The Samba-Bugzilla – Attachment 4980 Details for
Bug 6883
Add Printer fails with 0x000006f7 on Windows 7
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
First part of fixing bug 6883
v3-4-test.patch (text/plain), 13.81 KB, created by
Guenther Deschner
on 2009-11-23 06:13:51 UTC
(
hide
)
Description:
First part of fixing bug 6883
Filename:
MIME Type:
Creator:
Guenther Deschner
Created:
2009-11-23 06:13:51 UTC
Size:
13.81 KB
patch
obsolete
>From 1417e8307d4b03a638f2eba8ad7c8241ae7ce8a1 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 20 Nov 2009 12:57:13 +0100 >Subject: [PATCH 1/2] spoolss: fix spoolss_EnumPrinterKey IDL. > >Guenther >--- > librpc/gen_ndr/cli_spoolss.c | 4 +- > librpc/gen_ndr/cli_spoolss.h | 2 +- > librpc/gen_ndr/ndr_spoolss.c | 80 ++++++++++++++++-------------------------- > librpc/gen_ndr/spoolss.h | 2 +- > librpc/gen_ndr/srv_spoolss.c | 4 +- > librpc/idl/spoolss.idl | 2 +- > 6 files changed, 37 insertions(+), 57 deletions(-) > >diff --git a/librpc/gen_ndr/cli_spoolss.c b/librpc/gen_ndr/cli_spoolss.c >index 1e94a2a..70dfab3 100644 >--- a/librpc/gen_ndr/cli_spoolss.c >+++ b/librpc/gen_ndr/cli_spoolss.c >@@ -3811,7 +3811,7 @@ NTSTATUS rpccli_spoolss_EnumPrinterKey(struct rpc_pipe_client *cli, > TALLOC_CTX *mem_ctx, > struct policy_handle *handle /* [in] [ref] */, > const char *key_name /* [in] [charset(UTF16)] */, >- const char ** *key_buffer /* [out] [subcontext_size(offered),ref,subcontext(0),flag(LIBNDR_FLAG_STR_NULLTERM)] */, >+ uint16_t *key_buffer /* [out] [ref,size_is(offered/2)] */, > uint32_t offered /* [in] */, > uint32_t *needed /* [out] [ref] */, > WERROR *werror) >@@ -3847,7 +3847,7 @@ NTSTATUS rpccli_spoolss_EnumPrinterKey(struct rpc_pipe_client *cli, > } > > /* Return variables */ >- *key_buffer = *r.out.key_buffer; >+ memcpy(key_buffer, r.out.key_buffer, r.in.offered / 2 * sizeof(*key_buffer)); > *needed = *r.out.needed; > > /* Return result */ >diff --git a/librpc/gen_ndr/cli_spoolss.h b/librpc/gen_ndr/cli_spoolss.h >index eb86e8c..4c621f4 100644 >--- a/librpc/gen_ndr/cli_spoolss.h >+++ b/librpc/gen_ndr/cli_spoolss.h >@@ -497,7 +497,7 @@ NTSTATUS rpccli_spoolss_EnumPrinterKey(struct rpc_pipe_client *cli, > TALLOC_CTX *mem_ctx, > struct policy_handle *handle /* [in] [ref] */, > const char *key_name /* [in] [charset(UTF16)] */, >- const char ** *key_buffer /* [out] [subcontext_size(offered),ref,subcontext(0),flag(LIBNDR_FLAG_STR_NULLTERM)] */, >+ uint16_t *key_buffer /* [out] [ref,size_is(offered/2)] */, > uint32_t offered /* [in] */, > uint32_t *needed /* [out] [ref] */, > WERROR *werror); >diff --git a/librpc/gen_ndr/ndr_spoolss.c b/librpc/gen_ndr/ndr_spoolss.c >index d4195e4..d03196e 100644 >--- a/librpc/gen_ndr/ndr_spoolss.c >+++ b/librpc/gen_ndr/ndr_spoolss.c >@@ -26619,6 +26619,7 @@ _PUBLIC_ void ndr_print_spoolss_EnumPrinterDataEx(struct ndr_print *ndr, const c > > _PUBLIC_ enum