← Back to branch summary

~ubuntu-branches/ubuntu/maverick/samba/maverick-security

« back to all changes in this revision

Viewing changes to source3/rpc_server/srv_spoolss_nt.c

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2010-01-29 06:16:15 UTC
  • mfrom: (0.27.9 upstream) (0.34.4 squeeze)
  • Revision ID: james.westby@ubuntu.com-20100129061615-37hs6xqpsdhjq3ld
Tags: 2:3.4.5~dfsg-1ubuntu1
https://launchpad.net/bugs/462169
https://launchpad.net/bugs/493565
* Merge from debian testing.  Remaining changes:
  + debian/patches/VERSION.patch:
    - set SAMBA_VERSION_SUFFIX to Ubuntu.
  + debian/smb.conf:
    - Add "(Samba, Ubuntu)" to server string.
    - Comment out the default [homes] share, and add a comment about "valid users = %s"
      to show users how to restrict access to \\server\username to only username.
    - Set 'usershare allow guests', so that usershare admins are allowed to create
      public shares in additon to authenticated ones.
    - add map to guest = Bad user, maps bad username to gues access.
  + debian/samba-common.conf:
    - Do not change priority to high if dhclient3 is installed.
    - Use priority medium instead of high for the workgroup question.
  + debian/mksambapasswd.awk:
    - Do not add user with UID less than 1000 to smbpasswd.
  + debian/control: 
    - Make libswbclient0 replace/conflict with hardy's likewise-open.
    - Don't build against ctdb, since its not in main yet.
  + debian/rules:
    - Enable "native" PIE hardening.
    - Add BIND_NOW to maximize benefit of RELRO hardening.
  + Add ufw integration:
    - Created debian/samba.ufw.profile.
    - debian/rules, debian/samba.dirs, debian/samba.files: install
  + Add apoort hook:
    - Created debian/source_samba.py.
    - debian/rules, debian/samba.dirs, debian/samba-common-bin.files: install
  + debian/rules, debian/samba.if-up: allow "NetworkManager" as a recognized address
    family... it's obviously /not/ an address family, but it's what gets
    sent when using NM, so we'll cope for now.  (LP: #462169). Taken from karmic-proposed.
  + debian/control: Recommend keyutils for smbfs (LP: #493565)
  + Dropped patches:
    - debian/patches/security-CVE-2009-3297.patch: No longer needed
    - debian/patches/fix-too-many-open-files.patch: No longer needed

Show diffs side-by-side

added added

removed removed

Lines of Context:
source3/rpc_server/srv_spoolss_nt.c
1670
1670
                        return WERR_BADFID;
1671
1671
                }
1672
1672
 
 
1673
                if (r->in.access_mask == SEC_FLAG_MAXIMUM_ALLOWED) {
 
1674
                        r->in.access_mask = PRINTER_ACCESS_ADMINISTER;
 
1675
                }
 
1676
 
1673
1677
                se_map_standard(&r->in.access_mask, &printer_std_mapping);
1674
1678
 
1675
1679
                /* map an empty access mask to the minimum access mask */
9259
9263
        WERROR          result = WERR_BADFILE;
9260
9264
        int i;
9261
9265
        const char **array = NULL;
9262
 
 
 
9266
        DATA_BLOB blob;
9263
9267
 
9264
9268
        DEBUG(4,("_spoolss_EnumPrinterKey\n"));
9265
9269
 
9288
9292
                goto done;
9289
9293
        }
9290
9294
 
9291
 
        *r->out.needed = 4;
9292
 
 
9293
 
        array = talloc_zero_array(r->out.key_buffer, const char *, num_keys + 1);
 
9295
        array = talloc_zero_array(r->out.key_buffer, const char *, num_keys + 2);
9294
9296
        if (!array) {
9295
9297
                result = WERR_NOMEM;
9296
9298
                goto done;
9297
9299
        }
9298
9300
 
 
9301
        if (!num_keys) {
 
9302
                array[0] = talloc_strdup(array, "");
 
9303
                if (!array[0]) {
 
9304
                        result = WERR_NOMEM;
 
9305
                        goto done;
 
9306
                }
 
9307
        }
 
9308
 
9299
9309
        for (i=0; i < num_keys; i++) {
 
9310
 
 
9311
                DEBUG(10,("_spoolss_EnumPrinterKey: adding keyname: %s\n",
 
9312
                        keynames[i]));
 
9313
 
9300
9314
                array[i] = talloc_strdup(array, keynames[i]);
9301
9315
                if (!array[i]) {
9302
9316
                        result = WERR_NOMEM;
9303
9317
                        goto done;
9304
9318
                }
9305
 
 
9306
 
                *r->out.needed += strlen_m_term(keynames[i]) * 2;
9307
 
        }
 
9319
        }
 
9320
 
 
9321
        if (!push_reg_multi_sz(p->mem_ctx, &blob, array)) {
 
9322
                result = WERR_NOMEM;
 
9323
                goto done;
 
9324
        }
 
9325
 
 
9326
        *r->out._ndr_size = r->in.offered / 2;
 
9327
        *r->out.needed = blob.length;
9308
9328
 
9309
9329
        if (r->in.offered < *r->out.needed) {
9310
9330
                result = WERR_MORE_DATA;
9311
 
                goto done;
 
9331
        } else {
 
9332
                result = WERR_OK;
 
9333
                r->out.key_buffer->string_array = array;
9312
9334
        }
9313
9335
 
9314
 
        result = WERR_OK;
9315
 
 
9316
 
        *r->out.key_buffer = array;
9317
 
 
9318
9336
 done:
9319
9337
        if (!W_ERROR_IS_OK(result)) {
9320
9338
                TALLOC_FREE(array);
9321
 
                ZERO_STRUCTP(r->out.key_buffer);
 
9339
                if (!W_ERROR_EQUAL(result, WERR_MORE_DATA)) {
 
9340
                        *r->out.needed = 0;
 
9341
                }
9322
9342
        }
9323
9343
 
9324
9344
        free_a_printer(&printer, 2);