summaryrefslogtreecommitdiff
path: root/source3/printing
diff options
context:
space:
mode:
authorDavid O'Neill <dmo@samba.org>2001-01-04 19:27:08 +0000
committerDavid O'Neill <dmo@samba.org>2001-01-04 19:27:08 +0000
commit23807f2b308e80a1e325c8fd2bddeec3e2e15bc5 (patch)
tree744ac3d0a34255dcfdadd83060ae9687e1a9fa1e /source3/printing
parent92ebc81734a8a4165f88eeba9c05a05ea2917584 (diff)
downloadsamba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.gz
samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.tar.bz2
samba-23807f2b308e80a1e325c8fd2bddeec3e2e15bc5.zip
Changes from APPLIANCE_HEAD:
source/Makefile.in - changes to ctags and etags rules that somehow got lost along the way. source/include/proto.h - make proto source/smbd/sec_ctx.c source/smbd/password.c - merge debugs for debugging user groups and NT token stuff. source/lib/util_str.c - capitalise domain name returned from parse_domain_user() source/nsswitch/wb_client.c - fix broken conditional in debug statement. source/include/rpc_secdes.h source/include/rpc_spoolss.h source/printing/nt_printing.c source/lib/util_seaccess.c - fix printer permission bugs related to ACE masks for printers. This adds mapping of generic access rights to object specific rights for NT printers. Still need to work out whether or not to ignore ACEs with certain flags set, though. See comments in util_seaccess.c:check_ace() for details. source/printing/nt_printing.c source/printing/printing.c - use PRINTER_ACCESS_ADMINISTER instead of JOB_ACCESS_ADMINISTER until we sort out printer/printjob permission stuff. (This used to be commit 1dba9c5cd1e6389734c648f6903abcb7c8d5b2f0)
Diffstat (limited to 'source3/printing')
-rw-r--r--source3/printing/nt_printing.c106
-rw-r--r--source3/printing/printing.c11
2 files changed, 42 insertions, 75 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 91679235cd..699ddc60b2 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -35,6 +35,15 @@ static TDB_CONTEXT *tdb; /* used for driver files */
#define DATABASE_VERSION 1
+/* Map generic permissions to printer object specific permissions */
+
+struct generic_mapping printer_generic_mapping = {
+ PRINTER_READ,
+ PRINTER_WRITE,
+ PRINTER_EXECUTE,
+ PRINTER_ALL_ACCESS
+};
+
/* We need one default form to support our default printer. Msoft adds the
forms it wants and in the ORDER it wants them (note: DEVMODE papersize is an
array index). Letter is always first, so (for the current code) additions
@@ -2833,11 +2842,16 @@ BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr)
prs_struct ps;
TALLOC_CTX *mem_ctx = NULL;
fstring key;
+ char *temp;
mem_ctx = talloc_init();
if (mem_ctx == NULL)
return False;
+ if ((temp = strchr(printername + 2, '\\'))) {
+ printername = temp + 1;
+ }
+
/* Fetch security descriptor from tdb */
slprintf(key, sizeof(key), "SECDESC/%s", printername);
@@ -2910,8 +2924,9 @@ BOOL nt_printing_getsec(char *printername, SEC_DESC_BUF **secdesc_ctr)
sid_to_string(sid_str, &acl->ace[i].sid);
- DEBUG(10, ("%s 0x%08x\n", sid_str,
- acl->ace[i].info.mask));
+ DEBUG(10, ("%s %d %d 0x%08x\n", sid_str,
+ acl->ace[i].type, acl->ace[i].flags,
+ acl->ace[i].info.mask));
}
}
@@ -2956,6 +2971,20 @@ jfm: I should use this comment for the text file to explain
*/
+/* Convert generic access rights to printer object specific access rights.
