[PATCH] s3-printing: follow force user/group for driver IO

[Stefan (metze) Metzmacher]

Hi David,

Am 02.03.2011 23:51, schrieb David Disseldorp:
> Configuring force user/group settings for the print$ share currently has
> unexpected results, this is explained by how the driver upload/add
> process takes place. Consider the following example:
> 
> [print$]
>         path = /print-drv
>         write list = $DRIVER_UPLOAD_USER
>         force group = ntadmin
> 
> - the client connects to the [print$] share and uploads all driver
>   files to the /print-drv/W32X86 directory.
> 
> - This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and
>   the "force group = ntadmin" takes effect for the [print$] session.
> 
> - Once all files are uploaded, the client connects to the [ipc$]
>   share and issues an AddPrinterDriverEx spoolss request.
> 
> - In handling this request move_driver_to_download_area() is called,
>   which attempts to create the directory /print-drv/W32X86/3
> 
> - The create directory fails, as it is done as the user connected to
>   the [ipc$] share which does not have permission to write to the driver
>   directory. The [print$] "force group = ntadmin" has no effect.
> 
> This is a regression from previous behaviour prior to the commit:
> 783ab04 Convert move_driver_to_download_area to use create_conn_struct.

Does this change the group token of the connection_struct of the ipc$
tree connect that was done by the client or does this code create
a faked connection_struct that represents the print$ share (and you
just fix the token on this one)?

metze

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20110303/ae615df7/attachment.pgp>