ndr_err_code ndr_push_spoolss_EnumPrinterKey(struct ndr_push *ndr, int flags, const struct spoolss_EnumPrinterKey *r) > { >+ uint32_t cntr_key_buffer_1; > if (flags & NDR_IN) { > if (r->in.handle == NULL) { > return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); >@@ -26631,22 +26632,12 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_EnumPrinterKey(struct ndr_push *ndr, > NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered)); > } > if (flags & NDR_OUT) { >- { >- uint32_t _flags_save_string_array = ndr->flags; >- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); >- if (r->out.key_buffer == NULL) { >- return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); >- } >- NDR_CHECK(ndr_push_unique_ptr(ndr, *r->out.key_buffer)); >- if (*r->out.key_buffer) { >- { >- struct ndr_push *_ndr_key_buffer; >- NDR_CHECK(ndr_push_subcontext_start(ndr, &_ndr_key_buffer, 0, r->in.offered)); >- NDR_CHECK(ndr_push_string_array(_ndr_key_buffer, NDR_SCALARS, *r->out.key_buffer)); >- NDR_CHECK(ndr_push_subcontext_end(ndr, _ndr_key_buffer, 0, r->in.offered)); >- } >- } >- ndr->flags = _flags_save_string_array; >+ if (r->out.key_buffer == NULL) { >+ return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); >+ } >+ NDR_CHECK(ndr_push_uint32(ndr, NDR_SCALARS, r->in.offered / 2)); >+ for (cntr_key_buffer_1 = 0; cntr_key_buffer_1 < r->in.offered / 2; cntr_key_buffer_1++) { >+ NDR_CHECK(ndr_push_uint16(ndr, NDR_SCALARS, r->out.key_buffer[cntr_key_buffer_1])); > } > if (r->out.needed == NULL) { > return ndr_push_error(ndr, NDR_ERR_INVALID_POINTER, "NULL [ref] pointer"); >@@ -26659,9 +26650,8 @@ _PUBLIC_ enum ndr_err_code ndr_push_spoolss_EnumPrinterKey(struct ndr_push *ndr, > > _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_EnumPrinterKey(struct ndr_pull *ndr, int flags, struct spoolss_EnumPrinterKey *r) > { >- uint32_t _ptr_key_buffer; >+ uint32_t cntr_key_buffer_1; > TALLOC_CTX *_mem_save_handle_0; >- TALLOC_CTX *_mem_save_key_buffer_0; > TALLOC_CTX *_mem_save_key_buffer_1; > TALLOC_CTX *_mem_save_needed_0; > if (flags & NDR_IN) { >@@ -26682,40 +26672,22 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_EnumPrinterKey(struct ndr_pull *ndr, > NDR_CHECK(ndr_check_string_terminator(ndr, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t))); > NDR_CHECK(ndr_pull_charset(ndr, NDR_SCALARS, &r->in.key_name, ndr_get_array_length(ndr, &r->in.key_name), sizeof(uint16_t), CH_UTF16)); > NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, &r->in.offered)); >- NDR_PULL_ALLOC(ndr, r->out.key_buffer); >- ZERO_STRUCTP(r->out.key_buffer); >+ NDR_PULL_ALLOC_N(ndr, r->out.key_buffer, r->in.offered / 2); >+ memset(r->out.key_buffer, 0, (r->in.offered / 2) * sizeof(*r->out.key_buffer)); > NDR_PULL_ALLOC(ndr, r->out.needed); > ZERO_STRUCTP(r->out.needed); > } > if (flags & NDR_OUT) { >- { >- uint32_t _flags_save_string_array = ndr->flags; >- ndr_set_flags(&ndr->flags, LIBNDR_FLAG_STR_NULLTERM); >- if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { >- NDR_PULL_ALLOC(ndr, r->out.key_buffer); >- } >- _mem_save_key_buffer_0 = NDR_PULL_GET_MEM_CTX(ndr); >- NDR_PULL_SET_MEM_CTX(ndr, r->out.key_buffer, LIBNDR_FLAG_REF_ALLOC); >- NDR_CHECK(ndr_pull_generic_ptr(ndr, &_ptr_key_buffer)); >- if (_ptr_key_buffer) { >- NDR_PULL_ALLOC(ndr, *r->out.key_buffer); >- } else { >- *r->out.key_buffer = NULL; >- } >- if (*r->out.key_buffer) { >- _mem_save_key_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr); >- NDR_PULL_SET_MEM_CTX(ndr, *r->out.key_buffer, 0); >- { >- struct ndr_pull *_ndr_key_buffer; >- NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_key_buffer, 0, r->in.offered)); >- NDR_CHECK(ndr_pull_string_array(_ndr_key_buffer, NDR_SCALARS, r->out.key_buffer)); >- NDR_CHECK(ndr_pull_subcontext_end(ndr, _ndr_key_buffer, 0, r->in.offered)); >- } >- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_buffer_1, 0); >- } >- NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_buffer_0, LIBNDR_FLAG_REF_ALLOC); >- ndr->flags = _flags_save_string_array; >+ NDR_CHECK(ndr_pull_array_size(ndr, &r->out.key_buffer)); >+ if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { >+ NDR_PULL_ALLOC_N(ndr, r->out.key_buffer, ndr_get_array_size(ndr, &r->out.key_buffer)); > } >+ _mem_save_key_buffer_1 = NDR_PULL_GET_MEM_CTX(ndr); >+ NDR_PULL_SET_MEM_CTX(ndr, r->out.key_buffer, 0); >+ for (cntr_key_buffer_1 = 0; cntr_key_buffer_1 < r->in.offered / 2; cntr_key_buffer_1++) { >+ NDR_CHECK(ndr_pull_uint16(ndr, NDR_SCALARS, &r->out.key_buffer[cntr_key_buffer_1])); >+ } >+ NDR_PULL_SET_MEM_CTX(ndr, _mem_save_key_buffer_1, 0); > if (ndr->flags & LIBNDR_FLAG_REF_ALLOC) { > NDR_PULL_ALLOC(ndr, r->out.needed); > } >@@ -26724,12 +26696,16 @@ _PUBLIC_ enum ndr_err_code ndr_pull_spoolss_EnumPrinterKey(struct ndr_pull *ndr, > NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, r->out.needed)); > NDR_PULL_SET_MEM_CTX(ndr, _mem_save_needed_0, LIBNDR_FLAG_REF_ALLOC); > NDR_CHECK(ndr_pull_WERROR(ndr, NDR_SCALARS, &r->out.result)); >+ if (r->out.key_buffer) { >+ NDR_CHECK(ndr_check_array_size(ndr, (void*)&r->out.key_buffer, r->in.offered / 2)); >+ } > } > return NDR_ERR_SUCCESS; > } > > _PUBLIC_ void ndr_print_spoolss_EnumPrinterKey(struct ndr_print *ndr, const char *name, int flags, const struct spoolss_EnumPrinterKey *r) > { >+ uint32_t cntr_key_buffer_1; > ndr_print_struct(ndr, name, "spoolss_EnumPrinterKey"); > ndr->depth++; > if (flags & NDR_SET_VALUES) { >@@ -26751,10 +26727,14 @@ _PUBLIC_ void ndr_print_spoolss_EnumPrinterKey(struct ndr_print *ndr, const char > ndr->depth++; > ndr_print_ptr(ndr, "key_buffer", r->out.key_buffer); > ndr->depth++; >- ndr_print_ptr(ndr, "key_buffer", *r->out.key_buffer); >+ ndr->print(ndr, "%s: ARRAY(%d)", "key_buffer", (int)r->in.offered / 