diff options
-rw-r--r-- | source3/printing/nt_printing.c | 12 | ||||
-rw-r--r-- | source3/rpc_parse/parse_sec.c | 47 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 208 |
3 files changed, 160 insertions, 107 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index a3e4db2314..c7781c6510 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2748,7 +2748,7 @@ uint32 nt_printing_setsec(char *printername, SEC_DESC_BUF *secdesc_ctr) static SEC_DESC_BUF *construct_default_printer_sdb(void) { - SEC_ACE ace[2]; + SEC_ACE ace[3]; SEC_ACCESS sa; SEC_ACL *psa = NULL; SEC_DESC_BUF *sdb = NULL; @@ -2763,7 +2763,6 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void) init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); - /* Make the security descriptor owned by the Administrators group on the PDC of the domain. */ @@ -2783,8 +2782,13 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void) } } - init_sec_access(&sa, PRINTER_ACE_MANAGE_DOCUMENTS | PRINTER_ACE_PRINT); + init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL); init_sec_ace(&ace[1], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, + sa, SEC_ACE_FLAG_OBJECT_INHERIT | + SEC_ACE_FLAG_INHERIT_ONLY); + + init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL); + init_sec_ace(&ace[2], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, SEC_ACE_FLAG_CONTAINER_INHERIT); /* The ACL revision number in rpc_secdesc.h differs from the one @@ -2794,7 +2798,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(void) #define NT4_ACL_REVISION 0x2 - if ((psa = make_sec_acl(NT4_ACL_REVISION, 2, ace)) != NULL) { + if ((psa = make_sec_acl(NT4_ACL_REVISION, 3, ace)) != NULL) { psd = make_sec_desc(SEC_DESC_REVISION, &owner_sid, NULL, NULL, psa, &sd_size); diff --git a/source3/rpc_parse/parse_sec.c b/source3/rpc_parse/parse_sec.c index eac00d8372..e2ca2202e1 100644 --- a/source3/rpc_parse/parse_sec.c +++ b/source3/rpc_parse/parse_sec.c @@ -317,7 +317,15 @@ BOOL sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2) /* Check top level stuff */ - if (s1->revision != s2->revision || s1->num_aces != s2->num_aces) { + if (s1->revision != s2->revision) { + DEBUG(10, ("sec_acl_equal(): revision differs (%d != %d)\n", + s1->revision, s2->revision)); + return False; + } + + if (s1->num_aces != s2->num_aces) { + DEBUG(10, ("sec_acl_equal(): num_aces differs (%d != %d)\n", + s1->revision, s2->revision)); return False; } @@ -354,16 +362,39 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) /* Check top level stuff */ - if (s1->revision != s2->revision || s1->type != s2->type) { - DEBUG(10, ("sec_desc_equal(): revision/type not equal\n")); + if (s1->revision != s2->revision) { + DEBUG(10, ("sec_desc_equal(): revision differs (%d != %d)\n", + s1->revision, s2->revision)); + return False; + } + + if (s1->type!= s2->type) { + DEBUG(10, ("sec_desc_equal(): type differs (%d != %d)\n", + s1->type, s2->type)); return False; } /* Check owner and group */ - if (!sid_equal(s1->owner_sid, s2->owner_sid) || - !sid_equal(s1->grp_sid, s2->grp_sid)) { - DEBUG(10, ("sec_desc_equal(): owner/group not equal\n")); + if (!sid_equal(s1->owner_sid, s2->owner_sid)) { + fstring str1, str2; + + sid_to_string(str1, s1->owner_sid); + sid_to_string(str2, s2->owner_sid); + + DEBUG(10, ("sec_desc_equal(): owner differs (%s != %s)\n", + str1, str2)); + return False; + } + + if (!sid_equal(s1->grp_sid, s2->grp_sid)) { + fstring str1, str2; + + sid_to_string(str1, s1->grp_sid); + sid_to_string(str2, s2->grp_sid); + + DEBUG(10, ("sec_desc_equal(): group differs (%s != %s)\n", + str1, str2)); return False; } @@ -371,7 +402,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if ((s1->dacl && !s2->dacl) || (!s1->dacl && s2->dacl) || (s1->sacl && !s2->sacl) || (!s1->sacl && s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl/sacl not equal\n")); + DEBUG(10, ("sec_desc_equal(): dacl or sacl not present\n")); return False; } @@ -380,7 +411,7 @@ BOOL sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2) if (!sec_acl_equal(s1->dacl, s2->dacl) || !sec_acl_equal(s1->sacl, s2->sacl)) { - DEBUG(10, ("sec_desc_equal(): dacl/dacl list not equal\n")); + DEBUG(10, ("sec_desc_equal(): dacl/sacl