[patch] nt_printing.c
Andrew Bartlett
abartlet at samba.org
Mon Oct 13 09:26:01 GMT 2003
On Mon, 2003-10-13 at 18:36, Jeff Chua wrote:
> The patch below fixes smbd to allow printer drivers to be uploaded to the
> samba server.
>
> It removes the "become_user" call that caused the id to change to
> guest instead of staying as root in order to write to root's "printer"
> directory.
This is incorrect. The user you connect with needs write access to that
directory.
> I tested it, and hope this is the correct way to fix it.
No, it isn't - it creates a security hole. When at all possible, we
perform actions as the user, this ensures we don't override the
administrators intent.
> I've created two simple addprinter and delprinter scripts and if you're
> interested, let me know.
>
> Thanks,
> Jeff
>
>
> Problem ...
>
> [2003/10/13 16:21:41, 0]
> printing/nt_printing.c:move_driver_to_download_area(1477)
> move_driver_to_download_area: Unable to rename [W32X86/UNIDRV.DLL] to
> [W32X86/3/UNIDRV.DLL]
> [2003/10/13 16:21:41, 1] smbd/service.c:close_cnum(887)
>
>
> Fix ...
>
> --- samba-3.0.1pre1/source/printing/nt_printing.c.org Mon Oct 13 09:09:32 2003
> +++ samba-3.0.1pre1/source/printing/nt_printing.c Mon Oct 13 15:49:39 2003
> @@ -1420,9 +1420,7 @@
>
> null_pw = data_blob(NULL, 0);
> fstrcpy(res_type, "A:");
> - become_root();
> conn = make_connection_with_chdir("print$", null_pw, res_type, user->vuid, &nt_status);
> - unbecome_root();
>
> if (conn == NULL) {
> DEBUG(0,("move_driver_to_download_area: Unable to connect\n"));
> @@ -1434,10 +1434,6 @@
> * Save who we are - we are temporarily becoming the connection user.
> */
>
> - if (!become_user(conn, conn->vuid)) {
> - DEBUG(0,("move_driver_to_download_area: Can't become user!\n"));
> - return False;
> - }
>
> /*
> * make the directories version and version\driver_name
> @@ -1581,7 +1587,6 @@
> }
>
> close_cnum(conn, user->vuid);
> - unbecome_user();
>
> return ver == -1 ? False : True;
> }
--
Andrew Bartlett abartlet at pcug.org.au
Manager, Authentication Subsystems, Samba Team abartlet at samba.org
Student Network Administrator, Hawker College abartlet at hawkerc.net
http://samba.org http://build.samba.org http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20031013/03ffbc21/attachment.bin
More information about the samba-technical
mailing list