s3-spoolss: Don't leak memory.

[metze/samba/wip.git] / source3 / rpc_server / spoolss / srv_spoolss_nt.c
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c

index 48a2981986c3bdc56d08e14aa192f3ce652ae9f3..891f4296b93e2859686089e65fb3633b63774832 100644 (file)
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -2338,9 +2338,13 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
                 enum ndr_err_code ndr_err;
                 struct spoolss_OSVersion os;
  
-               os.major                = 5;    /* Windows 2000 == 5.0 */
-               os.minor                = 0;
-               os.build                = 2195; /* build */
+               os.major                = lp_parm_int(GLOBAL_SECTION_SNUM,
+                                                     "spoolss", "os_major", 5);
+                                                     /* Windows 2000 == 5.0 */
+               os.minor                = lp_parm_int(GLOBAL_SECTION_SNUM,
+                                                     "spoolss", "os_minor", 0);
+               os.build                = lp_parm_int(GLOBAL_SECTION_SNUM,
+                                                     "spoolss", "os_build", 2195);
                 os.extra_string         = "";   /* leave extra string empty */
  
                 ndr_err = ndr_push_struct_blob(&blob, mem_ctx, &os,
@@ -2349,6 +2353,10 @@ static WERROR getprinterdata_printer_server(TALLOC_CTX *mem_ctx,
                         return WERR_GENERAL_FAILURE;
                 }
  
+               if (DEBUGLEVEL >= 10) {
+                       NDR_PRINT_DEBUG(spoolss_OSVersion, &os);
+               }
+
                 *type = REG_BINARY;
                 data->binary = blob;
  
@@ -4466,7 +4474,8 @@ static WERROR enum_all_printers_info_1_network(TALLOC_CTX *mem_ctx,
            listed. Windows responds to this call with a
            WERR_CAN_NOT_COMPLETE so we should do the same. */
  
-       if (servername[0] == '\\' && servername[1] == '\\') {
+       if (servername != NULL &&
+           (servername[0] == '\\') && (servername[1] == '\\')) {
                  s = servername + 2;
         }
  
@@ -4858,8 +4867,10 @@ static WERROR string_array_from_driver_info(TALLOC_CTX *mem_ctx,
                              &array, &num_strings);
         }
  
-       if (presult) {
+       if (presult != NULL) {
                 *presult = array;
+       } else {
+               talloc_free(array);
         }
  
         return WERR_OK;
@@ -5605,6 +5616,7 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
  {
         struct printer_handle *printer;
         WERROR result;
+       uint32_t version = r->in.client_major_version;
  
         int snum;
  
@@ -5629,13 +5641,19 @@ WERROR _spoolss_GetPrinterDriver2(struct pipes_struct *p,
                 return WERR_BADFID;
         }
  
+       if (r->in.client_major_version == SPOOLSS_DRIVER_VERSION_2012) {
+               DEBUG(3,("_spoolss_GetPrinterDriver2: v4 driver requested, "
+                       "downgrading to v3\n"));
+               version = SPOOLSS_DRIVER_VERSION_200X;
+       }
+
         result = construct_printer_driver_info_level(p->mem_ctx,
                                                      get_session_info_system(),
                                                      p->msg_ctx,
                                                      r->in.level, r->out.info,
                                                      snum, printer->servername,
                                                      r->in.architecture,
-                                                    r->in.client_major_version);
+                                                    version);
         if (!W_ERROR_IS_OK(result)) {
                 TALLOC_FREE(r->out.info);
                 return result;
@@ -5722,11 +5740,11 @@ WERROR _spoolss_StartDocPrinter(struct pipes_struct *p,
                 return WERR_INVALID_HANDLE;
         }
  
-       if (r->in.level != 1) {
+       if (r->in.info_ctr->level != 1) {
                 return WERR_UNKNOWN_LEVEL;
         }
  
-       info_1 = r->in.info.info1;
+       info_1 = r->in.info_ctr->info.info1;
  
         /*
          * a nice thing with NT is it doesn't listen to what you tell it.
@@ -8319,7 +8337,7 @@ static WERROR compose_spoolss_server_path(TALLOC_CTX *mem_ctx,
                                           char **path)
  {
         const char *pservername = NULL;
-       const char *long_archi = SPOOLSS_ARCHITECTURE_NT_X86;
+       const char *long_archi;
         const char *short_archi;
  
         *path = NULL;
@@ -8327,6 +8345,10 @@ static WERROR compose_spoolss_server_path(TALLOC_CTX *mem_ctx,
         /* environment may be empty */
         if (environment && strlen(environment)) {
                 long_archi = environment;
+       } else {
+               long_archi = lp_parm_const_string(GLOBAL_SECTION_SNUM,
+                                                 "spoolss", "architecture",
+                                                 SPOOLSS_ARCHITECTURE_NT_X86);
         }
  
         /* servername may be empty */
@@ -8648,7 +8670,7 @@ WERROR _spoolss_DeletePrinterData(struct pipes_struct *p,
  WERROR _spoolss_AddForm(struct pipes_struct *p,
                         struct spoolss_AddForm *r)
  {
-       struct spoolss_AddFormInfo1 *form = r->in.info.info1;
+       struct spoolss_AddFormInfo1 *form;
         int snum = -1;
         WERROR status = WERR_OK;
         struct printer_handle *Printer = find_printer_index_by_hnd(p, r->in.handle);
@@ -8673,6 +8695,15 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
                 return WERR_ACCESS_DENIED;
         }
  
+       if (r->in.info_ctr->level != 1) {
+               return WERR_INVALID_LEVEL;
+       }
+
+       form = r->in.info_ctr->info.info1;
+       if (!form) {
+               return WERR_INVALID_PARAM;
+       }
+
         switch (form->flags) {
         case SPOOLSS_FORM_USER:
         case SPOOLSS_FORM_BUILTIN:
@@ -8790,7 +8821,7 @@ done:
  WERROR _spoolss_SetForm(struct pipes_struct *p,
                         struct spoolss_SetForm *r)
  {
-       struct spoolss_AddFormInfo1 *form = r->in.info.info1;
+       struct spoolss_AddFormInfo1 *form;
         const char *form_name = r->in.form_name;
         int snum = -1;
         WERROR status = WERR_OK;
@@ -8817,6 +8848,15 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
                 return WERR_ACCESS_DENIED;
         }
  
+       if (r->in.info_ctr->level != 1) {
+               return WERR_INVALID_LEVEL;
+       }
+
+       form = r->in.info_ctr->info.info1;
+       if (!form) {
+               return WERR_INVALID_PARAM;
+       }
+
         tmp_ctx = talloc_new(p->mem_ctx);
         if (!tmp_ctx) {
                 return WERR_NOMEM;