Change print_access_check to take auth_serversupplied_info instead of current_user

Reason: This is the main user of p->current_user which I would like to remove (This used to be commit fd43059b3dfa8cdac9814de1c76f963ba5de9bcb)
author: Volker Lendecke <vl@samba.org> 2008-06-24 16:03:28 +0200
committer: Volker Lendecke <vl@samba.org> 2008-06-26 13:13:23 +0200
commit: a3c0be63256b7db6325d8dcb599497e8e7905f08 (patch)
tree: ab10bc82f5222b9ca22fcbf3deb8b7a2a5913bfa /source3/printing
parent: aa02c3fcd580a9e53b87d885fb87fb71f138bb7d (diff)
download: samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.tar.gz
samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.tar.bz2
samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.zip
3 files changed, 56 insertions, 54 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index c13ab5a180..68d4a2ffd6 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -5763,7 +5763,8 @@ void map_job_permissions(SEC_DESC *sd)
     3)  "printer admins" (may result in numerous calls to winbind)
 
  ****************************************************************************/
-bool print_access_check(struct current_user *user, int snum, int access_type)
+bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
+			int access_type)
 {
 	SEC_DESC_BUF *secdesc = NULL;
 	uint32 access_granted;
@@ -5775,12 +5776,10 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
 	
 	/* If user is NULL then use the current_user structure */
 
-	if (!user)
-		user = &current_user;
-
 	/* Always allow root or SE_PRINT_OPERATROR to do anything */
 
-	if ( user->ut.uid == 0 || user_has_privileges(user->nt_user_token, &se_printop ) ) {
+	if (server_info->utok.uid == 0
+	    || user_has_privileges(server_info->ptok, &se_printop ) ) {
 		return True;
 	}
 
@@ -5827,7 +5826,7 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
 	}
 
 	/* Check access */
-	result = se_access_check(secdesc->sd, user->nt_user_token, access_type,
+	result = se_access_check(secdesc->sd, server_info->ptok, access_type,
 				 &access_granted, &status);
 
 	DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
@@ -5835,8 +5834,8 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
         /* see if we need to try the printer admin list */
 
         if ((access_granted == 0) &&
-	    (token_contains_name_in_list(uidtoname(user->ut.uid), NULL, NULL,
-					 user->nt_user_token,
+	    (token_contains_name_in_list(uidtoname(server_info->utok.uid),
+					 NULL, NULL, server_info->ptok,
 					 lp_printer_admin(snum)))) {
 		talloc_destroy(mem_ctx);
 		return True;
diff --git a/source3/printing/printfsp.c b/source3/printing/printfsp.c
index 1fde16b802..4a2b26d2cd 100644
--- a/source3/printing/printfsp.c
+++ b/source3/printing/printfsp.c
@@ -51,7 +51,7 @@ NTSTATUS print_fsp_open(connection_struct *conn, const char *fname,
 		fstrcat(name, p);
 	}
 
-	jobid = print_job_start(&current_user, SNUM(conn), name, NULL);
+	jobid = print_job_start(conn->server_info, SNUM(conn), name, NULL);
 	if (jobid == -1) {
 		status = map_nt_error_from_unix(errno);
 		file_free(fsp);
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index aa67f08d82..a425b87907 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1979,28 +1979,24 @@ static bool print_job_delete1(int snum, uint32 jobid)
  Return true if the current user owns the print job.
 ****************************************************************************/
 
-static bool is_owner(struct current_user *user, const char *servicename,
+static bool is_owner(struct auth_serversupplied_info *server_info,
+		     const char *servicename,
 		     uint32 jobid)
 {
 	struct printjob *pjob = print_job_find(servicename, jobid);
-	user_struct *vuser;
 
-	if (!pjob || !user)
+	if (!pjob || !server_info)
 		return False;
 
-	if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
-		return strequal(pjob->user,
-				vuser->server_info->sanitized_username);
-	} else {
-		return strequal(pjob->user, uidtoname(user->ut.uid));
-	}
+	return strequal(pjob->user, server_info->sanitized_username);
 }
 
 /****************************************************************************
  Delete a print job.
 ****************************************************************************/
 
-bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_delete(struct auth_serversupplied_info *server_info, int snum,
+		      uint32 jobid, WERROR *errcode)
 {
 	const char* sharename = lp_const_servicename( snum );
 	struct printjob *pjob;
@@ -2009,13 +2005,13 @@ bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR
 
 	*errcode = WERR_OK;
 		
