From 8ef41f31c53e14ad057d883810a1cd2301fede2a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 7 Jun 2000 01:49:23 +0000 Subject: [PATCH] Fixing get/set of security descriptors. Removed ugly hack for NT printing. Fixed up tdb parse stuff memory leaks. Jeremy. --- source/printing/nt_printing.c | 21 +++++++++++++++++---- source/rpc_parse/parse_prs.c | 3 +++ source/rpc_parse/parse_sec.c | 17 +++++++++++------ source/rpc_server/srv_spoolss_nt.c | 2 ++ source/smbd/lanman.c | 2 ++ source/smbd/nttrans.c | 5 ++++- source/smbd/pipes.c | 2 ++ source/tdb/tdbutil.c | 12 ++++-------- 8 files changed, 45 insertions(+), 19 deletions(-) diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 768e97ffdb8..991f66a8ac2 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -1465,7 +1465,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) fstring key; uint32 status; - prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec), 4, MARSHALL); + prs_init(&ps, (uint32)sec_desc_size(secdesc_ctr->sec) + sizeof(SEC_DESC_BUF), 4, MARSHALL); if (!sec_io_desc_buf("nt_printing_setsec", &secdesc_ctr, &ps, 1)) { status = ERROR_INVALID_FUNCTION; @@ -1493,11 +1493,22 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) static SEC_DESC_BUF *construct_default_printer_sdb(void) { extern DOM_SID global_sid_World; + SEC_ACE ace; + SEC_ACCESS sa; + SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; + SEC_DESC *psd = NULL; size_t sd_size; - SEC_DESC *psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, - &global_sid_World, &global_sid_World, - NULL, NULL, &sd_size); + + init_sec_access(&sa,PRINTER_ALL_ACCESS); + init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); + + if ((psa = make_sec_acl( 3, 1, &ace)) != NULL) { + psd = make_sec_desc(1, SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT, + &global_sid_World, &global_sid_World, + NULL, psa, &sd_size); + free_sec_acl(&psa); + } if (!psd) { DEBUG(0,("construct_default_printer_sd: Failed to make SEC_DESC.\n")); @@ -1506,6 +1517,8 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void) sdb = make_sec_desc_buf(sd_size, psd); + DEBUG(4,("construct_default_printer_sdb: size = %u.\n", (unsigned int)sd_size)); + free_sec_desc(&psd); return sdb; } diff --git a/source/rpc_parse/parse_prs.c b/source/rpc_parse/parse_prs.c index d2771820439..b7fe19f9abc 100644 --- a/source/rpc_parse/parse_prs.c +++ b/source/rpc_parse/parse_prs.c @@ -201,6 +201,9 @@ BOOL prs_grow(prs_struct *ps, uint32 extra_space) if(UNMARSHALLING(ps) || !ps->is_dynamic) { DEBUG(0,("prs_grow: Buffer overflow - unable to expand buffer by %u bytes.\n", (unsigned int)extra_space)); + /* JRATEST */ + smb_panic("prs_grow"); + /* JRATEST */ return False; } diff --git a/source/rpc_parse/parse_sec.c b/source/rpc_parse/parse_sec.c index 51cf52f706d..25450e0b193 100644 --- a/source/rpc_parse/parse_sec.c +++ b/source/rpc_parse/parse_sec.c @@ -431,11 +431,16 @@ BOOL sec_io_desc(char *desc, SEC_DESC **ppsd, prs_struct *ps, int depth) psd = *ppsd; - if(UNMARSHALLING(ps) && psd == NULL) { - if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) - return False; - ZERO_STRUCTP(psd); - *ppsd = psd; + if (psd == NULL) { + if(UNMARSHALLING(ps)) { + if((psd = (SEC_DESC *)malloc(sizeof(SEC_DESC))) == NULL) + return False; + ZERO_STRUCTP(psd); + *ppsd = psd; + } else { + /* Marshalling - just ignore. */ + return True; + } } prs_debug(ps, depth, desc, "sec_io_desc"); @@ -629,7 +634,7 @@ BOOL sec_io_desc_buf(char *desc, SEC_DESC_BUF **ppsdb, prs_struct *ps, int depth old_offset = prs_offset(ps); /* reading, length is non-zero; writing, descriptor