[SCM] Samba Shared Repository - branch master updated
Günther Deschner
gd at samba.org
Wed Nov 20 02:20:06 MST 2013
The branch, master has been updated
via c776204 debug: remove unused sys_adminlog
via 024e691 printing: use DEBUG instead of sys_adminlog
via d9d8b83 printing: fix double space in debug statement
via a299de8 loadparm: use lp_printername ctx param instead of tos
via de42413 messaging: use local talloc ctx instead of talloc_tos
via 956a455 printing: return WERROR from print_access_check
from 2d91577 smbd: Fix a talloc hierarchy problem in msg_channel
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c7762042ba43567b331fd42aec6abd77744ff486
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Nov 20 00:31:27 2013 +0100
debug: remove unused sys_adminlog
printing.c was the last user of this syslog wrapper.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Nov 20 10:19:32 CET 2013 on sn-devel-104
commit 024e691d8568b983d09b636402bc45acb318b28d
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Nov 20 00:20:40 2013 +0100
printing: use DEBUG instead of sys_adminlog
sys_adminlog() is another syslog wrapper. Use DEBUG(0, ...) instead,
which offers the same syslog(LOG_ERR) behaviour.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit d9d8b837b6c57e97a9702aaa04c62077e319f415
Author: David Disseldorp <ddiss at samba.org>
Date: Sun Oct 20 21:18:23 2013 +0200
printing: fix double space in debug statement
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit a299de85ab6f1901a61d696522522496fb154434
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Oct 16 21:52:29 2013 +0200
loadparm: use lp_printername ctx param instead of tos
lp_printername() takes a TALLOC_CTX argument, but proceeds to use
talloc_tos() in a subsequent lp__printername call. Fix it to use the
parameter - most callers use talloc_tos() as the argument, the others
have a temporary context around.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit de424133653c00a2a95017be15a25cbb0b3c0524
Author: David Disseldorp <ddiss at samba.org>
Date: Wed Oct 16 18:31:17 2013 +0200
messaging: use local talloc ctx instead of talloc_tos
messaging_tdb_send() allocates a stackframe and stores it in a local
variable, subsequent allocations should use the variable instead of
calling talloc_tos().
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
commit 956a4552f2c66cfe61493de772b5986d95511135
Author: David Disseldorp <ddiss at samba.org>
Date: Thu Sep 26 13:24:15 2013 +0200
printing: return WERROR from print_access_check
print_access_check() currently returns a bool based on whether access is
granted or denied. Errno is set on failure, but none of the callers use
it.
This change converts print_access_check() to return a WERROR.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/includes.h | 3 -
source3/include/nt_printing.h | 6 +-
source3/lib/messages_local.c | 8 ++--
source3/lib/system.c | 25 ---------
source3/param/loadparm.c | 2 +-
source3/printing/nt_printing.c | 31 ++++-------
source3/printing/printing.c | 74 +++++++++++----------------
source3/rpc_server/spoolss/srv_spoolss_nt.c | 16 +++---
8 files changed, 58 insertions(+), 107 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/includes.h b/source3/include/includes.h
index 1b22a57..d18496a 100644
--- a/source3/include/includes.h
+++ b/source3/include/includes.h
