lib/util_sid.c: Uninitialized memory read.

rpc_parse/parse_spoolss.c: Added note about prs_align when marshalling a SEC_DESC...
rpc_server/srv_lsa.c: Tim - your changes broke the display of the 'everyone' group
						when doing file access with no winbindd running. This is a partial
						fix - more when I have analysed this more.
rpc_server/srv_spoolss_nt.c: Fix for the 'change driver' problem ! Hurrah !

Jeremy.
(This used to be commit 151b131ee01ef916c072bcdaa9943a2e984a0f45)

diff --git a/source3/lib/util_sid.c b/source3/lib/util_sid.c
index add2494346ec8a41e941b240fb942b95fe4f670f..43fd7ecc5944e38c44656821490181c64e4ba9b4 100644 (file)
--- a/source3/lib/util_sid.c
+++ b/source3/lib/util_sid.c
@@ -344,6 +344,8 @@ void sid_copy(DOM_SID *dst, const DOM_SID *src)
 {
        int i;
 
+       memset((char *)dst, '\0', sizeof(DOM_SID));
+
        dst->sid_rev_num = src->sid_rev_num;
        dst->num_auths = src->num_auths;
 

diff --git a/source3/rpc_parse/parse_spoolss.c b/source3/rpc_parse/parse_spoolss.c
index d5f3b1c7c8f4cda4f4fd52c9930f89eb9b7e162b..86fee3017fe9ce419d35375bc345b77cb3b681ee 100644 (file)
--- a/source3/rpc_parse/parse_spoolss.c
+++ b/source3/rpc_parse/parse_spoolss.c
@@ -1694,7 +1694,7 @@ BOOL new_smb_io_printer_info_0(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_0 *i
 ********************************************************************/  
 BOOL new_smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *info, int depth)
 {
-       prs_struct *ps=&(buffer->prs);
+       prs_struct *ps=&buffer->prs;
 
        prs_debug(ps, depth, desc, "new_smb_io_printer_info_1");
        depth++;        
@@ -1718,7 +1718,7 @@ BOOL new_smb_io_printer_info_1(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_1 *i
 ********************************************************************/  
 BOOL new_smb_io_printer_info_2(char *desc, NEW_BUFFER *buffer, PRINTER_INFO_2 *info, int depth)
 {
-       prs_struct *ps=&(buffer->prs);
+       prs_struct *ps=&buffer->prs;
 
        prs_debug(ps, depth, desc, "new_smb_io_printer_info_2");
        depth++;        
@@ -2355,6 +2355,7 @@ uint32 spoolss_size_printer_info_2(PRINTER_INFO_2 *info)
        uint32 size=0;
                
        size += 4;
+       /* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
        size += sec_desc_size( info->secdesc );
        
        size+=size_of_device_mode( info->devmode );
@@ -2389,6 +2390,7 @@ return the size required by a struct in the stream
 uint32 spoolss_size_printer_info_3(PRINTER_INFO_3 *info)
 {
        /* The 4 is for the self relative pointer.. */
+       /* JRA !!!! TESTME - WHAT ABOUT prs_align.... !!! */
        return 4 + (uint32)sec_desc_size( info->secdesc );
 }
 

diff --git a/source3/rpc_server/srv_lsa.c b/source3/rpc_server/srv_lsa.c
index 5855f6c03059a910179e6e352eaca964bdc2b38c..da8929bbc6c82df5703b3c653063cbc98712d679 100644 (file)
--- a/source3/rpc_server/srv_lsa.c
+++ b/source3/rpc_server/srv_lsa.c
@@ -324,6 +324,11 @@ BOOL winbind_lookup_sid(DOM_SID *sid, fstring dom_name, fstring name,
        if (result == WINBINDD_OK) {
                parse_domain_user(response.data.name.name, dom_name, name);
                *name_type = response.data.name.type;
+       } else {
+               sid_copy(&tmp_sid, sid);
+               sid_split_rid(&tmp_sid, &rid);
+               return map_domain_sid_to_name(&tmp_sid, dom_name) &&
+                       lookup_local_rid(rid, name, name_type);
        }
 
        return (result == WINBINDD_OK);

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index b8b25a1ecbadc57ebbfb7bb7aacca6284bc013f4..d1ff58404e7b5564cebe9d21389a375dd84696ad 100644 (file)
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -413,7 +413,7 @@ static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername)
                        if ( !(lp_snum_ok(snum) && lp_print_ok(snum) ) )
                                continue;
                
-                       DEBUGADD(5,("share:%s\n",lp_servicename(snum)));
+                       DEBUGADD(5,("set_printer_hnd_printername: share:%s\n",lp_servicename(snum)));
 
                        if (get_a_printer(&printer, 2, lp_servicename(snum))!=0)
                                continue;
@@ -441,7 +441,9 @@ static BOOL set_printer_hnd_printername(POLICY_HND *hnd, char *printername)
        }
        
        snum--;
-       DEBUGADD(4,("Printer found: %s -> %s[%x]\n",printer->info_2->printername, lp_servicename(snum),snum));
+       DEBUGADD(4,("set_printer_hnd_printername: Printer found: %s -> %s[%x]\n",
+                       printer->info_2->printername, lp_servicename(snum),snum));
+
        ZERO_STRUCT(Printer->dev.printername);
        strncpy(Printer->dev.printername, lp_servicename(snum), strlen(lp_servicename(snum)));
        
@@ -1667,11 +1669,11 @@ static BOOL construct_printer_info_0(PRINTER_INFO_0 *printer, int snum, fstring
        
        /* the description and the name are of the form \\server\share */
        slprintf(chaine,sizeof(chaine)-1,"\\\\%s\\%s",servername, ntprinter->info_2->printername);
-                                                           
-       init_unistr(&(printer->printername), chaine);
+
+       init_unistr(&printer->printername, chaine);
        
        slprintf(chaine,sizeof(chaine)-1,"\\\\%s", servername);
-       init_unistr(&(printer->servername), chaine);
+       init_unistr(&printer->servername, chaine);
        
        printer->cjobs = count;
        printer->total_jobs = 0;
@@ -1801,8 +1803,8 @@ static DEVICEMODE *construct_dev_mode(int snum, char *servername)
                goto fail;
 
        DEBUGADD(8,("loading DEVICEMODE\n"));
-       snprintf(adevice, sizeof(adevice), "\\\\%s\\%s", global_myname, 
-                                                        printer->info_2->printername);
+       snprintf(adevice, sizeof(adevice), "%s", printer->info_2->printername);
+
        init_unistr(&devmode->devicename, adevice);
 
        snprintf(aform, sizeof(aform), ntdevmode->formname);