list not equal\n")); return False; } diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index a4f5e257f1..38a4b26a60 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -3402,16 +3402,21 @@ static uint32 update_printer_sec(POLICY_HND *handle, uint32 level, } acl = secdesc_ctr->sec->dacl; - DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", - PRINTERNAME(snum), acl->num_aces)); - for (i = 0; i < acl->num_aces; i++) { - fstring sid_str; - - sid_to_string(sid_str, &acl->ace[i].sid); + if (acl) { + DEBUG(10, ("secdesc_ctr for %s has %d aces:\n", + PRINTERNAME(snum), acl->num_aces)); - DEBUG(10, ("%s 0x%08x\n", sid_str, - acl->ace[i].info.mask)); + for (i = 0; i < acl->num_aces; i++) { + fstring sid_str; + + sid_to_string(sid_str, &acl->ace[i].sid); + + DEBUG(10, ("%s 0x%08x\n", sid_str, + acl->ace[i].info.mask)); + } + } else { + DEBUG(10, ("dacl for secdesc_ctr is NULL\n")); } } @@ -3532,6 +3537,13 @@ static BOOL add_printer_hook(NT_PRINTER_INFO_LEVEL *printer) /* Return true if two devicemodes are equal */ +#define DEVMODE_CHECK_INT(field) \ + if (d1->field != d2->field) { \ + DEBUG(10, ("nt_devicemode_equal(): " #field " not equal (%d != %d)\n", \ + d1->field, d2->field)); \ + return False; \ + } + static BOOL nt_devicemode_equal(NT_DEVICEMODE *d1, NT_DEVICEMODE *d2) { if (!d1 && !d2) goto equal; /* if both are NULL they are equal */ @@ -3547,55 +3559,44 @@ static BOOL nt_devicemode_equal(NT_DEVICEMODE *d1, NT_DEVICEMODE *d2) return False; } - if (d1->specversion != d2->specversion || - d1->driverversion != d2->driverversion || - d1->size != d2->size || - d1->driverextra != d2->driverextra || - d1->orientation != d2->orientation || - d1->papersize != d2->papersize || - d1->paperlength != d2->paperlength || - d1->paperwidth != d2->paperwidth || - d1->scale != d2->scale || - d1->copies != d2->copies || - d1->defaultsource != d2->defaultsource || - d1->printquality != d2->printquality || - d1->color != d2->color || - d1->duplex != d2->duplex || - d1->yresolution != d2->yresolution || - d1->ttoption != d2->ttoption || - d1->collate != d2->collate || - d1->logpixels != d2->logpixels) { - DEBUG(10, ("nt_devicemode_equal(): specversion-logpixels " - "not equal\n")); - return False; - } - - if (d1->fields != d2->fields || - d1->bitsperpel != d2->bitsperpel || - d1->pelswidth != d2->pelswidth || - d1->pelsheight != d2->pelsheight || - d1->displayflags != d2->displayflags || - d1->displayfrequency != d2->displayfrequency || - d1->icmmethod != d2->icmmethod || - d1->icmintent != d2->icmintent || - d1->mediatype != d2->mediatype || - d1->dithertype != d2->dithertype || - d1->reserved1 != d2->reserved1 || - d1->reserved2 != d2->reserved2 || - d1->panningwidth != d2->panningwidth || - d1->panningheight != d2->panningheight) { - DEBUG(10, ("nt_devicemode_equal(): fields-panningheight " - "not equal\n")); - return False; - } + DEVMODE_CHECK_INT(specversion); + DEVMODE_CHECK_INT(driverversion); + DEVMODE_CHECK_INT(driverextra); + DEVMODE_CHECK_INT(orientation); + DEVMODE_CHECK_INT(papersize); + DEVMODE_CHECK_INT(paperlength); + DEVMODE_CHECK_INT(paperwidth); + DEVMODE_CHECK_INT(scale); + DEVMODE_CHECK_INT(copies); + DEVMODE_CHECK_INT(defaultsource); + DEVMODE_CHECK_INT(printquality); + DEVMODE_CHECK_INT(color); + DEVMODE_CHECK_INT(duplex); + DEVMODE_CHECK_INT(yresolution); + DEVMODE_CHECK_INT(ttoption); + DEVMODE_CHECK_INT(collate); + DEVMODE_CHECK_INT(logpixels); + + DEVMODE_CHECK_INT(fields); + DEVMODE_CHECK_INT(bitsperpel); + DEVMODE_CHECK_INT(pelswidth); + DEVMODE_CHECK_INT(pelsheight); + DEVMODE_CHECK_INT(displayflags); + DEVMODE_CHECK_INT(displayfrequency); + DEVMODE_CHECK_INT(icmmethod); + DEVMODE_CHECK_INT(icmintent); + DEVMODE_CHECK_INT(mediatype); + DEVMODE_CHECK_INT(dithertype); + DEVMODE_CHECK_INT(reserved1); + DEVMODE_CHECK_INT(reserved2); + DEVMODE_CHECK_INT(panningwidth); + DEVMODE_CHECK_INT(panningheight); /* compare the private data if it exists */ if (!d1->driverextra && !d2->driverextra) goto equal; - if (d1->driverextra != d2->driverextra) { - DEBUG(10, ("nt_devicemode_equal(): driverextra not equal\n")); - return False; - } + + DEVMODE_CHECK_INT(driverextra); if (memcmp(d1->private, d2->private, d1->driverextra)) { DEBUG(10, ("nt_devicemode_equal(): private data not equal\n")); @@ -3629,21 +3630,40 @@ static BOOL nt_printer_param_equal(NT_PRINTER_PARAM *p1, while(q) { - if (strequal(p1->value, q->value) && - p1->type == q->type && - p1->data_len == q->data_len && - memcmp(p1->data, q->data, p1->data_len) == 0) { - found = True; - goto found_it; + if (strequal(p1->value, q->value)) { + + if (p1->type != q->type) { + DEBUG(10, ("nt_printer_param_equal():" + "types for %s differ (%d != %d)\n", + p1->value, p1->type, + q->type)); + break; + } + + if (p1->data_len != q->data_len) { + DEBUG(10, ("nt_printer_param_equal():" + "len for %s differs (%d != %d)\n", + p1->value, p1->data_len, + q->data_len)); + break; + } + + if (memcmp(p1->data, q->data, p1->data_len) == 0) { + found = True; + } else { + DEBUG(10, ("nt_printer_param_equal():" + "data for %s differs\n", p1->value)); + } + + break; } q = q->next; } - found_it: if (!found) { DEBUG(10, ("nt_printer_param_equal(): param %s " - "differs\n", p1->value)); + "does not exist\n", p1->value)); return False; } @@ -3661,6 +3681,20 @@ static BOOL nt_printer_param_equal(NT_PRINTER_PARAM *p1, * actually update printer info. ********************************************************************/ +#define PI_CHECK_INT(field) \ + if (pi1->field != pi2->field) { \ + DEBUG(10, ("nt_printer_info_level_equal(): " #field " not equal (%d != %d)\n", \ + pi1->field, pi2->field)); \ + return False; \ + } + +#define PI_CHECK_STR(field) \ + if (!strequal(pi1->field, pi2->field)) { \ + DEBUG(10, ("nt_printer_info_level_equal(): " #field " not equal (%s != %s)\n", \ + pi1->field, pi2->field)); \ + return False; \ + } + static BOOL nt_printer_info_level_equal(NT_PRINTER_INFO_LEVEL *p1, NT_PRINTER_INFO_LEVEL *p2) { @@ -3687,44 +3721,32 @@ static BOOL nt_printer_info_level_equal(NT_PRINTER_INFO_LEVEL *p1, pi1 = p1->info_2; pi2 = p2->info_2; - if (pi1->attributes != pi2->attributes || - pi1->priority != pi2->priority || - pi1->default_priority != pi2->default_priority || - pi1->starttime != pi2->starttime || - pi1->untiltime != pi2->untiltime || - pi1->averageppm != pi2->averageppm) { - DEBUG(10, ("nt_printer_info_level_equal(): attr-ppm values " - "differ\n")); - return False; - } + PI_CHECK_INT(attributes); + PI_CHECK_INT(priority); + PI_CHECK_INT(default_priority); + PI_CHECK_INT(starttime); + PI_CHECK_INT(untiltime); + PI_CHECK_INT(averageppm); /* Yuck - don't check the printername or servername as the add_a_printer() code plays games with them. You can't change the printername or the sharename through this interface in Samba. */ - if (!strequal(pi1->sharename, pi2->sharename) || - !strequal(pi1->portname, pi2->portname) || - !strequal(pi1->drivername, pi2->drivername) || - !strequal(pi1->comment, pi2->comment) || - !strequal(pi1->location, pi2->location)) { - DEBUG(10, ("nt_printer_info_level_equal(): values for names " - "differ\n")); - return False; - } + PI_CHECK_STR(sharename); + PI_CHECK_STR(portname); + PI_CHECK_STR(drivername); + PI_CHECK_STR(comment); + PI_CHECK_STR(location); if (!nt_devicemode_equal(pi1->devmode, pi2->devmode)) { return False; } - if (!strequal(pi1->sepfile, pi2->sepfile) || - !strequal(pi1->printprocessor, pi2->printprocessor) || - !strequal(pi1->datatype, pi2->datatype) || - !strequal(pi1->parameters, pi2->parameters)) { - DEBUG(10, ("nt_printer_info_level_equal(): sep-params values " - "differ\n")); - return False; - } + PI_CHECK_STR(sepfile); + PI_CHECK_STR(printprocessor); + PI_CHECK_STR(datatype); + PI_CHECK_STR(parameters); if (!nt_printer_param_equal(pi1->specific, pi2->specific)) { return False; @@ -3734,13 +3756,9 @@ static BOOL nt_printer_info_level_equal(NT_PRINTER_INFO_LEVEL *p1, return False; } - if (pi1->changeid != pi2->changeid || - pi1->c_setprinter != pi2->c_setprinter || - pi1->setuptime != pi2->setuptime) { - DEBUG(10, ("nt_printer_info_level_equal(): id-setuptime " - "values differ\n")); - return False; - } + PI_CHECK_INT(changeid); + PI_CHECK_INT(c_setprinter); + PI_CHECK_INT(setuptime); equal: DEBUG(10, ("nt_printer_info_level_equal(): infos are identical\n")); |