is non-NULL */ - if ((psdb->len != 0 || MARSHALLING(ps)) && psdb->sec != NULL) { + if ((UNMARSHALLING(ps) && psdb->len != 0) || (MARSHALLING(ps) && psdb->sec != NULL)) { if(!sec_io_desc("sec ", &psdb->sec, ps, depth)) return False; } diff --git a/source/rpc_server/srv_spoolss_nt.c b/source/rpc_server/srv_spoolss_nt.c index b341dbe12ae..e3552c3879f 100644 --- a/source/rpc_server/srv_spoolss_nt.c +++ b/source/rpc_server/srv_spoolss_nt.c @@ -1971,6 +1971,8 @@ static BOOL construct_printer_info_3(fstring servername, DEBUG(0,("construct_printer_info_3: malloc fail.\n")); return False; } + + ZERO_STRUCTP(printer); printer->flags = 4; /* This is the offset to the SEC_DESC. */ if (ntprinter->info_2->secdesc_buf->len != 0) { diff --git a/source/smbd/lanman.c b/source/smbd/lanman.c index fe2cc3ae7d4..cfc0e08d47e 100644 --- a/source/smbd/lanman.c +++ b/source/smbd/lanman.c @@ -776,6 +776,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, desc.subcount = count; fill_printq_info(conn,snum,uLevel,&desc,count,queue,&status); } else if(uLevel == 0) { +#if 0 /* * This is a *disgusting* hack. * This is *so* bad that even I'm embarrassed (and I @@ -795,6 +796,7 @@ static BOOL api_DosPrintQGetInfo(connection_struct *conn, */ fail_next_srvsvc_open(); +#endif } *rdata_len = desc.usedlen; diff --git a/source/smbd/nttrans.c b/source/smbd/nttrans.c index e3874e1b3e8..aad09a75b68 100644 --- a/source/smbd/nttrans.c +++ b/source/smbd/nttrans.c @@ -487,6 +487,7 @@ to open_mode %x\n", (unsigned long)desired_access, (unsigned long)share_access, return smb_open_mode; } +#if 0 /* * This is a *disgusting* hack. * This is *so* bad that even I'm embarrassed (and I @@ -547,7 +548,7 @@ BOOL should_fail_next_srvsvc_open(const char *pipename) } return False; } - +#endif /**************************************************************************** Reply to an NT create and X call on a pipe. @@ -573,8 +574,10 @@ static int nt_open_pipe(char *fname, connection_struct *conn, /* Strip \\ off the name. */ fname++; +#if 0 if(should_fail_next_srvsvc_open(fname)) return (ERROR(ERRSRV,ERRaccess)); +#endif DEBUG(3,("nt_open_pipe: Known pipe %s opening.\n", fname)); diff --git a/source/smbd/pipes.c b/source/smbd/pipes.c index c1d5c261feb..df7141764ce 100644 --- a/source/smbd/pipes.c +++ b/source/smbd/pipes.c @@ -74,11 +74,13 @@ int reply_open_pipe_and_X(connection_struct *conn, /* Strip \PIPE\ off the name. */ pstrcpy(fname,smb_buf(inbuf) + PIPELEN); +#if 0 /* * Hack for NT printers... JRA. */ if(should_fail_next_srvsvc_open(fname)) return(ERROR(ERRSRV,ERRaccess)); +#endif /* Known pipes arrive with DIR attribs. Remove it so a regular file */ /* can be opened and add it in after the open. */ diff --git a/source/tdb/tdbutil.c b/source/tdb/tdbutil.c index 5675061b37e..d2eb6b5ec79 100644 --- a/source/tdb/tdbutil.c +++ b/source/tdb/tdbutil.c @@ -258,8 +258,8 @@ int tdb_prs_store(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) TDB_DATA kbuf, dbuf; kbuf.dptr = keystr; kbuf.dsize = strlen(keystr)+1; - dbuf.dptr = ps->data_p; - dbuf.dsize = ps->data_offset; + dbuf.dptr = prs_data_p(ps); + dbuf.dsize = prs_offset(ps); return tdb_store(tdb, kbuf, dbuf, TDB_REPLACE); } @@ -275,12 +275,8 @@ int tdb_prs_fetch(TDB_CONTEXT *tdb, char *keystr, prs_struct *ps) if (!dbuf.dptr) return -1; ZERO_STRUCTP(ps); - ps->io = UNMARSHALL; - ps->align = 4; - ps->data_p = dbuf.dptr; - ps->data_offset = 0; - ps->buffer_size = dbuf.dsize; - ps->grow_size = dbuf.dsize; + prs_init(ps, 0, 4, UNMARSHALL); + prs_give_memory(ps, dbuf.dptr, dbuf.dsize, True); return 0; } -- 2.34.1