-	owner = is_owner(user, lp_const_servicename(snum), jobid);
+	owner = is_owner(server_info, lp_const_servicename(snum), jobid);
 	
 	/* Check access against security descriptor or whether the user
 	   owns their job. */
 
 	if (!owner && 
-	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+	    !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("delete denied by security descriptor\n"));
 		*errcode = WERR_ACCESS_DENIED;
 
@@ -2023,7 +2019,8 @@ bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR
 		sys_adminlog( LOG_ERR, 
 			      "Permission denied-- user not allowed to delete, \
 pause, or resume print job. User name: %s. Printer name: %s.",
-			      uidtoname(user->ut.uid), PRINTERNAME(snum) );
+			      uidtoname(server_info->utok.uid),
+			      PRINTERNAME(snum) );
 		/* END_ADMIN_LOG */
 
 		return False;
@@ -2067,7 +2064,8 @@ pause, or resume print job. User name: %s. Printer name: %s.",
  Pause a job.
 ****************************************************************************/
 
-bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_pause(struct auth_serversupplied_info *server_info, int snum,
+		     uint32 jobid, WERROR *errcode)
 {
 	const char* sharename = lp_const_servicename(snum);
 	struct printjob *pjob;
@@ -2076,7 +2074,7 @@ bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *
 
 	pjob = print_job_find(sharename, jobid);
 	
-	if (!pjob || !user) {
+	if (!pjob || !server_info) {
 		DEBUG(10, ("print_job_pause: no pjob or user for jobid %u\n",
 			(unsigned int)jobid ));
 		return False;
@@ -2088,15 +2086,16 @@ bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *
 		return False;
 	}
 
-	if (!is_owner(user, lp_const_servicename(snum), jobid) &&
-	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+	if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
+	    !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("pause denied by security descriptor\n"));
 
 		/* BEGIN_ADMIN_LOG */
 		sys_adminlog( LOG_ERR, 
 			"Permission denied-- user not allowed to delete, \
 pause, or resume print job. User name: %s. Printer name: %s.",
-				uidtoname(user->ut.uid), PRINTERNAME(snum) );
+			      uidtoname(server_info->utok.uid),
+			      PRINTERNAME(snum) );
 		/* END_ADMIN_LOG */
 
 		*errcode = WERR_ACCESS_DENIED;
@@ -2127,7 +2126,8 @@ pause, or resume print job. User name: %s. Printer name: %s.",
  Resume a job.
 ****************************************************************************/
 
-bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_resume(struct auth_serversupplied_info *server_info, int snum,
+		      uint32 jobid, WERROR *errcode)
 {
 	const char *sharename = lp_const_servicename(snum);
 	struct printjob *pjob;
@@ -2135,8 +2135,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
 	struct printif *current_printif = get_printer_fns( snum );
 
 	pjob = print_job_find(sharename, jobid);
-	
-	if (!pjob || !user) {
+
+	if (!pjob || !server_info) {
 		DEBUG(10, ("print_job_resume: no pjob or user for jobid %u\n",
 			(unsigned int)jobid ));
 		return False;
@@ -2148,8 +2148,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
 		return False;
 	}
 
-	if (!is_owner(user, lp_const_servicename(snum), jobid) &&
-	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+	if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
+	    !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("resume denied by security descriptor\n"));
 		*errcode = WERR_ACCESS_DENIED;
 
@@ -2157,7 +2157,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
 		sys_adminlog( LOG_ERR, 
 			 "Permission denied-- user not allowed to delete, \
 pause, or resume print job. User name: %s. Printer name: %s.",
-			uidtoname(user->ut.uid), PRINTERNAME(snum) );
+			      uidtoname(server_info->utok.uid),
+			      PRINTERNAME(snum) );
 		/* END_ADMIN_LOG */
 		return False;
 	}
@@ -2357,12 +2358,12 @@ static bool add_to_jobs_changed(struct tdb_print_db *pdb, uint32 jobid)
  Start spooling a job - return the jobid.
 ***************************************************************************/
 
-uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DEVICEMODE *nt_devmode )
+uint32 print_job_start(struct auth_serversupplied_info *server_info, int snum,
+		       char *jobname, NT_DEVICEMODE *nt_devmode )
 {
 	uint32 jobid;
 	char *path;
 	struct printjob pjob;
-	user_struct *vuser;
 	const char *sharename = lp_const_servicename(snum);
 	struct tdb_print_db *pdb = get_print_db_byname(sharename);
 	int njobs;
@@ -2372,7 +2373,7 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE
 	if (!pdb)
 		return (uint32)-1;
 
