The branch, master has been updated via d22965e2e596c8ad78f5330398d43d96bf564773 (commit) via 233bfb25c9443688f74c506348b0a7b34489e1d1 (commit) via a2a155bee59c7e849a492933d1ea5769e409bac5 (commit) from 370e7209dbafce147a5e9f283d9dcc53c72bce99 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d22965e2e596c8ad78f5330398d43d96bf564773 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 30 11:19:42 2009 +0200 s3-spoolss: avoid referring to uid 0 in spoolss server (use sec_initial_uid() instead). Guenther commit 233bfb25c9443688f74c506348b0a7b34489e1d1 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 30 01:25:23 2009 +0200 s3-printing: use move_driver_file_to_download_area() to avoid code duplication. Guenther commit a2a155bee59c7e849a492933d1ea5769e409bac5 Author: Günther Deschner <g...@samba.org> Date: Thu Apr 30 01:07:31 2009 +0200 s3-printing: add move_driver_file_to_download_area(). Guenther ----------------------------------------------------------------------- Summary of changes: source3/printing/nt_printing.c | 238 ++++++++++++++--------------------- source3/rpc_server/srv_spoolss_nt.c | 6 +- 2 files changed, 97 insertions(+), 147 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index cfef4fe..88e210c 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1802,6 +1802,46 @@ static char* ffmt(unsigned char *c){ /**************************************************************************** ****************************************************************************/ + +static WERROR move_driver_file_to_download_area(TALLOC_CTX *mem_ctx, + connection_struct *conn, + const char *driver_file, + const char *architecture, + const char *new_dir, + uint32_t version) +{ + char *old_name = NULL; + char *new_name = NULL; + SMB_STRUCT_STAT st; + NTSTATUS status; + + new_name = talloc_asprintf(mem_ctx, "%s/%s", + architecture, driver_file); + W_ERROR_HAVE_NO_MEMORY(new_name); + + old_name = talloc_asprintf(mem_ctx, "%s/%s", + new_dir, driver_file); + W_ERROR_HAVE_NO_MEMORY(old_name); + + if (version != -1 && (version = file_version_is_newer(conn, new_name, old_name)) > 0) { + + new_name = driver_unix_convert(conn, new_name, &st); + W_ERROR_HAVE_NO_MEMORY(new_name); + + status = copy_file(mem_ctx, conn, new_name, old_name, + OPENX_FILE_EXISTS_TRUNCATE | + OPENX_FILE_CREATE_IF_NOT_EXIST, + 0, false); + if (!NT_STATUS_IS_OK(status)) { + DEBUG(0,("move_driver_file_to_download_area: Unable to rename [%s] to [%s]\n", + new_name, old_name)); + return WERR_ACCESS_DENIED; + } + } + + return WERR_OK; +} + WERROR move_driver_to_download_area(struct pipes_struct *p, NT_PRINTER_DRIVER_INFO_LEVEL driver_abstract, uint32 level, WERROR *perr) @@ -1810,8 +1850,6 @@ WERROR move_driver_to_download_area(struct pipes_struct *p, NT_PRINTER_DRIVER_INFO_LEVEL_3 converted_driver; const char *architecture; char *new_dir = NULL; - char *old_name = NULL; - char *new_name = NULL; connection_struct *conn = NULL; NTSTATUS nt_status; SMB_STRUCT_STAT st; @@ -1894,143 +1932,74 @@ WERROR move_driver_to_download_area(struct pipes_struct *p, DEBUG(5,("Moving files now !\n")); if (driver->driverpath && strlen(driver->driverpath)) { - new_name = talloc_asprintf(ctx, - "%s/%s", - architecture, - driver->driverpath); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - old_name = talloc_asprintf(ctx, - "%s/%s", - new_dir, - driver->driverpath); - if (!old_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) { - new_name = driver_unix_convert(conn,new_name,&st); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if ( !NT_STATUS_IS_OK(copy_file(ctx,conn, new_name, old_name, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { - DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n", - new_name, old_name)); - *perr = WERR_ACCESS_DENIED; + *perr = move_driver_file_to_download_area(ctx, + conn, + driver->driverpath, + architecture, + new_dir, + ver); + if (!W_ERROR_IS_OK(*perr)) { + if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) { ver = -1; } + goto err_exit; } } if (driver->datafile && strlen(driver->datafile)) { if (!strequal(driver->datafile, driver->driverpath)) { - new_name = talloc_asprintf(ctx, - "%s/%s", - architecture, - driver->datafile); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - old_name = talloc_asprintf(ctx, - "%s/%s", - new_dir, - driver->datafile); - if (!old_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) { - new_name = driver_unix_convert(conn,new_name,&st); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if ( !NT_STATUS_IS_OK(copy_file(ctx,conn, new_name, old_name, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { - DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n", - new_name, old_name)); - *perr = WERR_ACCESS_DENIED; + + *perr = move_driver_file_to_download_area(ctx, + conn, + driver->datafile, + architecture, + new_dir, + ver); + if (!W_ERROR_IS_OK(*perr)) { + if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) { ver = -1; } + goto err_exit; } } } if (driver->configfile && strlen(driver->configfile)) { if (!strequal(driver->configfile, driver->driverpath) && - !strequal(driver->configfile, driver->datafile)) { - new_name = talloc_asprintf(ctx, - "%s/%s", - architecture, - driver->configfile); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - old_name = talloc_asprintf(ctx, - "%s/%s", - new_dir, - driver->configfile); - if (!old_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) { - new_name = driver_unix_convert(conn,new_name,&st); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if ( !NT_STATUS_IS_OK(copy_file(ctx,conn, new_name, old_name, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { - DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n", - new_name, old_name)); - *perr = WERR_ACCESS_DENIED; + !strequal(driver->configfile, driver->datafile)) { + + *perr = move_driver_file_to_download_area(ctx, + conn, + driver->configfile, + architecture, + new_dir, + ver); + if (!W_ERROR_IS_OK(*perr)) { + if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) { ver = -1; } + goto err_exit; } } } if (driver->helpfile && strlen(driver->helpfile)) { if (!strequal(driver->helpfile, driver->driverpath) && - !strequal(driver->helpfile, driver->datafile) && - !strequal(driver->helpfile, driver->configfile)) { - new_name = talloc_asprintf(ctx, - "%s/%s", - architecture, - driver->helpfile); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - old_name = talloc_asprintf(ctx, - "%s/%s", - new_dir, - driver->helpfile); - if (!old_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) { - new_name = driver_unix_convert(conn,new_name,&st); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if ( !NT_STATUS_IS_OK(copy_file(ctx,conn, new_name, old_name, OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { - DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n", - new_name, old_name)); - *perr = WERR_ACCESS_DENIED; + !strequal(driver->helpfile, driver->datafile) && + !strequal(driver->helpfile, driver->configfile)) { + + *perr = move_driver_file_to_download_area(ctx, + conn, + driver->helpfile, + architecture, + new_dir, + ver); + if (!W_ERROR_IS_OK(*perr)) { + if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) { ver = -1; } + goto err_exit; } } } @@ -2038,9 +2007,9 @@ WERROR move_driver_to_download_area(struct pipes_struct *p, if (driver->dependentfiles) { for (i=0; *driver->dependentfiles[i]; i++) { if (!strequal(driver->dependentfiles[i], driver->driverpath) && - !strequal(driver->dependentfiles[i], driver->datafile) && - !strequal(driver->dependentfiles[i], driver->configfile) && - !strequal(driver->dependentfiles[i], driver->helpfile)) { + !strequal(driver->dependentfiles[i], driver->datafile) && + !strequal(driver->dependentfiles[i], driver->configfile) && + !strequal(driver->dependentfiles[i], driver->helpfile)) { int j; for (j=0; j < i; j++) { if (strequal(driver->dependentfiles[i], driver->dependentfiles[j])) { @@ -2048,36 +2017,17 @@ WERROR move_driver_to_download_area(struct pipes_struct *p, } } - new_name = talloc_asprintf(ctx, - "%s/%s", - architecture, - driver->dependentfiles[i]); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - old_name = talloc_asprintf(ctx, - "%s/%s", - new_dir, - driver->dependentfiles[i]); - if (!old_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if (ver != -1 && (ver=file_version_is_newer(conn, new_name, old_name)) > 0) { - new_name = driver_unix_convert(conn,new_name,&st); - if (!new_name) { - *perr = WERR_NOMEM; - goto err_exit; - } - if ( !NT_STATUS_IS_OK(copy_file(ctx,conn, new_name, old_name, - OPENX_FILE_EXISTS_TRUNCATE| - OPENX_FILE_CREATE_IF_NOT_EXIST, 0, False))) { - DEBUG(0,("move_driver_to_download_area: Unable to rename [%s] to [%s]\n", - new_name, old_name)); - *perr = WERR_ACCESS_DENIED; + *perr = move_driver_file_to_download_area(ctx, + conn, + driver->dependentfiles[i], + architecture, + new_dir, + ver); + if (!W_ERROR_IS_OK(*perr)) { + if (W_ERROR_EQUAL(*perr, WERR_ACCESS_DENIED)) { ver = -1; } + goto err_exit; } } NextDriver: ; diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index a4c994a..57410d0 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1639,7 +1639,7 @@ WERROR _spoolss_OpenPrinterEx(pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->server_info->utok.uid != 0) && + if ((p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( @@ -2117,7 +2117,7 @@ WERROR _spoolss_DeletePrinterDriver(pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->server_info->utok.uid != 0) + if ( (p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), NULL, @@ -2217,7 +2217,7 @@ WERROR _spoolss_DeletePrinterDriverEx(pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->server_info->utok.uid != 0) + if ( (p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop ) && !token_contains_name_in_list( uidtoname(p->server_info->utok.uid), NULL, NULL, -- Samba Shared Repository