@@ -457,9 +457,6 @@ int d_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2);
int d_fprintf(FILE *f, const char *, ...) PRINTF_ATTRIBUTE(2,3);
/* PRINTFLIKE2 */
-void sys_adminlog(int priority, const char *format_str, ...) PRINTF_ATTRIBUTE(2,3);
-
-/* PRINTFLIKE2 */
int fstr_sprintf(fstring s, const char *fmt, ...) PRINTF_ATTRIBUTE(2,3);
int smb_xvasprintf(char **ptr, const char *format, va_list ap) PRINTF_ATTRIBUTE(2,0);
diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
index 2a0e883..4af44d7 100644
--- a/source3/include/nt_printing.h
+++ b/source3/include/nt_printing.h
@@ -128,9 +128,9 @@ bool nt_printing_init(struct messaging_context *msg_ctx);
const char *get_short_archi(const char *long_archi);
-bool print_access_check(const struct auth_session_info *server_info,
- struct messaging_context *msg_ctx, int snum,
- int access_type);
+WERROR print_access_check(const struct auth_session_info *server_info,
+ struct messaging_context *msg_ctx, int snum,
+ int access_type);
WERROR nt_printer_guid_get(TALLOC_CTX *mem_ctx,
const struct auth_session_info *session_info,
diff --git a/source3/lib/messages_local.c b/source3/lib/messages_local.c
index 6b63d72..c74c0aa 100644
--- a/source3/lib/messages_local.c
+++ b/source3/lib/messages_local.c
@@ -191,7 +191,7 @@ static TDB_DATA message_key_pid(TALLOC_CTX *mem_ctx, struct server_id pid)
char *key;
TDB_DATA kbuf;
- key = talloc_asprintf(talloc_tos(), "PID/%s", procid_str_static(&pid));
+ key = talloc_asprintf(mem_ctx, "PID/%s", procid_str_static(&pid));
SMB_ASSERT(key != NULL);
@@ -387,7 +387,7 @@ static NTSTATUS messaging_tdb_send(struct messaging_context *msg_ctx,
return NT_STATUS_LOCK_NOT_GRANTED;
}
- status = messaging_tdb_fetch(tdb->tdb, key, talloc_tos(), &msg_array);
+ status = messaging_tdb_fetch(tdb->tdb, key, frame, &msg_array);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -401,7 +401,7 @@ static NTSTATUS messaging_tdb_send(struct messaging_context *msg_ctx,
goto done;
}
- if (!(rec = talloc_realloc(talloc_tos(), msg_array->messages,
+ if (!(rec = talloc_realloc(frame, msg_array->messages,
struct messaging_rec,
msg_array->num_messages+1))) {
status = NT_STATUS_NO_MEMORY;
@@ -428,7 +428,7 @@ static NTSTATUS messaging_tdb_send(struct messaging_context *msg_ctx,
if (NT_STATUS_EQUAL(status, NT_STATUS_INVALID_HANDLE)) {
DEBUG(2, ("pid %s doesn't exist - deleting messages record\n",
procid_str_static(&pid)));
- tdb_delete(tdb->tdb, message_key_pid(talloc_tos(), pid));
+ tdb_delete(tdb->tdb, message_key_pid(frame, pid));
}
done:
diff --git a/source3/lib/system.c b/source3/lib/system.c
index 8252e4f..f251290 100644
--- a/source3/lib/system.c
+++ b/source3/lib/system.c
@@ -1305,31 +1305,6 @@ int sys_pclose(int fd)
return wstatus;
}
-/**************************************************************************
- Wrapper for Admin Logs.
-****************************************************************************/
-
- void sys_adminlog(int priority, const char *format_str, ...)
-{
- va_list ap;
- int ret;
- char *msgbuf = NULL;
-
- va_start( ap, format_str );
- ret = vasprintf( &msgbuf, format_str, ap );
- va_end( ap );
-
- if (ret == -1)
- return;
-
-#if defined(HAVE_SYSLOG)
- syslog( priority, "%s", msgbuf );
-#else
- DEBUG(0,("%s", msgbuf ));
-#endif
- SAFE_FREE(msgbuf);
-}
-
/****************************************************************************
Return the major devicenumber for UNIX extensions.