-	if (!print_access_check(user, snum, PRINTER_ACCESS_USE)) {
+	if (!print_access_check(server_info, snum, PRINTER_ACCESS_USE)) {
 		DEBUG(3, ("print_job_start: job start denied by security descriptor\n"));
 		release_print_db(pdb);
 		return (uint32)-1;
@@ -2437,17 +2438,12 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE
 	
 	fstrcpy(pjob.jobname, jobname);
 
-	if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
-		fstrcpy(pjob.user, lp_printjob_username(snum));
-		standard_sub_basic(
-			vuser->server_info->sanitized_username,
-			pdb_get_domain(vuser->server_info->sam_account),
-			pjob.user, sizeof(pjob.user)-1);
-		/* ensure NULL termination */ 
-		pjob.user[sizeof(pjob.user)-1] = '\0'; 
-	} else {
-		fstrcpy(pjob.user, uidtoname(user->ut.uid));
-	}
+	fstrcpy(pjob.user, lp_printjob_username(snum));
+	standard_sub_basic(server_info->sanitized_username,
+			   pdb_get_domain(server_info->sam_account),
+			   pjob.user, sizeof(pjob.user)-1);
+	/* ensure NULL termination */
+	pjob.user[sizeof(pjob.user)-1] = '\0';
 
 	fstrcpy(pjob.queuename, lp_const_servicename(snum));
 
@@ -2775,12 +2771,14 @@ int print_queue_status(int snum,
  Pause a queue.
 ****************************************************************************/
 
-bool print_queue_pause(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum,
+		       WERROR *errcode)
 {
 	int ret;
 	struct printif *current_printif = get_printer_fns( snum );
 	
-	if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	if (!print_access_check(server_info, snum,
+				PRINTER_ACCESS_ADMINISTER)) {
 		*errcode = WERR_ACCESS_DENIED;
 		return False;
 	}
@@ -2811,12 +2809,14 @@ bool print_queue_pause(struct current_user *user, int snum, WERROR *errcode)
  Resume a queue.
 ****************************************************************************/
 
-bool print_queue_resume(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum,
+			WERROR *errcode)
 {
 	int ret;
 	struct printif *current_printif = get_printer_fns( snum );
 
-	if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	if (!print_access_check(server_info, snum,
+				PRINTER_ACCESS_ADMINISTER)) {
 		*errcode = WERR_ACCESS_DENIED;
 		return False;
 	}
@@ -2847,7 +2847,8 @@ bool print_queue_resume(struct current_user *user, int snum, WERROR *errcode)
  Purge a queue - implemented by deleting all jobs that we can delete.
 ****************************************************************************/
 
-bool print_queue_purge(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_purge(struct auth_serversupplied_info *server_info, int snum,
+		       WERROR *errcode)
 {
 	print_queue_struct *queue;
 	print_status_struct status;
@@ -2857,14 +2858,16 @@ bool print_queue_purge(struct current_user *user, int snum, WERROR *errcode)
 	/* Force and update so the count is accurate (i.e. not a cached count) */
 	print_queue_update(snum, True);
 	
-	can_job_admin = print_access_check(user, snum, JOB_ACCESS_ADMINISTER);
+	can_job_admin = print_access_check(server_info, snum,
+					   JOB_ACCESS_ADMINISTER);
 	njobs = print_queue_status(snum, &queue, &status);
 	
 	if ( can_job_admin )
 		become_root();
 
 	for (i=0;i<njobs;i++) {
-		bool owner = is_owner(user, lp_const_servicename(snum), queue[i].job);
+		bool owner = is_owner(server_info, lp_const_servicename(snum),
+				      queue[i].job);
 
 		if (owner || can_job_admin) {
 			print_job_delete1(snum, queue[i].job);
author	Volker Lendecke <vl@samba.org>	2008-06-24 16:03:28 +0200
committer	Volker Lendecke <vl@samba.org>	2008-06-26 13:13:23 +0200
commit	a3c0be63256b7db6325d8dcb599497e8e7905f08 (patch)
tree	ab10bc82f5222b9ca22fcbf3deb8b7a2a5913bfa /source3/printing
parent	aa02c3fcd580a9e53b87d885fb87fb71f138bb7d (diff)
download	samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.tar.gz samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.tar.bz2 samba-a3c0be63256b7db6325d8dcb599497e8e7905f08.zip