WERR_OK;
}
break;
POLICY_HND *handle = &q_u->handle;
Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
int snum;
- struct current_user user;
WERROR errcode = WERR_OK;
if (!Printer) {
if (!get_printer_snum(p, handle, &snum))
return WERR_BADFID;
- get_current_user( &user, p );
-
- print_job_delete( &user, snum, Printer->jobid, &errcode );
+ print_job_delete( &p->pipe_user, snum, Printer->jobid, &errcode );
return errcode;
}
}
new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr);
+ if (!new_secdesc_ctr) {
+ result = WERR_NOMEM;
+ goto done;
+ }
if (sec_desc_equal(new_secdesc_ctr->sec, old_secdesc_ctr->sec)) {
result = WERR_OK;
SE_PRIV se_printop = SE_PRINT_OPERATOR;
BOOL is_print_op = False;
- standard_sub_basic(current_user_info.smb_name, remote_machine,sizeof(remote_machine));
+ standard_sub_basic(current_user_info.smb_name,
+ current_user_info.domain,
+ remote_machine,sizeof(remote_machine));
slprintf(command, sizeof(command)-1, "%s \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\" \"%s\"",
cmd, printer->info_2->printername, printer->info_2->sharename,
#ifdef HAVE_ADS
SPOOL_PRINTER_INFO_LEVEL_7 *info7 = info->info_7;
int snum;
- Printer_entry *Printer = find_printer_index_by_hnd(p, handle);
+ Printer_entry *Printer;
+
+ if ( lp_security() != SEC_ADS ) {
+ return WERR_UNKNOWN_LEVEL;
+ }
+
+ Printer = find_printer_index_by_hnd(p, handle);
DEBUG(5,("publish_or_unpublish_printer, action = %d\n",info7->action));
{
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (q_u->offered!=0)) {
return WERR_INVALID_PARAM;
}
/* this should not be a failure condition if the devmode is NULL */
- devmode = construct_dev_mode(snum);
+ devmode = construct_dev_mode(lp_const_servicename(snum));
for (i=0; i<*returned; i++)
fill_job_info_2(&(info[i]), &queue[i], i, snum, ntprinter, devmode);
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
uint32 jobid = q_u->jobid;
uint32 command = q_u->command;
- struct current_user user;
int snum;
WERROR errcode = WERR_BADFUNC;
return WERR_INVALID_PRINTER_NAME;
}
- get_current_user(&user, p);
-
switch (command) {
case JOB_CONTROL_CANCEL:
case JOB_CONTROL_DELETE:
- if (print_job_delete(&user, snum, jobid, &errcode)) {
+ if (print_job_delete(&p->pipe_user, snum, jobid, &errcode)) {
errcode = WERR_OK;
}
break;
case JOB_CONTROL_PAUSE:
- if (print_job_pause(&user, snum, jobid, &errcode)) {
+ if (print_job_pause(&p->pipe_user, snum, jobid, &errcode)) {
errcode = WERR_OK;
}
break;
case JOB_CONTROL_RESTART:
case JOB_CONTROL_RESUME:
- if (print_job_resume(&user, snum, jobid, &errcode)) {
+ if (print_job_resume(&p->pipe_user, snum, jobid, &errcode)) {
errcode = WERR_OK;
}
break;
ndrivers=get_ntdrivers(&list, architecture, version);
DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
- if(ndrivers == -1)
+ if(ndrivers == -1) {
+ SAFE_FREE(driver_info_1);
return WERR_NOMEM;
+ }
if(ndrivers != 0) {
if((driver_info_1=SMB_REALLOC_ARRAY(driver_info_1, DRIVER_INFO_1, *returned+ndrivers )) == NULL) {
ndrivers=get_ntdrivers(&list, architecture, version);
DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
- if(ndrivers == -1)
+ if(ndrivers == -1) {
+ SAFE_FREE(driver_info_2);
return WERR_NOMEM;
+ }
if(ndrivers != 0) {