****************************************************************************/
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index d3fb839..1396a34 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -5274,7 +5274,7 @@ void lp_copy_service(int snum, const char *new_name)
const char *lp_printername(TALLOC_CTX *ctx, int snum)
{
- const char *ret = lp__printername(talloc_tos(), snum);
+ const char *ret = lp__printername(ctx, snum);
if (ret == NULL || *ret == '\0') {
ret = lp_const_servicename(snum);
}
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 7a1f365..73c4cf7 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1765,9 +1765,9 @@ void map_job_permissions(struct security_descriptor *sd)
3) "printer admins" (may result in numerous calls to winbind)
****************************************************************************/
-bool print_access_check(const struct auth_session_info *session_info,
- struct messaging_context *msg_ctx, int snum,
- int access_type)
+WERROR print_access_check(const struct auth_session_info *session_info,
+ struct messaging_context *msg_ctx, int snum,
+ int access_type)
{
struct spoolss_security_descriptor *secdesc = NULL;
uint32 access_granted;
@@ -1781,9 +1781,10 @@ bool print_access_check(const struct auth_session_info *session_info,
/* Always allow root or SE_PRINT_OPERATROR to do anything */
- if (session_info->unix_token->uid == sec_initial_uid()
- || security_token_has_privilege(session_info->security_token, SEC_PRIV_PRINT_OPERATOR)) {
- return True;
+ if ((session_info->unix_token->uid == sec_initial_uid())
+ || security_token_has_privilege(session_info->security_token,
+ SEC_PRIV_PRINT_OPERATOR)) {
+ return WERR_OK;
}
/* Get printer name */
@@ -1791,15 +1792,13 @@ bool print_access_check(const struct auth_session_info *session_info,
pname = lp_printername(talloc_tos(), snum);
if (!pname || !*pname) {
- errno = EACCES;
- return False;
+ return WERR_ACCESS_DENIED;
}
/* Get printer security descriptor */
if(!(mem_ctx = talloc_init("print_access_check"))) {
- errno = ENOMEM;
- return False;
+ return WERR_NOMEM;
}
result = winreg_get_printer_secdesc_internal(mem_ctx,
@@ -1809,8 +1808,7 @@ bool print_access_check(const struct auth_session_info *session_info,
&secdesc);
if (!W_ERROR_IS_OK(result)) {
talloc_destroy(mem_ctx);
- errno = ENOMEM;
- return False;
+ return WERR_NOMEM;
}
if (access_type == JOB_ACCESS_ADMINISTER) {
@@ -1828,8 +1826,7 @@ bool print_access_check(const struct auth_session_info *session_info,
false);
if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
- errno = map_errno_from_nt_status(status);
- return False;
+ return ntstatus_to_werror(status);
}
map_job_permissions(secdesc);
@@ -1845,11 +1842,7 @@ bool print_access_check(const struct auth_session_info *session_info,
talloc_destroy(mem_ctx);
- if (!NT_STATUS_IS_OK(status)) {
- errno = EACCES;
- }
-
- return NT_STATUS_IS_OK(status);
+ return ntstatus_to_werror(status);
}
/****************************************************************************
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index b126bd5..ea93f74 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1155,7 +1155,7 @@ static void set_updating_pid(const fstring sharename, bool updating)
slprintf(keystr, sizeof(keystr)-1, "UPDATING/%s", sharename);
key = string_tdb_data(keystr);
- DEBUG(5, ("set_updating_pid: %s updating lpq cache for print share %s\n",
+ DEBUG(5, ("set_updating_pid: %supdating lpq cache for print share %s\n",
updating ? "" : "not ",
sharename ));
@@ -2226,17 +2226,12 @@ WERROR print_job_delete(const struct auth_session_info *server_info,
owns their job. */
if (!owner &&
- !print_access_check(server_info, msg_ctx, snum,
- JOB_ACCESS_ADMINISTER)) {
- DEBUG(3, ("delete denied by security descriptor\n"));
-
- /* BEGIN_ADMIN_LOG */
- sys_adminlog( LOG_ERR,
- "Permission denied-- user not allowed to delete, \
-pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->unix_token->uid),
- lp_printername(talloc_tos(), snum) );
- /* END_ADMIN_LOG */
+ !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ JOB_ACCESS_ADMINISTER))) {
+ DEBUG(0, ("print job delete denied."
+ "User name: %s, Printer name: %s.",
+ uidtoname(server_info->unix_token->uid),
+ lp_printername(tmp_ctx, snum)));
werr = WERR_ACCESS_DENIED;
goto err_out;
@@ -2316,17 +2311,12 @@ WERROR print_job_pause(const struct auth_session_info *server_info,
}
if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
- !print_access_check(server_info, msg_ctx, snum,
- JOB_ACCESS_ADMINISTER)) {
- DEBUG(3, ("pause denied by security descriptor\n"));
-
- /* BEGIN_ADMIN_LOG */
- sys_adminlog( LOG_ERR,
- "Permission denied-- user not allowed to delete, \
-pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->unix_token->uid),
- lp_printername(talloc_tos(), snum) );
- /* END_ADMIN_LOG */
+ !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ JOB_ACCESS_ADMINISTER))) {
+ DEBUG(0, ("print job pause denied."