2); > ndr->depth++; >- if (*r->out.key_buffer) { >- ndr_print_string_array(ndr, "key_buffer", *r->out.key_buffer); >+ for (cntr_key_buffer_1=0;cntr_key_buffer_1<r->in.offered / 2;cntr_key_buffer_1++) { >+ char *idx_1=NULL; >+ if (asprintf(&idx_1, "[%d]", cntr_key_buffer_1) != -1) { >+ ndr_print_uint16(ndr, "key_buffer", r->out.key_buffer[cntr_key_buffer_1]); >+ free(idx_1); >+ } > } > ndr->depth--; > ndr->depth--; >diff --git a/librpc/gen_ndr/spoolss.h b/librpc/gen_ndr/spoolss.h >index a9f7aaf..2053065 100644 >--- a/librpc/gen_ndr/spoolss.h >+++ b/librpc/gen_ndr/spoolss.h >@@ -3030,7 +3030,7 @@ struct spoolss_EnumPrinterKey { > } in; > > struct { >- const char ** *key_buffer;/* [subcontext_size(offered),ref,subcontext(0),flag(LIBNDR_FLAG_STR_NULLTERM)] */ >+ uint16_t *key_buffer;/* [ref,size_is(offered/2)] */ > uint32_t *needed;/* [ref] */ > WERROR result; > } out; >diff --git a/librpc/gen_ndr/srv_spoolss.c b/librpc/gen_ndr/srv_spoolss.c >index 79efbb5..3bbe401 100644 >--- a/librpc/gen_ndr/srv_spoolss.c >+++ b/librpc/gen_ndr/srv_spoolss.c >@@ -6296,7 +6296,7 @@ static bool api_spoolss_EnumPrinterKey(pipes_struct *p) > } > > ZERO_STRUCT(r->out); >- r->out.key_buffer = talloc_zero(r, const char **); >+ r->out.key_buffer = talloc_zero_array(r, uint16_t, r->in.offered / 2); > if (r->out.key_buffer == NULL) { > talloc_free(r); > return false; >@@ -8399,7 +8399,7 @@ NTSTATUS rpc_spoolss_dispatch(struct rpc_pipe_client *cli, TALLOC_CTX *mem_ctx, > case NDR_SPOOLSS_ENUMPRINTERKEY: { > struct spoolss_EnumPrinterKey *r = (struct spoolss_EnumPrinterKey *)_r; > ZERO_STRUCT(r->out); >- r->out.key_buffer = talloc_zero(mem_ctx, const char **); >+ r->out.key_buffer = talloc_zero_array(mem_ctx, uint16_t, r->in.offered / 2); > if (r->out.key_buffer == NULL) { > return NT_STATUS_NO_MEMORY; > } >diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl >index f306462..e4f03e5 100644 >--- a/librpc/idl/spoolss.idl >+++ b/librpc/idl/spoolss.idl >@@ -2302,7 +2302,7 @@ import "misc.idl", "security.idl", "winreg.idl"; > [public] WERROR spoolss_EnumPrinterKey( > [in, ref] policy_handle *handle, > [in] [string,charset(UTF16)] uint16 key_name[], >- [out,ref] [subcontext(0),subcontext_size(offered)] nstring_array **key_buffer, >+ [out,ref] [size_is(offered/2)] uint16 *key_buffer, > [in] uint32 offered, > [out,ref] uint32 *needed > ); >-- >1.6.5.2 > > >From e2e1ce01d9fc377b33fe72daf09b6b897cb22376 Mon Sep 17 00:00:00 2001 >From: =?UTF-8?q?G=C3=BCnther=20Deschner?