diff options
Diffstat (limited to 'source3/printing')
-rw-r--r-- | source3/printing/nt_printing.c | 32 | ||||
-rw-r--r-- | source3/printing/printing.c | 33 |
2 files changed, 45 insertions, 20 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 7b84f95161..9eb7dc12ed 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -3003,9 +3003,9 @@ void map_printer_permissions(SEC_DESC *sd) } /**************************************************************************** - Check a user has permissions to perform the given operation. We use some - constants defined in include/rpc_spoolss.h that look relevant to check - the various actions we perform when checking printer access. + Check a user has permissions to perform the given operation. We use the + permission constants defined in include/rpc_spoolss.h to check the various + actions we perform when checking printer access. PRINTER_ACCESS_ADMINISTER: print_queue_pause, print_queue_resume, update_printer_sec, @@ -3015,7 +3015,7 @@ void map_printer_permissions(SEC_DESC *sd) PRINTER_ACCESS_USE: print_job_start - PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER): + JOB_ACCESS_ADMINISTER: print_job_delete, print_job_pause, print_job_resume, print_queue_purge @@ -3051,14 +3051,34 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) /* Get printer security descriptor */ nt_printing_getsec(pname, &secdesc); + + if (access_type == JOB_ACCESS_ADMINISTER) { + SEC_DESC_BUF *parent_secdesc = secdesc; + + /* Create a child security descriptor to check permissions + against. This is because print jobs are child objects + objects of a printer. */ + + secdesc = se_create_child_secdesc(parent_secdesc->sec, False); + + free_sec_desc_buf(&parent_secdesc); + + /* Now this is the bit that really confuses me. The access + type needs to be changed from JOB_ACCESS_ADMINISTER to + PRINTER_ACCESS_ADMINISTER for this to work. Something + to do with the child (job) object becoming like a + printer?? -tpot */ + + access_type = PRINTER_ACCESS_ADMINISTER; + } + + /* Check access */ map_printer_permissions(secdesc->sec); result = se_access_check(secdesc->sec, user, access_type, &access_granted, &status); - /* Check access */ - DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); /* Free mallocated memory */ diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 3ce58b5b78..a22c8b749a 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -580,7 +580,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode) owns their job. */ if (!owner && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("delete denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -622,7 +622,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!owner && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("pause denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -673,7 +673,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!is_owner(user, jobid) && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("resume denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -921,12 +921,17 @@ BOOL print_job_end(int jobid) snum = print_job_snum(jobid); - if (sys_fstat(pjob->fd, &sbuf) == 0) + if (sys_fstat(pjob->fd, &sbuf) == 0) { pjob->size = sbuf.st_size; - - close(pjob->fd); - pjob->fd = -1; - + close(pjob->fd); + pjob->fd = -1; + } else { + /* Couldn't stat the job file, so something has gone wrong. Cleanup */ + unlink(pjob->filename); + tdb_delete(tdb, print_key(jobid)); + return False; + } + if (pjob->size == 0) { /* don't bother spooling empty files */ unlink(pjob->filename); @@ -965,9 +970,9 @@ BOOL print_job_end(int jobid) pjob->spooled = True; print_job_store(jobid, pjob); - /* force update the database */ - print_cache_flush(snum); - + /* make sure the database is up to date */ + if (print_cache_expired(snum)) print_queue_update(snum); + /* Send a printer notify message */ printer_name = PRINTERNAME(snum); @@ -1186,8 +1191,8 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode) return False; } - /* force update the database */ - print_cache_flush(snum); + /* make sure the database is up to date */ + if (print_cache_expired(snum)) print_queue_update(snum); /* Send a printer notify message */ @@ -1216,7 +1221,7 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode) } } - print_cache_flush(snum); + print_queue_update(snum); safe_free(queue); /* Send a printer notify message */ |