+ "User name: %s, Printer name: %s.",
+ uidtoname(server_info->unix_token->uid),
+ lp_printername(tmp_ctx, snum)));
werr = WERR_ACCESS_DENIED;
goto err_out;
@@ -2388,17 +2378,13 @@ WERROR print_job_resume(const struct auth_session_info *server_info,
}
if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
- !print_access_check(server_info, msg_ctx, snum,
- JOB_ACCESS_ADMINISTER)) {
- DEBUG(3, ("resume denied by security descriptor\n"));
-
- /* BEGIN_ADMIN_LOG */
- sys_adminlog( LOG_ERR,
- "Permission denied-- user not allowed to delete, \
-pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(server_info->unix_token->uid),
- lp_printername(talloc_tos(), snum) );
- /* END_ADMIN_LOG */
+ !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ JOB_ACCESS_ADMINISTER))) {
+ DEBUG(0, ("print job resume denied."
+ "User name: %s, Printer name: %s.",
+ uidtoname(server_info->unix_token->uid),
+ lp_printername(tmp_ctx, snum)));
+
werr = WERR_ACCESS_DENIED;
goto err_out;
}
@@ -2654,8 +2640,8 @@ static WERROR print_job_checks(const struct auth_session_info *server_info,
uint64_t minspace;
int ret;
- if (!print_access_check(server_info, msg_ctx, snum,
- PRINTER_ACCESS_USE)) {
+ if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ PRINTER_ACCESS_USE))) {
DEBUG(3, ("print_job_checks: "
"job start denied by security descriptor\n"));
return WERR_ACCESS_DENIED;
@@ -3285,8 +3271,8 @@ WERROR print_queue_pause(const struct auth_session_info *server_info,
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(server_info, msg_ctx, snum,
- PRINTER_ACCESS_ADMINISTER)) {
+ if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ PRINTER_ACCESS_ADMINISTER))) {
return WERR_ACCESS_DENIED;
}
@@ -3322,8 +3308,8 @@ WERROR print_queue_resume(const struct auth_session_info *server_info,
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(server_info, msg_ctx, snum,
- PRINTER_ACCESS_ADMINISTER)) {
+ if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum,
+ PRINTER_ACCESS_ADMINISTER))) {
return WERR_ACCESS_DENIED;
}
@@ -3364,10 +3350,10 @@ WERROR print_queue_purge(const struct auth_session_info *server_info,
/* Force and update so the count is accurate (i.e. not a cached count) */
print_queue_update(msg_ctx, snum, True);
- can_job_admin = print_access_check(server_info,
- msg_ctx,
- snum,
- JOB_ACCESS_ADMINISTER);
+ can_job_admin = W_ERROR_IS_OK(print_access_check(server_info,
+ msg_ctx,
+ snum,
+ JOB_ACCESS_ADMINISTER));
njobs = print_queue_status(msg_ctx, snum, &queue, &status);
if ( can_job_admin )
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index a6201d4..7154cb4 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1897,10 +1897,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL,
p->session_info->security_token, snum) ||
- !print_access_check(p->session_info,
- p->msg_ctx,
- snum,
- r->in.access_mask)) {
+ !W_ERROR_IS_OK(print_access_check(p->session_info,
+ p->msg_ctx,
+ snum,
+ r->in.access_mask))) {
DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
@@ -8153,10 +8153,10 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
}
/* you must be a printer admin to add a new printer */
- if (!print_access_check(p->session_info,
- p->msg_ctx,
- snum,
- PRINTER_ACCESS_ADMINISTER)) {
+ if (!W_ERROR_IS_OK(print_access_check(p->session_info,
+ p->msg_ctx,
+ snum,
+ PRINTER_ACCESS_ADMINISTER))) {
return WERR_ACCESS_DENIED;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list