[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Jun 16 04:15:46 MDT 2010
The branch, master has been updated
via bd4bbd9... pidl: make sure to fill in cli->pipes_struct->hdr_req.opnum in s3 server dispatch tables.
via 439e759... s3-lanman: Fix return code for "" printqname in api_DosPrintQGetInfo().
via 1a86532... s4-smbtorture: test smbcli_rap_netprintqgetinfo() with "" printqname.
via 1f1c040... s4-smbtorture: only pull info when status code indicates success in smbcli_rap_netprintqgetinfo().
via 14f2525... s3-printing: add BUILTIN\Print Operators as FULL CONTROL to default sd.
from 47ae4a5... s3-spoolss: Provide a memory context for clean_up_driver_struct().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bd4bbd9bebc21da232d6a9ed53814eecda2163f3
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 16 12:07:43 2010 +0200
pidl: make sure to fill in cli->pipes_struct->hdr_req.opnum in s3 server dispatch tables.
Guenther
commit 439e7590c920ebdf70e74e15483a3c1e3500331b
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 16 11:04:34 2010 +0200
s3-lanman: Fix return code for "" printqname in api_DosPrintQGetInfo().
Guenther
commit 1a86532fce51ec2f46b1e8abb1c1838e6793b76b
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 16 11:04:12 2010 +0200
s4-smbtorture: test smbcli_rap_netprintqgetinfo() with "" printqname.
Guenther
commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa
Author: Günther Deschner <gd at samba.org>
Date: Wed Jun 16 11:03:31 2010 +0200
s4-smbtorture: only pull info when status code indicates success in smbcli_rap_netprintqgetinfo().
Guenther
commit 14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2
Author: Günther Deschner <gd at samba.org>
Date: Fri Jun 11 11:24:06 2010 +0200
s3-printing: add BUILTIN\Print Operators as FULL CONTROL to default sd.
Guenther
-----------------------------------------------------------------------
Summary of changes:
pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm | 3 +++
source3/auth/auth_winbind.c | 14 +++++++++++---
source3/printing/nt_printing.c | 24 ++++++++++++++++++++++--
source3/smbd/lanman.c | 5 +++++
source4/torture/rap/printing.c | 8 ++++++++
source4/torture/rap/rap.c | 8 +++++---
6 files changed, 54 insertions(+), 8 deletions(-)
Changeset truncated at 500 lines:
diff --git a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
index f4dbe18..0fdc89b 100644
--- a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
+++ b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
@@ -234,6 +234,9 @@ sub ParseDispatchFunction($)
pidl "\treturn NT_STATUS_INVALID_PARAMETER;";
pidl "}";
pidl "";
+ pidl "/* set opnum in fake rpc header */";
+ pidl "cli->pipes_struct->hdr_req.opnum = opnum;";
+ pidl "";
pidl "switch (opnum)";
pidl "{";
indent;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index beaba7d..b111a2a 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -43,7 +43,7 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
return NT_STATUS_INVALID_PARAMETER;
}
- DEBUG(10, ("Check auth for: [%s]", user_info->mapped.account_name));
+ DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
if (!auth_context) {
DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n",
@@ -73,9 +73,17 @@ static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
sizeof(params.password.response.challenge));
params.password.response.nt_length = user_info->nt_resp.length;
- params.password.response.nt_data = user_info->nt_resp.data;
+ if (params.password.response.nt_length) {
+ params.password.response.nt_data = user_info->nt_resp.data;
+ } else {
+ params.password.response.nt_data = NULL;
+ }
params.password.response.lm_length = user_info->lm_resp.length;
- params.password.response.lm_data = user_info->lm_resp.data;
+ if (params.password.response.lm_length) {
+ params.password.response.lm_data = user_info->lm_resp.data;
+ } else {
+ params.password.response.lm_data = NULL;
+ }
/* we are contacting the privileged pipe */
become_root();
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 434311d..657db56 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2630,7 +2630,7 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX *mem_ctx,
WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
struct spoolss_security_descriptor **secdesc)
{
- struct security_ace ace[5]; /* max number of ace entries */
+ struct security_ace ace[7]; /* max number of ace entries */
int i = 0;
uint32_t sa;
struct security_acl *psa = NULL;
@@ -2680,6 +2680,16 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+ /* add BUILTIN\Print Operators as FULL CONTROL */
+
+ sa = PRINTER_ACE_FULL_CONTROL;
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
+ SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
/* Make the security descriptor owned by the BUILTIN\Administrators */
/* The ACL revision number in rpc_secdesc.h differs from the one
@@ -5317,7 +5327,7 @@ WERROR nt_printing_setsec(const char *sharename, struct sec_desc_buf *secdesc_ct
static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx)
{
- struct security_ace ace[5]; /* max number of ace entries */
+ struct security_ace ace[7]; /* max number of ace entries */
int i = 0;
uint32_t sa;
struct security_acl *psa = NULL;
@@ -5368,6 +5378,16 @@ static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx)
SEC_ACE_TYPE_ACCESS_ALLOWED,
sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+ /* add BUILTIN\Print Operators as FULL CONTROL */
+
+ sa = PRINTER_ACE_FULL_CONTROL;
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
+ SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
+ init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
/* Make the security descriptor owned by the BUILTIN\Administrators */
/* The ACL revision number in rpc_secdesc.h differs from the one
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 8c26262..72d488e 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -819,6 +819,11 @@ static bool api_DosPrintQGetInfo(struct smbd_server_connection *sconn,
ZERO_STRUCT(handle);
+ if (QueueName == NULL || (strlen(QueueName) < 1)) {
+ desc.errcode = W_ERROR_V(WERR_INVALID_PARAM);
+ goto out;
+ }
+
status = rpc_connect_spoolss_pipe(conn, &cli);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("api_DosPrintQGetInfo: could not connect to spoolss: %s\n",
diff --git a/source4/torture/rap/printing.c b/source4/torture/rap/printing.c
index a143017..4f10606 100644
--- a/source4/torture/rap/printing.c
+++ b/source4/torture/rap/printing.c
@@ -120,6 +120,14 @@ static bool test_netprintqgetinfo(struct torture_context *tctx,
int i, p;
uint16_t levels[] = { 0, 1, 2, 3, 4, 5 };
+ r.in.level = 0;
+ r.in.bufsize = 0;
+ r.in.PrintQueueName = "";
+
+ torture_assert_ntstatus_ok(tctx,
+ smbcli_rap_netprintqgetinfo(cli->tree, tctx, &r),
+ "smbcli_rap_netprintqgetinfo failed");
+
r_enum.in.level = 5;
r_enum.in.bufsize = 8192;
diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c
index 33d6715..34036f0 100644
--- a/source4/torture/rap/rap.c
+++ b/source4/torture/rap/rap.c
@@ -719,10 +719,12 @@ NTSTATUS smbcli_rap_netprintqgetinfo(struct smbcli_tree *tree,
NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.convert));
NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, &r->out.available));
- call->ndr_pull_data->relative_rap_convert = r->out.convert;
+ if (r->out.status == 0) {
+ call->ndr_pull_data->relative_rap_convert = r->out.convert;
- NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
- NDR_GOTO(ndr_pull_rap_printq_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+ NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, r->in.level));
+ NDR_GOTO(ndr_pull_rap_printq_info(call->ndr_pull_data, NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+ }
if (DEBUGLEVEL >= 10) {
NDR_PRINT_OUT_DEBUG(rap_NetPrintQGetInfo, r);
--
Samba Shared Repository
More information about the samba-cvs
mailing list