if((driver_info_2=SMB_REALLOC_ARRAY(driver_info_2, DRIVER_INFO_2, *returned+ndrivers )) == NULL) {
int ndrivers;
uint32 version;
fstring *list = NULL;
- NT_PRINTER_DRIVER_INFO_LEVEL driver;
DRIVER_INFO_3 *driver_info_3=NULL;
+ NT_PRINTER_DRIVER_INFO_LEVEL driver;
WERROR result = WERR_OK;
*returned=0;
ndrivers=get_ntdrivers(&list, architecture, version);
DEBUGADD(4,("we have:[%d] drivers in environment [%s] and version [%d]\n", ndrivers, architecture, version));
- if(ndrivers == -1)
+ if(ndrivers == -1) {
+ SAFE_FREE(driver_info_3);
return WERR_NOMEM;
+ }
if(ndrivers != 0) {
if((driver_info_3=SMB_REALLOC_ARRAY(driver_info_3, DRIVER_INFO_3, *returned+ndrivers )) == NULL) {
}
out:
- for (i=0; i<*returned; i++)
+ for (i=0; i<*returned; i++) {
SAFE_FREE(driver_info_3[i].dependentfiles);
+ }
SAFE_FREE(driver_info_3);
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0) ) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
SPOOL_PRINTER_DRIVER_INFO_LEVEL *info = &q_u->info;
WERROR err = WERR_OK;
NT_PRINTER_DRIVER_INFO_LEVEL driver;
- struct current_user user;
fstring driver_name;
uint32 version;
ZERO_STRUCT(driver);
- get_current_user(&user, p);
-
if (!convert_printer_driver_info(info, &driver, level)) {
err = WERR_NOMEM;
goto done;
}
DEBUG(5,("Cleaning driver's information\n"));
- err = clean_up_driver_struct(driver, level, &user);
+ err = clean_up_driver_struct(driver, level, &p->pipe_user);
if (!W_ERROR_IS_OK(err))
goto done;
DEBUG(5,("Moving driver to final destination\n"));
- if( !W_ERROR_IS_OK(err = move_driver_to_download_area(driver, level, &user, &err)) ) {
+ if( !W_ERROR_IS_OK(err = move_driver_to_download_area(driver, level, &p->pipe_user, &err)) ) {
goto done;
}
goto done;
}
- /* BEGIN_ADMIN_LOG */
- switch(level) {
- case 3:
- fstrcpy(driver_name, driver.info_3->name ? driver.info_3->name : "");
- sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.",
- driver_name, get_drv_ver_to_os(driver.info_3->cversion),uidtoname(user.ut.uid));
- break;
- case 6:
- fstrcpy(driver_name, driver.info_6->name ? driver.info_6->name : "");
- sys_adminlog(LOG_INFO,"Added printer driver. Print driver name: %s. Print driver OS: %s. Administrator name: %s.",
- driver_name, get_drv_ver_to_os(driver.info_6->version),uidtoname(user.ut.uid));
- break;
- }
- /* END_ADMIN_LOG */
-
/*
* I think this is where he DrvUpgradePrinter() hook would be
* be called in a driver's interface DLL on a Windows NT 4.0/2k
/* that's an [in out] buffer */
- if (!q_u->buffer ) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
goto done;
}
- *out_value_len = (uint32)rpcstr_push((char *)*out_value, regval_name(val), in_value_len, 0);
+ *out_value_len = (uint32)rpcstr_push((char *)*out_value, regval_name(val), (size_t)in_value_len, 0);
/* type */
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
*/
if ( !(nt_devmode=print_job_devmode( lp_const_servicename(snum), jobid )) )
- devmode = construct_dev_mode(snum);
+ devmode = construct_dev_mode(lp_const_servicename(snum));
else {
if ((devmode = SMB_MALLOC_P(DEVICEMODE)) != NULL) {
ZERO_STRUCTP( devmode );
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}
/* that's an [in out] buffer */
- if (!q_u->buffer) {
+ if (!q_u->buffer && (offered!=0)) {
return WERR_INVALID_PARAM;
}