summaryrefslogtreecommitdiff
path: root/source3/printing
diff options
context:
space:
mode:
Diffstat (limited to 'source3/printing')
-rw-r--r--source3/printing/nt_printing.c15
-rw-r--r--source3/printing/printfsp.c2
-rw-r--r--source3/printing/printing.c93
3 files changed, 56 insertions, 54 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index c13ab5a180..68d4a2ffd6 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -5763,7 +5763,8 @@ void map_job_permissions(SEC_DESC *sd)
3) "printer admins" (may result in numerous calls to winbind)
****************************************************************************/
-bool print_access_check(struct current_user *user, int snum, int access_type)
+bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
+ int access_type)
{
SEC_DESC_BUF *secdesc = NULL;
uint32 access_granted;
@@ -5775,12 +5776,10 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
/* If user is NULL then use the current_user structure */
- if (!user)
- user = &current_user;
-
/* Always allow root or SE_PRINT_OPERATROR to do anything */
- if ( user->ut.uid == 0 || user_has_privileges(user->nt_user_token, &se_printop ) ) {
+ if (server_info->utok.uid == 0
+ || user_has_privileges(server_info->ptok, &se_printop ) ) {
return True;
}
@@ -5827,7 +5826,7 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
}
/* Check access */
- result = se_access_check(secdesc->sd, user->nt_user_token, access_type,
+ result = se_access_check(secdesc->sd, server_info->ptok, access_type,
&access_granted, &status);
DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
@@ -5835,8 +5834,8 @@ bool print_access_check(struct current_user *user, int snum, int access_type)
/* see if we need to try the printer admin list */
if ((access_granted == 0) &&
- (token_contains_name_in_list(uidtoname(user->ut.uid), NULL, NULL,
- user->nt_user_token,
+ (token_contains_name_in_list(uidtoname(server_info->utok.uid),
+ NULL, NULL, server_info->ptok,
lp_printer_admin(snum)))) {
talloc_destroy(mem_ctx);
return True;
diff --git a/source3/printing/printfsp.c b/source3/printing/printfsp.c
index 1fde16b802..4a2b26d2cd 100644
--- a/source3/printing/printfsp.c
+++ b/source3/printing/printfsp.c
@@ -51,7 +51,7 @@ NTSTATUS print_fsp_open(connection_struct *conn, const char *fname,
fstrcat(name, p);
}
- jobid = print_job_start(&current_user, SNUM(conn), name, NULL);
+ jobid = print_job_start(conn->server_info, SNUM(conn), name, NULL);
if (jobid == -1) {
status = map_nt_error_from_unix(errno);
file_free(fsp);
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index aa67f08d82..a425b87907 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -1979,28 +1979,24 @@ static bool print_job_delete1(int snum, uint32 jobid)
Return true if the current user owns the print job.
****************************************************************************/
-static bool is_owner(struct current_user *user, const char *servicename,
+static bool is_owner(struct auth_serversupplied_info *server_info,
+ const char *servicename,
uint32 jobid)
{
struct printjob *pjob = print_job_find(servicename, jobid);
- user_struct *vuser;
- if (!pjob || !user)
+ if (!pjob || !server_info)
return False;
- if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
- return strequal(pjob->user,
- vuser->server_info->sanitized_username);
- } else {
- return strequal(pjob->user, uidtoname(user->ut.uid));
- }
+ return strequal(pjob->user, server_info->sanitized_username);
}
/****************************************************************************
Delete a print job.
****************************************************************************/
-bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_delete(struct auth_serversupplied_info *server_info, int snum,
+ uint32 jobid, WERROR *errcode)
{
const char* sharename = lp_const_servicename( snum );
struct printjob *pjob;
@@ -2009,13 +2005,13 @@ bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR
*errcode = WERR_OK;
- owner = is_owner(user, lp_const_servicename(snum), jobid);
+ owner = is_owner(server_info, lp_const_servicename(snum), jobid);
/* Check access against security descriptor or whether the user
owns their job. */
if (!owner &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("delete denied by security descriptor\n"));
*errcode = WERR_ACCESS_DENIED;
@@ -2023,7 +2019,8 @@ bool print_job_delete(struct current_user *user, int snum, uint32 jobid, WERROR
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(user->ut.uid), PRINTERNAME(snum) );
+ uidtoname(server_info->utok.uid),
+ PRINTERNAME(snum) );
/* END_ADMIN_LOG */
return False;
@@ -2067,7 +2064,8 @@ pause, or resume print job. User name: %s. Printer name: %s.",
Pause a job.
****************************************************************************/
-bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_pause(struct auth_serversupplied_info *server_info, int snum,
+ uint32 jobid, WERROR *errcode)
{
const char* sharename = lp_const_servicename(snum);
struct printjob *pjob;
@@ -2076,7 +2074,7 @@ bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *
pjob = print_job_find(sharename, jobid);
- if (!pjob || !user) {
+ if (!pjob || !server_info) {
DEBUG(10, ("print_job_pause: no pjob or user for jobid %u\n",
(unsigned int)jobid ));
return False;
@@ -2088,15 +2086,16 @@ bool print_job_pause(struct current_user *user, int snum, uint32 jobid, WERROR *
return False;
}
- if (!is_owner(user, lp_const_servicename(snum), jobid) &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
+ !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("pause denied by security descriptor\n"));
/* BEGIN_ADMIN_LOG */
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(user->ut.uid), PRINTERNAME(snum) );
+ uidtoname(server_info->utok.uid),
+ PRINTERNAME(snum) );
/* END_ADMIN_LOG */
*errcode = WERR_ACCESS_DENIED;
@@ -2127,7 +2126,8 @@ pause, or resume print job. User name: %s. Printer name: %s.",
Resume a job.
