The branch, v3-6-test has been updated
via 0c15472 s3-spoolss: make sure members of "BUILTIN\Print Operators"
can open printers with admin privileges.
via b8f27f9 s3-spoolss: add debug statement for access denied cases in
OpenPrinterEx path.
via bb1acb2 s3-rpcclient: exit early in cmd_spoolss_enum_data() when
there is a failure.
from 074e490 net: Add and fix some German translation
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 0c154720ef033fb946e8f4de6fb70a6c7c922f5b
Author: Günther Deschner <g...@samba.org>
Date: Thu Nov 18 11:31:13 2010 -0800
s3-spoolss: make sure members of "BUILTIN\Print Operators" can open printers
with admin privileges.
Guenther
commit b8f27f99d20d5395006c8ca5aaffdda7632cac23
Author: Günther Deschner <g...@samba.org>
Date: Mon Nov 15 11:19:23 2010 +0100
s3-spoolss: add debug statement for access denied cases in OpenPrinterEx
path.
Guenther
(cherry picked from commit ee8c035c41c08e5ac599cf68214acd12712191fa)
commit bb1acb24ae66f046816a149144d6b7375b72fbf8
Author: Günther Deschner <g...@samba.org>
Date: Thu Nov 11 13:26:10 2010 +0100
s3-rpcclient: exit early in cmd_spoolss_enum_data() when there is a failure.
Guenther
(cherry picked from commit b432a3ba194fdd8a12f5198cd6012d4916301da4)
-----------------------------------------------------------------------
Summary of changes:
source3/rpc_server/srv_spoolss_nt.c | 5 +++++
source3/rpcclient/cmd_spoolss.c | 9 +++++++++
2 files changed, 14 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/rpc_server/srv_spoolss_nt.c
b/source3/rpc_server/srv_spoolss_nt.c
index 262f4a3..c1f72db 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1618,6 +1618,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok,
&se_printop ) &&
+
!nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->server_info->ptok)
&&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
p->server_info->info3->base.domain.string,
@@ -1626,6 +1627,10 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
ZERO_STRUCTP(r->out.handle);
+ DEBUG(3,("access DENIED as user is not root, "
+ "has no printoperator privilege, "
+ "not a member of the printoperater
builtin group and "
+ "is not in printer admin list"));
return WERR_ACCESS_DENIED;
}
diff --git a/source3/rpcclient/cmd_spoolss.c b/source3/rpcclient/cmd_spoolss.c
index 0cfceec..78a72d3 100644
--- a/source3/rpcclient/cmd_spoolss.c
+++ b/source3/rpcclient/cmd_spoolss.c
@@ -2857,6 +2857,15 @@ static WERROR cmd_spoolss_enum_data(struct
rpc_pipe_client *cli,
&data_needed,
&result);
+ if (!NT_STATUS_IS_OK(status)) {
+ result = ntstatus_to_werror(status);
+ goto done;
+ }
+
+ if (!W_ERROR_IS_OK(result)) {
+ goto done;
+ }
+
data_offered = data_needed;
value_offered = value_needed;
data = talloc_zero_array(mem_ctx, uint8_t, data_needed);
--
Samba Shared Repository