+ It turns out that NT4 security descriptors use generic access rights and
+ NT5 the object specific ones. */
+
+void map_printer_permissions(SEC_DESC *sd)
+{
+ int i;
+
+ for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+ se_map_generic(&sd->dacl->ace[i].info.mask,
+ &printer_generic_mapping);
+ }
+}
+
/****************************************************************************
Check a user has permissions to perform the given operation. We use some
constants defined in include/rpc_spoolss.h that look relevant to check
@@ -2969,7 +2998,7 @@ jfm: I should use this comment for the text file to explain
PRINTER_ACCESS_USE:
print_job_start
- JOB_ACCESS_ADMINISTER:
+ PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER):
print_job_delete, print_job_pause, print_job_resume,
print_queue_purge
@@ -2977,7 +3006,7 @@ jfm: I should use this comment for the text file to explain
BOOL print_access_check(struct current_user *user, int snum, int access_type)
{
SEC_DESC_BUF *secdesc = NULL;
- uint32 access_granted, status, required_access = 0;
+ uint32 access_granted, status;
BOOL result;
char *pname;
extern struct current_user current_user;
@@ -3008,77 +3037,14 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type)
/* Get printer security descriptor */
nt_printing_getsec(pname, &secdesc);
-
- /* Check against NT4 ACE mask values. From observation these
- values are:
-
- Access Type ACE Mask Constant
- -------------------------------------
- Full Control 0x10000000 PRINTER_ACE_FULL_CONTROL
- Print 0xe0000000 PRINTER_ACE_PRINT
- Manage Documents 0x00020000 PRINTER_ACE_MANAGE_DOCUMENTS
- */
-
- switch (access_type) {
- case PRINTER_ACCESS_USE:
- required_access = PRINTER_ACE_PRINT;
- break;
- case PRINTER_ACCESS_ADMINISTER:
- /*
- * This should be set to PRINTER_ACE_FULL_CONTROL, not to
- * (PRINTER_ACE_PRINT | PRINTER_ACE_MANAGE_DOCUMENTS).
- * Doing the latter gives anyone with both PRINTER_ACE_PRINT
- * and PRINTER_ACE_MANAGE_DOCUMENTS (in any combination of ACLs)
- * full control over all printer functions. This isn't what
- * we want.
- */
- required_access = PRINTER_ACE_FULL_CONTROL;
- break;
- case JOB_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_MANAGE_DOCUMENTS;
- break;
- default:
- DEBUG(0, ("invalid value passed to print_access_check()\n"));
- result = False;
- goto done;
- }
- if ((result = se_access_check(secdesc->sec, user, required_access,
- &access_granted, &status))) {
- goto done;
- }
-
- /* Check against NT5 ACE mask values. From observation these
- values are:
-
- Access Type ACE Mask Constant
- -------------------------------------
- Full Control 0x000f000c PRINTER_ACE_NT5_FULL_CONTROL
- Print 0x00020008 PRINTER_ACE_NT5_PRINT
- Manage Documents 0x00020000 PRINTER_ACE_NT5_MANAGE_DOCUMENTS
-
- NT5 likes to rewrite the security descriptor and change the ACE
- masks from NT4 format to NT5 format making them unreadable by
- NT4 clients. */
-
- switch (access_type) {
- case PRINTER_ACCESS_USE:
- required_access = PRINTER_ACE_NT5_PRINT;
- break;
- case PRINTER_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_NT5_FULL_CONTROL;
- break;
- case JOB_ACCESS_ADMINISTER:
- required_access = PRINTER_ACE_NT5_MANAGE_DOCUMENTS;
- break;
- }
-
- result = se_access_check(secdesc->sec, user, required_access,
+ map_printer_permissions(secdesc->sec);
+
+ result = se_access_check(secdesc->sec, user, access_type,
&access_granted, &status);
/* Check access */
- done:
DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
/* Free mallocated memory */
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 842b97f9c5..57d0c2b8a3 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -575,7 +575,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode)
owns their job. */
if (!owner &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
DEBUG(3, ("delete denied by security descriptor\n"));
*errcode = ERROR_ACCESS_DENIED;
return False;
@@ -617,7 +617,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode)
owner = is_owner(user, jobid);
if (!owner &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
DEBUG(3, ("pause denied by security descriptor\n"));
*errcode = ERROR_ACCESS_DENIED;
return False;
@@ -668,7 +668,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode)
owner = is_owner(user, jobid);
if (!is_owner(user, jobid) &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
DEBUG(3, ("resume denied by security descriptor\n"));
*errcode = ERROR_ACCESS_DENIED;
return False;
@@ -807,7 +807,7 @@ int print_job_start(struct current_user *user, int snum, char *jobname)
return -1;
}
- if (print_queue_length(snum) > lp_maxprintjobs(snum)) {
+ if (lp_maxprintjobs(snum) && print_queue_length(snum) > lp_maxprintjobs(snum)) {
errno = ENOSPC;
return -1;
}
@@ -1202,7 +1202,8 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode)
njobs = print_queue_status(snum, &queue, &status);
for (i=0;i<njobs;i++) {
- if (print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ if (print_access_check(user, snum,
+ PRINTER_ACCESS_ADMINISTER)) {
print_job_delete1(queue[i].job);
}
}