[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Nov 17 08:06:02 MST 2010
The branch, master has been updated
via 98612fe s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers with admin privileges.
via ee8c035 s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
via b432a3b s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
from 0a4b7bb s4-repl: removed the syncall_workaround code
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 98612fe79321ade72c23ca0c1d966a1c192ec977
Author: Günther Deschner <gd at samba.org>
Date: Mon Nov 15 12:22:52 2010 +0100
s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers
with admin privileges.
Guenther
Autobuild-User: Günther Deschner <gd at samba.org>
Autobuild-Date: Wed Nov 17 15:05:02 UTC 2010 on sn-devel-104
commit ee8c035c41c08e5ac599cf68214acd12712191fa
Author: Günther Deschner <gd at samba.org>
Date: Mon Nov 15 11:19:23 2010 +0100
s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
Guenther
commit b432a3ba194fdd8a12f5198cd6012d4916301da4
Author: Günther Deschner <gd at samba.org>
Date: Thu Nov 11 13:26:10 2010 +0100
s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
Guenther
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_spoolss_nt.c | 5 +++++
source3/rpcclient/cmd_spoolss.c | 9 +++++++++
2 files changed, 14 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index c0f953b..01b4a75 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1791,6 +1791,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!security_token_has_privilege(p->server_info->ptok, SEC_PRIV_PRINT_OPERATOR) &&
+ !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
@@ -1799,6 +1800,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
+ DEBUG(3,("access DENIED as user is not root, "
+ "has no printoperator privilege, "
+ "not a member of the printoperater builtin group and "
+ "is not in printer admin list"));
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 26112b9..1bb3a71 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -2902,6 +2902,15 @@ static WERROR cmd_spoolss_enum_data(struct rpc_pipe_client *cli,
&data_needed,
&result);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(result)) {
+ goto done;
+ }
+
data_offered = data_needed;
value_offered = value_needed;
data = talloc_zero_array(mem_ctx, uint8_t, data_needed);
--
Samba Shared Repository
More information about the samba-cvs
mailing list