[SCM] Samba Shared Repository - branch master updated

Wed Nov 17 08:06:02 MST 2010

The branch, master has been updated
       via  98612fe s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers with admin privileges.
       via  ee8c035 s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
       via  b432a3b s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
      from  0a4b7bb s4-repl: removed the syncall_workaround code

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 98612fe79321ade72c23ca0c1d966a1c192ec977
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Nov 15 12:22:52 2010 +0100

    s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers
    with admin privileges.
    
    Guenther
    
    Autobuild-User: GÃ¼nther Deschner <gd at samba.org>
    Autobuild-Date: Wed Nov 17 15:05:02 UTC 2010 on sn-devel-104

commit ee8c035c41c08e5ac599cf68214acd12712191fa
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Mon Nov 15 11:19:23 2010 +0100

    s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
    
    Guenther

commit b432a3ba194fdd8a12f5198cd6012d4916301da4
Author: GÃ¼nther Deschner <gd at samba.org>
Date:   Thu Nov 11 13:26:10 2010 +0100

    s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_spoolss_nt.c |    5 +++++
 source3/rpcclient/cmd_spoolss.c     |    9 +++++++++
 2 files changed, 14 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index c0f953b..01b4a75 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1791,6 +1791,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 
 			if ((p->server_info->utok.uid != sec_initial_uid()) &&
 			    !security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+			    !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) &&
 			    !token_contains_name_in_list(
 				    uidtoname(p->server_info->utok.uid),
 				    p->server_info->info3->base.domain.string,
@@ -1799,6 +1800,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 				    lp_printer_admin(snum))) {
 				close_printer_handle(p, r->out.handle);
 				ZERO_STRUCTP(r->out.handle);
+				DEBUG(3,("access DENIED as user is not root, "
+					"has no printoperator privilege, "
+					"not a member of the printoperater builtin group and "
+					"is not in printer admin list"));
 				return WERR_ACCESS_DENIED;
 			}
 
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 26112b9..1bb3a71 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -2902,6 +2902,15 @@ static WERROR cmd_spoolss_enum_data(struct rpc_pipe_client *cli,
 						&data_needed,
 						&result);
 
+	if (!NT_STATUS_IS_OK(status)) {
+		result = ntstatus_to_werror(status);
+		goto done;
+	}
+
+	if (!W_ERROR_IS_OK(result)) {
+		goto done;
+	}
+
 	data_offered	= data_needed;
 	value_offered	= value_needed;
 	data		= talloc_zero_array(mem_ctx, uint8_t, data_needed);


-- 
Samba Shared Repository