= <gd@samba.org> >Date: Fri, 20 Nov 2009 16:34:00 +0100 >Subject: [PATCH 2/2] s3-spoolss: fix spoolss_EnumPrinterKey client and server code. > >Guenther >(cherry picked from commit d464151f3b47c675664f464b1645ca85de663655) >--- > source3/rpc_client/cli_spoolss.c | 24 +++++++++++++++++++++--- > source3/rpc_server/srv_spoolss_nt.c | 23 +++++++++++++++++++---- > 2 files changed, 40 insertions(+), 7 deletions(-) > >diff --git a/source3/rpc_client/cli_spoolss.c b/source3/rpc_client/cli_spoolss.c >index 3f369bd..ff8736d 100644 >--- a/source3/rpc_client/cli_spoolss.c >+++ b/source3/rpc_client/cli_spoolss.c >@@ -760,27 +760,45 @@ WERROR rpccli_spoolss_enumprinterkey(struct rpc_pipe_client *cli, > NTSTATUS status; > WERROR werror; > uint32_t needed; >+ uint16_t *buffer = NULL; >+ >+ *key_buffer = NULL; >+ >+ if (offered) { >+ buffer = talloc_array(mem_ctx, uint16_t, offered); >+ W_ERROR_HAVE_NO_MEMORY(buffer); >+ } > > status = rpccli_spoolss_EnumPrinterKey(cli, mem_ctx, > handle, > key_name, >- key_buffer, >+ buffer, > offered, > &needed, > &werror); > > if (W_ERROR_EQUAL(werror, WERR_MORE_DATA)) { > offered = needed; >- >+ buffer = talloc_realloc(mem_ctx, buffer, uint16_t, needed); >+ W_ERROR_HAVE_NO_MEMORY(buffer); > status = rpccli_spoolss_EnumPrinterKey(cli, mem_ctx, > handle, > key_name, >- key_buffer, >+ buffer, > offered, > &needed, > &werror); > } > >+ if (W_ERROR_IS_OK(werror)) { >+ const char **array; >+ DATA_BLOB blob = data_blob_const((uint8_t *)buffer, offered); >+ if (!pull_reg_multi_sz(mem_ctx, &blob, &array)) { >+ return WERR_NOMEM; >+ } >+ *key_buffer = array; >+ } >+ > return werror; > } > >diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c >index 87735d3..f0bf851 100644 >--- a/source3/rpc_server/srv_spoolss_nt.c >+++ b/source3/rpc_server/srv_spoolss_nt.c >@@ -9259,7 +9259,7 @@ WERROR _spoolss_EnumPrinterKey(pipes_struct *p, > WERROR result = WERR_BADFILE; > int i; > const char **array = NULL; >- >+ DATA_BLOB blob; > > DEBUG(4,("_spoolss_EnumPrinterKey\n")); > >@@ -9288,7 +9288,9 @@ WERROR _spoolss_EnumPrinterKey(pipes_struct *p, > goto done; > } > >- *r->out.needed = 4; >+ /* two byte termination (a multisz) */ >+ >+ *r->out.needed = 2; > > array = talloc_zero_array(r->out.key_buffer, const char *, num_keys + 1); > if (!array) { >@@ -9297,6 +9299,10 @@ WERROR _spoolss_EnumPrinterKey(pipes_struct *p, > } > > for (i=0; i < num_keys; i++) { >+ >+ DEBUG(10,("_spoolss_EnumPrinterKey: adding keyname: %s\n", >+ keynames[i])); >+ > array[i] = talloc_strdup(array, keynames[i]); > if (!array[i]) { > result = WERR_NOMEM; >@@ -9313,12 +9319,21 @@ WERROR _spoolss_EnumPrinterKey(pipes_struct *p, > > result = WERR_OK; > >- *r->out.key_buffer = array; >+ if (!push_reg_multi_sz(p->mem_ctx, &blob, array)) { >+ result = WERR_NOMEM; >+ goto done; >+ } >+ >+ if (r->in.offered == blob.length) { >+ memcpy(r->out.key_buffer, blob.data, blob.length); >+ } > > done: > if (!W_ERROR_IS_OK(result)) { > TALLOC_FREE(array); >- ZERO_STRUCTP(r->out.key_buffer); >+ if (!W_ERROR_EQUAL(result, WERR_MORE_DATA)) { >+ *r->out.needed = 0; >+ } > } > > free_a_printer(&printer, 2); >-- >1.6.5.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4980">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6883
:
4938
|
4980
|
4992
|
5003
|
5026
|
5068
|
5082