[SCM] Samba Shared Repository - branch v3-6-test updated

Jeremy Allison jra at samba.org
Thu Nov 18 12:31:35 MST 2010 

The branch, v3-6-test has been updated
       via  0c15472 s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers with admin privileges.
       via  b8f27f9 s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
       via  bb1acb2 s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
      from  074e490 net: Add and fix some German translation

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test


- Log -----------------------------------------------------------------
commit 0c154720ef033fb946e8f4de6fb70a6c7c922f5b
Author: Günther Deschner <gd at samba.org>
Date:   Thu Nov 18 11:31:13 2010 -0800

    s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers
    with admin privileges.
    
    Guenther

commit b8f27f99d20d5395006c8ca5aaffdda7632cac23
Author: Günther Deschner <gd at samba.org>
Date:   Mon Nov 15 11:19:23 2010 +0100

    s3-spoolss: add debug statement for access denied cases in OpenPrinterEx path.
    
    Guenther
    (cherry picked from commit ee8c035c41c08e5ac599cf68214acd12712191fa)

commit bb1acb24ae66f046816a149144d6b7375b72fbf8
Author: Günther Deschner <gd at samba.org>
Date:   Thu Nov 11 13:26:10 2010 +0100

    s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
    
    Guenther
    (cherry picked from commit b432a3ba194fdd8a12f5198cd6012d4916301da4)

-----------------------------------------------------------------------

Summary of changes:
 source3/rpc_server/srv_spoolss_nt.c |    5 +++++
 source3/rpcclient/cmd_spoolss.c     |    9 +++++++++
 2 files changed, 14 insertions(+), 0 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 262f4a3..c1f72db 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1618,6 +1618,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 			if ((p->server_info->utok.uid != sec_initial_uid()) &&
 			    !user_has_privileges(p->server_info->ptok,
 						 &se_printop ) &&
+			    !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok) &&
 			    !token_contains_name_in_list(
 				    uidtoname(p->server_info->utok.uid),
 				    p->server_info->info3->base.domain.string,
@@ -1626,6 +1627,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 				    lp_printer_admin(snum))) {
 				close_printer_handle(p, r->out.handle);
 				ZERO_STRUCTP(r->out.handle);
+				DEBUG(3,("access DENIED as user is not root, "
+					"has no printoperator privilege, "
+					"not a member of the printoperater builtin group and "
+					"is not in printer admin list"));
 				return WERR_ACCESS_DENIED;
 			}
 
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 0cfceec..78a72d3 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -2857,6 +2857,15 @@ static WERROR cmd_spoolss_enum_data(struct rpc_pipe_client *cli,
 						&data_needed,
 						&result);
 
+	if (!NT_STATUS_IS_OK(status)) {
+		result = ntstatus_to_werror(status);
+		goto done;
+	}
+
+	if (!W_ERROR_IS_OK(result)) {
+		goto done;
+	}
+
 	data_offered	= data_needed;
 	value_offered	= value_needed;
 	data		= talloc_zero_array(mem_ctx, uint8_t, data_needed);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list