Vista and setting printer ACLs

Martin Zielinski mz at
Wed Jan 31 12:12:51 GMT 2007

Hello gurus!

I'm using samba 2.0.23d.
When I try to set printer ACLs from vista, smbd crashes:

Program received signal SIGSEGV, Segmentation fault.
sec_desc_merge (ctx=0x324b48, new_sdb=0x0, old_sdb=0x2f29d0)
     at lib/secdesc.c:157
157     lib/secdesc.c: No such file or directory.
         in lib/secdesc.c
(gdb) bt
#0  sec_desc_merge (ctx=0x324b48, new_sdb=0x0, old_sdb=0x2f29d0)
     at lib/secdesc.c:157
#1  0x000de258 in update_printer_sec (handle=0xbffff874, level=0,
     info=0x2f29d0, p=0x36f2c8, secdesc_ctr=0x0)
     at rpc_server/srv_spoolss_nt.c:5903
#2  0x000df340 in _spoolss_setprinter (p=0x36f2c8, q_u=0x0, r_u=0x2f29d0)
     at rpc_server/srv_spoolss_nt.c:6349
#3  0x000d05bc in api_spoolss_setprinter (p=0x36f2c8)
     at rpc_server/srv_spoolss.c:609

The reason is, that Vista uses the PRINTER_INFO_3 struct to set the 
security descriptor.
XP - on the other hand - translates an SetPrinter(...) level 3 call into 
a level 2 call with the appropriate security descriptor.

The problem is the security pointer of the SPOOL_PRINTER_INFO_LEVEL_3, 
which is (at least in my test scenario) NULL!
In this case the SPOOL_Q_SETPRINTER q_u->secdesc_ctr is also NULL, wich 
is never checked therafter and causing the segfault.

Without really knowing, what i do, this diff fixes the problem. It 
assumed, that there *is* a security descriptor, although the pointer is 

--- samba-3.0.23d.orig/source/rpc_parse/parse_spoolss.c 2006-06-23 
15:16:52.000000000 +0200
+++ samba-3.0.23d/source/rpc_parse/parse_spoolss.c      2007-01-31 
12:53:41.000000000 +0100
@@ -3897,7 +3897,7 @@
-       if (ptr_sec_desc)
+       if ((q_u->level == 3 && !ptr_sec_desc) || ptr_sec_desc)
                 if (!sec_io_desc_buf(desc, &q_u->secdesc_ctr, ps, depth))
                         return False;




Martin Zielinski             mz at
Software Development
SEH Computertechnik GmbH

More information about the samba-technical mailing list