Changes from APPLIANCE_HEAD:

    source/printing/nt_printing.c
        - use se_create_child_secdesc() to create appropriate security
          descriptor when performing print job admin security checks.

    source/printing/printing.c
        - Use JOB_ACCESS_ADMINISTER instead of PRINTER_ACCESS_ADMINISTER in
          print_job_{delete,pause,resume}()
        - If stat'ing the job file fails, delete the job from printing.tdb
        - In print_job_end() check lpq cache time and do a
          print_queue_update() This prevents printing.tdb from growing when
          using NT/2K clients, and there isn't someone pressing F5 in a
          port monitor window.
        - In print_queue_resume() check lpq cache time and do a
          print_queue_update() Probably should do it for print_job_resume()
          too.
(This used to be commit 0068b7741fd54706ef36ddbbc3092389d281e684)

2 files changed, 45 insertions, 20 deletions

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 7b84f95161..9eb7dc12ed 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3003,9 +3003,9 @@ void map_printer_permissions(SEC_DESC *sd)
 }
 
 /****************************************************************************
- Check a user has permissions to perform the given operation.  We use some
- constants defined in include/rpc_spoolss.h that look relevant to check
- the various actions we perform when checking printer access.
+ Check a user has permissions to perform the given operation.  We use the
+ permission constants defined in include/rpc_spoolss.h to check the various
+ actions we perform when checking printer access.
 
    PRINTER_ACCESS_ADMINISTER:
        print_queue_pause, print_queue_resume, update_printer_sec,
@@ -3015,7 +3015,7 @@ void map_printer_permissions(SEC_DESC *sd)
    PRINTER_ACCESS_USE:
        print_job_start
 
-   PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER):
+   JOB_ACCESS_ADMINISTER:
        print_job_delete, print_job_pause, print_job_resume,
        print_queue_purge
 
@@ -3051,14 +3051,34 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type)
 	/* Get printer security descriptor */
 
 	nt_printing_getsec(pname, &secdesc);
+
+	if (access_type == JOB_ACCESS_ADMINISTER) {
+		SEC_DESC_BUF *parent_secdesc = secdesc;
+
+		/* Create a child security descriptor to check permissions
+		   against.  This is because print jobs are child objects
+		   objects of a printer. */
+
+		secdesc = se_create_child_secdesc(parent_secdesc->sec, False);
+
+		free_sec_desc_buf(&parent_secdesc);
+
+		/* Now this is the bit that really confuses me.  The access
+		   type needs to be changed from JOB_ACCESS_ADMINISTER to
+		   PRINTER_ACCESS_ADMINISTER for this to work.  Something
+		   to do with the child (job) object becoming like a
+		   printer??  -tpot */
+
+		access_type = PRINTER_ACCESS_ADMINISTER;
+	}
+	
+	/* Check access */
 	
 	map_printer_permissions(secdesc->sec);
 
 	result = se_access_check(secdesc->sec, user, access_type,
 				 &access_granted, &status);
 
-	/* Check access */
-	
 	DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
 	
 	/* Free mallocated memory */
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 3ce58b5b78..a22c8b749a 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -580,7 +580,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode)
 	   owns their job. */
 
 	if (!owner && 
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("delete denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -622,7 +622,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode)
 	owner = is_owner(user, jobid);
 
 	if (!owner &&
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("pause denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -673,7 +673,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode)
 	owner = is_owner(user, jobid);
 
 	if (!is_owner(user, jobid) &&
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("resume denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -921,12 +921,17 @@ BOOL print_job_end(int jobid)
 
 	snum = print_job_snum(jobid);
 
-	if (sys_fstat(pjob->fd, &sbuf) == 0)
+	if (sys_fstat(pjob->fd, &sbuf) == 0) {
 		pjob->size = sbuf.st_size;
-
-	close(pjob->fd);
-	pjob->fd = -1;
-
+		close(pjob->fd);
+		pjob->fd = -1;
+	} else {
+		/* Couldn't stat the job file, so something has gone wrong. Cleanup */
+		unlink(pjob->filename);
+		tdb_delete(tdb, print_key(jobid));
+		return False;
+	}
+	
 	if (pjob->size == 0) {
 		/* don't bother spooling empty files */
 		unlink(pjob->filename);
@@ -965,9 +970,9 @@ BOOL print_job_end(int jobid)
 	pjob->spooled = True;
 	print_job_store(jobid, pjob);
 
-	/* force update the database */
-	print_cache_flush(snum);
-	
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
+
 	/* Send a printer notify message */
 
 	printer_name = PRINTERNAME(snum);
@@ -1186,8 +1191,8 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode)
 		return False;
 	}
 
-	/* force update the database */
-	print_cache_flush(snum);
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
 
 	/* Send a printer notify message */
 
@@ -1216,7 +1221,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode)
 		}
 	}
 
-	print_cache_flush(snum);
+	print_queue_update(snum);
 	safe_free(queue);
 
 	/* Send a printer notify message */