[patch] nt_printing.c

Andrew Bartlett abartlet at samba.org
Mon Oct 13 09:26:01 GMT 2003 

On Mon, 2003-10-13 at 18:36, Jeff Chua wrote:
> The patch below fixes smbd to allow printer drivers to be uploaded to the
> samba server.
> 
> It removes the "become_user" call that caused the id to change to
> guest instead of staying as root in order to write to root's "printer"
> directory.

This is incorrect.  The user you connect with needs write access to that
directory.

> I tested it, and hope this is the correct way to fix it.

No, it isn't - it creates a security hole.  When at all possible, we
perform actions as the user, this ensures we don't override the
administrators intent.

> I've created two simple addprinter and delprinter scripts and if you're
> interested, let me know.
> 
> Thanks,
> Jeff
> 
> 
> Problem ...
> 
>  [2003/10/13 16:21:41, 0]
> printing/nt_printing.c:move_driver_to_download_area(1477)
>   move_driver_to_download_area: Unable to rename [W32X86/UNIDRV.DLL] to
> [W32X86/3/UNIDRV.DLL]
> [2003/10/13 16:21:41, 1] smbd/service.c:close_cnum(887)
> 
> 
> Fix ...
> 
> --- samba-3.0.1pre1/source/printing/nt_printing.c.org	Mon Oct 13 09:09:32 2003
> +++ samba-3.0.1pre1/source/printing/nt_printing.c	Mon Oct 13 15:49:39 2003
> @@ -1420,9 +1420,7 @@
> 
>  	null_pw = data_blob(NULL, 0);
>  	fstrcpy(res_type, "A:");
> -	become_root();
>  	conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status);
> -	unbecome_root();
> 
>  	if (conn == NULL) {
>  		DEBUG(0,("move_driver_to_download_area: Unable to connect\n"));
> @@ -1434,10 +1434,6 @@
>  	 * Save who we are - we are temporarily becoming the connection user.
>  	 */
> 
> -	if (!become_user(conn, conn->vuid)) {
> -		DEBUG(0,("move_driver_to_download_area: Can't become user!\n"));
> -		return False;
> -	}
> 
>  	/*
>  	 * make the directories version and version\driver_name
> @@ -1581,7 +1587,6 @@
>  	}
> 
>  	close_cnum(conn, user->vuid);
> -	unbecome_user();
> 
>  	return ver == -1 ? False : True;
>  }
-- 
Andrew Bartlett                                 abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team  abartlet at samba.org
Student Network Administrator, Hawker College   abartlet at hawkerc.net
http://samba.org     http://build.samba.org     http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031013/03ffbc21/attachment.bin

More information about the samba-technical mailing list