****************************************************************************/
-bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR *errcode)
+bool print_job_resume(struct auth_serversupplied_info *server_info, int snum,
+ uint32 jobid, WERROR *errcode)
{
const char *sharename = lp_const_servicename(snum);
struct printjob *pjob;
@@ -2135,8 +2135,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
struct printif *current_printif = get_printer_fns( snum );
pjob = print_job_find(sharename, jobid);
-
- if (!pjob || !user) {
+
+ if (!pjob || !server_info) {
DEBUG(10, ("print_job_resume: no pjob or user for jobid %u\n",
(unsigned int)jobid ));
return False;
@@ -2148,8 +2148,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
return False;
}
- if (!is_owner(user, lp_const_servicename(snum), jobid) &&
- !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
+ if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
+ !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("resume denied by security descriptor\n"));
*errcode = WERR_ACCESS_DENIED;
@@ -2157,7 +2157,8 @@ bool print_job_resume(struct current_user *user, int snum, uint32 jobid, WERROR
sys_adminlog( LOG_ERR,
"Permission denied-- user not allowed to delete, \
pause, or resume print job. User name: %s. Printer name: %s.",
- uidtoname(user->ut.uid), PRINTERNAME(snum) );
+ uidtoname(server_info->utok.uid),
+ PRINTERNAME(snum) );
/* END_ADMIN_LOG */
return False;
}
@@ -2357,12 +2358,12 @@ static bool add_to_jobs_changed(struct tdb_print_db *pdb, uint32 jobid)
Start spooling a job - return the jobid.
***************************************************************************/
-uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DEVICEMODE *nt_devmode )
+uint32 print_job_start(struct auth_serversupplied_info *server_info, int snum,
+ char *jobname, NT_DEVICEMODE *nt_devmode )
{
uint32 jobid;
char *path;
struct printjob pjob;
- user_struct *vuser;
const char *sharename = lp_const_servicename(snum);
struct tdb_print_db *pdb = get_print_db_byname(sharename);
int njobs;
@@ -2372,7 +2373,7 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE
if (!pdb)
return (uint32)-1;
- if (!print_access_check(user, snum, PRINTER_ACCESS_USE)) {
+ if (!print_access_check(server_info, snum, PRINTER_ACCESS_USE)) {
DEBUG(3, ("print_job_start: job start denied by security descriptor\n"));
release_print_db(pdb);
return (uint32)-1;
@@ -2437,17 +2438,12 @@ uint32 print_job_start(struct current_user *user, int snum, char *jobname, NT_DE
fstrcpy(pjob.jobname, jobname);
- if ((vuser = get_valid_user_struct(user->vuid)) != NULL) {
- fstrcpy(pjob.user, lp_printjob_username(snum));
- standard_sub_basic(
- vuser->server_info->sanitized_username,
- pdb_get_domain(vuser->server_info->sam_account),
- pjob.user, sizeof(pjob.user)-1);
- /* ensure NULL termination */
- pjob.user[sizeof(pjob.user)-1] = '\0';
- } else {
- fstrcpy(pjob.user, uidtoname(user->ut.uid));
- }
+ fstrcpy(pjob.user, lp_printjob_username(snum));
+ standard_sub_basic(server_info->sanitized_username,
+ pdb_get_domain(server_info->sam_account),
+ pjob.user, sizeof(pjob.user)-1);
+ /* ensure NULL termination */
+ pjob.user[sizeof(pjob.user)-1] = '\0';
fstrcpy(pjob.queuename, lp_const_servicename(snum));
@@ -2775,12 +2771,14 @@ int print_queue_status(int snum,
Pause a queue.
****************************************************************************/
-bool print_queue_pause(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_pause(struct auth_serversupplied_info *server_info, int snum,
+ WERROR *errcode)
{
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+ if (!print_access_check(server_info, snum,
+ PRINTER_ACCESS_ADMINISTER)) {
*errcode = WERR_ACCESS_DENIED;
return False;
}
@@ -2811,12 +2809,14 @@ bool print_queue_pause(struct current_user *user, int snum, WERROR *errcode)
Resume a queue.
****************************************************************************/
-bool print_queue_resume(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_resume(struct auth_serversupplied_info *server_info, int snum,
+ WERROR *errcode)
{
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+ if (!print_access_check(server_info, snum,
+ PRINTER_ACCESS_ADMINISTER)) {
*errcode = WERR_ACCESS_DENIED;
return False;
}
@@ -2847,7 +2847,8 @@ bool print_queue_resume(struct current_user *user, int snum, WERROR *errcode)
Purge a queue - implemented by deleting all jobs that we can delete.
****************************************************************************/
-bool print_queue_purge(struct current_user *user, int snum, WERROR *errcode)
+bool print_queue_purge(struct auth_serversupplied_info *server_info, int snum,
+ WERROR *errcode)
{
print_queue_struct *queue;
print_status_struct status;
@@ -2857,14 +2858,16 @@ bool print_queue_purge(struct current_user *user, int snum, WERROR *errcode)
/* Force and update so the count is accurate (i.e. not a cached count) */
print_queue_update(snum, True);
- can_job_admin = print_access_check(user, snum, JOB_ACCESS_ADMINISTER);
+ can_job_admin = print_access_check(server_info, snum,
+ JOB_ACCESS_ADMINISTER);
njobs = print_queue_status(snum, &queue, &status);
if ( can_job_admin )
become_root();
for (i=0;i<njobs;i++) {
- bool owner = is_owner(user, lp_const_servicename(snum), queue[i].job);
+ bool owner = is_owner(server_info, lp_const_servicename(snum),
+ queue[i].job);
if (owner || can_job_admin) {
print_job_delete1(snum, queue[i].job);
generated by cgit (git 2.34.1) at 2025-01-01 06:58:54 +0000