BUG in enumprinterdataex

Thomas Bork tombork at web.de
Sun Feb 4 22:13:32 GMT 2007 

Martin wrote:

>> I've attached a proposed fix - can you test it for me
>> before Monday (I don't have my Vista test env set up
>> at home yet).
>>
>> Jeremy.
> This is exactly what I did, after I received the error during printer 
> installation from Samba with vista (with my first diff).
> I can affirm, that
> 
> 1) this works for the printer connection under Vista.
> 2) XP is able to enumerate the printer registry with this fix.
> 
> 
> But I can do more testing not until I'm back at work on Monday. I've no 
> private license of Vista.

The 2 changes in srv_spoolss_nt.c leading to an 'access DENIED for 
printer open' with existing printers and XP as client if opening the 
printer in the network neighborhood:

[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5241)
   secdesc_ctr for repr1 has 5 aces:
[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5250)
   S-1-1-0 0 2 0x20020008
[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5250)
   S-1-5-21-1636569278-2151323032-2062914382-512 0 9 0x100f000c
[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5250)
   S-1-5-21-1636569278-2151323032-2062914382-512 0 2 0x100f000c
[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5250)
   S-1-5-32-544 0 9 0x100f000c
[2007/02/04 23:01:51, 10] printing/nt_printing.c:nt_printing_getsec(5250)
   S-1-5-32-544 0 2 0x100f000c
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_map_generic(176)
   se_map_generic(): mapped mask 0x20020008 to 0x00020008
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_map_generic(176)
   se_map_generic(): mapped mask 0x100f000c to 0x000f000c
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_map_generic(176)
   se_map_generic(): mapped mask 0x100f000c to 0x000f000c
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_map_generic(176)
   se_map_generic(): mapped mask 0x100f000c to 0x000f000c
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_map_generic(176)
   se_map_generic(): mapped mask 0x100f000c to 0x000f000c
[2007/02/04 23:01:51, 10] lib/util_seaccess.c:se_access_check(233)
   se_access_check: requested access 0x000f000c, for NT token with 6 
entries and first sid S-1-5-21-1636569278-2151323032-2062914382-5002.
[2007/02/04 23:01:51, 3] lib/util_seaccess.c:se_access_check(250)
[2007/02/04 23:01:51, 3] lib/util_seaccess.c:se_access_check(251)
   se_access_check: user sid is 
S-1-5-21-1636569278-2151323032-2062914382-5002
   se_access_check: also S-1-5-21-1636569278-2151323032-2062914382-513
   se_access_check: also S-1-1-0
   se_access_check: also S-1-5-2
   se_access_check: also S-1-5-11
   se_access_check: also S-1-22-2-100
   se_access_check: ACE 0: type 0, flags = 0x02, SID = S-1-1-0 mask = 
20008, current desired = f000c
   se_access_check: ACE 1: type 0, flags = 0x09, SID = 
S-1-5-21-1636569278-2151323032-2062914382-512 mask = f000c, current 
desired = d0004
   se_access_check: ACE 2: type 0, flags = 0x02, SID = 
S-1-5-21-1636569278-2151323032-2062914382-512 mask = f000c, current 
desired = d0004
   se_access_check: ACE 3: type 0, flags = 0x09, SID = S-1-5-32-544 mask 
= f000c, current desired = d0004
   se_access_check: ACE 4: type 0, flags = 0x02, SID = S-1-5-32-544 mask 
= f000c, current desired = d0004
[2007/02/04 23:01:51, 5] lib/util_seaccess.c:se_access_check(314)
   se_access_check: access (f000c) denied.
[2007/02/04 23:01:51, 4] printing/nt_printing.c:print_access_check(5404)
   access check was FAILURE
[2007/02/04 23:01:51, 3] 
rpc_server/srv_spoolss_nt.c:_spoolss_open_printer_ex(1667)
   access DENIED for printer open


Accessing user was tb.

deveis # pdbedit -Lv tb | grep SID
User SID:             S-1-5-21-1636569278-2151323032-2062914382-5002
Primary Group SID:    S-1-5-21-1636569278-2151323032-2062914382-513

printer in smb.conf:

[remoteljet]
  comment = remoteljet on %h
  printing = lprng
  print command = chmod 666 %s; name="`echo '%J' | sed "s/^.*- //"`"; if 
[ -z "$name" ]; then name="%s"; fi; /usr/bin/lpr -P%p -J"$name" %s; rm %s
  lpq command = /usr/bin/lpq -P%p -L
  lprm command = /usr/bin/lprm -P%p %j
  lppause command = /usr/sbin/lpc hold %p %j
  lpresume command = /usr/sbin/lpc release %p %j
  queuepause command = /usr/sbin/lpc stop %p
  queueresume command = /usr/sbin/lpc start %p
  use client driver = no
  browseable = yes
  printable = yes
  path = /var/spool/samba
  printer = repr1
  create mode = 0700


der tom

More information about the samba-technical mailing list