diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl index 8e2564b758a..29aee27b52c 100644 --- a/librpc/idl/spoolss.idl +++ b/librpc/idl/spoolss.idl @@ -2072,8 +2072,7 @@ cpp_quote("#define spoolss_security_descriptor security_descriptor") WERROR spoolss_SetForm( [in,ref] policy_handle *handle, [in] [string,charset(UTF16)] uint16 form_name[], - [in] uint32 level, - [in,switch_is(level)] spoolss_AddFormInfo info + [in,ref] spoolss_AddFormInfoCtr *info_ctr ); /******************/ diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index b4f1bec15e0..6d756bdf367 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -8799,7 +8799,7 @@ done: WERROR _spoolss_SetForm(struct pipes_struct *p, struct spoolss_SetForm *r) { - struct spoolss_AddFormInfo1 *form = r->in.info.info1; + struct spoolss_AddFormInfo1 *form; const char *form_name = r->in.form_name; int snum = -1; WERROR status = WERR_OK; @@ -8826,6 +8826,15 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, return WERR_ACCESS_DENIED; } + if (r->in.info_ctr->level != 1) { + return WERR_INVALID_LEVEL; + } + + form = r->in.info_ctr->info.info1; + if (!form) { + return WERR_INVALID_PARAM; + } + tmp_ctx = talloc_new(p->mem_ctx); if (!tmp_ctx) { return WERR_NOMEM; diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c index 4e5da2a3aef..ced224b4d73 100644 --- a/source3/rpcclient/cmd_spoolss.c +++ b/source3/rpcclient/cmd_spoolss.c @@ -2203,7 +2203,7 @@ static WERROR cmd_spoolss_setform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c WERROR werror; NTSTATUS status; const char *printername; - union spoolss_AddFormInfo info; + struct spoolss_AddFormInfoCtr info_ctr; struct spoolss_AddFormInfo1 info1; struct dcerpc_binding_handle *b = cli->binding_handle; @@ -2236,15 +2236,15 @@ static WERROR cmd_spoolss_setform(struct rpc_pipe_client *cli, TALLOC_CTX *mem_c info1.area.bottom = 3000; info1.form_name = argv[2]; - info.info1 = &info1; + info_ctr.info.info1 = &info1; + info_ctr.level = 1; /* Set the form */ status = dcerpc_spoolss_SetForm(b, mem_ctx, &handle, argv[2], - 1, - info, + &info_ctr, &werror); if (!NT_STATUS_IS_OK(status)) { werror = ntstatus_to_werror(status); diff --git a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c index d8bb754bd7a..fe81a0fec72 100644 --- a/source4/ntptr/simple_ldb/ntptr_simple_ldb.c +++ b/source4/ntptr/simple_ldb/ntptr_simple_ldb.c @@ -383,16 +383,16 @@ static WERROR sptr_SetPrintServerForm(struct ntptr_GenericHandle *server, TALLOC * } */ - switch (r->in.level) { + switch (r->in.info_ctr->level) { case 1: - if (!r->in.info.info1) { + if (!r->in.info_ctr->info.info1) { return WERR_FOOBAR; } count = sptr_db_search(sptr_db, mem_ctx, ldb_dn_new(mem_ctx, sptr_db, "CN=Forms,CN=PrintServer"), &msgs, attrs, "(&(form-name=%s)(objectClass=form))", - r->in.info.info1->form_name); + r->in.info_ctr->info.info1->form_name); if (count == 0) return WERR_FOOBAR; if (count > 1) return WERR_FOOBAR; @@ -409,17 +409,17 @@ static WERROR sptr_SetPrintServerForm(struct ntptr_GenericHandle *server, TALLOC /* add core elements to the ldb_message for the user */ msg->dn = msgs[0]->dn; - SET_UINT(sptr_db, msg, "flags", r->in.info.info1->flags); + SET_UINT(sptr_db, msg, "flags", r->in.info_ctr->info.info1->flags); - SET_STRING(sptr_db, msg, "form-name", r->in.info.info1->form_name); + SET_STRING(sptr_db, msg, "form-name", r->in.info_ctr->info.info1->form_name); - SET_UINT(sptr_db, msg, "size-width", r->in.info.info1->size.width); - SET_UINT(sptr_db, msg, "size-height", r->in.info.info1->size.height); + SET_UINT(sptr_db, msg, "size-width", r->in.info_ctr->info.info1->size.width); + SET_UINT(sptr_db, msg, "size-height", r->in.info_ctr->info.info1->size.height); - SET_UINT(sptr_db, msg, "area-left", r->in.info.info1->area.left); - SET_UINT(sptr_db, msg, "area-top", r->in.info.info1->area.top); - SET_UINT(sptr_db, msg, "area-right", r->in.info.info1->area.right); - SET_UINT(sptr_db, msg, "area-bottom", r->in.info.info1->area.bottom); + SET_UINT(sptr_db, msg, "area-left", r->in.info_ctr->info.info1->area.left); + SET_UINT(sptr_db, msg, "area-top", r->in.info_ctr->info.info1->area.top); + SET_UINT(sptr_db, msg, "area-right", r->in.info_ctr->info.info1->area.right); + SET_UINT(sptr_db, msg, "area-bottom", r->in.info_ctr->info.info1->area.bottom); break; default: return WERR_UNKNOWN_LEVEL; diff --git a/source4/torture/rpc/spoolss.c b/source4/torture/rpc/spoolss.c index 25625829f4d..d13a11dc870 100644 --- a/source4/torture/rpc/spoolss.c +++ b/source4/torture/rpc/spoolss.c @@ -2713,14 +2713,17 @@ static bool test_SetForm(struct torture_context *tctx, union spoolss_AddFormInfo *info) { struct spoolss_SetForm r; + struct spoolss_AddFormInfoCtr info_ctr; + + info_ctr.level = level; + info_ctr.info = *info; r.in.handle = handle; r.in.form_name = form_name; - r.in.level = level; - r.in.info = *info; + r.in.info_ctr = &info_ctr; torture_comment(tctx, "Testing SetForm(%s) level %d\n", - form_name, r.in.level); + form_name, level); torture_assert_ntstatus_ok(tctx, dcerpc_spoolss_SetForm_r(b, tctx, &r), "SetForm failed");