diff options
author | Jeremy Allison <jra@samba.org> | 2001-01-22 18:10:20 +0000 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2001-01-22 18:10:20 +0000 |
commit | ea05e9be70a54259bc0321d57e4aa7b3c6423d52 (patch) | |
tree | bb20c20299e69f37ae73b094b0844edecf26c154 /source/printing | |
parent | c7a6dc40fac0c6b5e979c470996d4a2bdeb587c5 (diff) | |
download | samba-ea05e9be70a54259bc0321d57e4aa7b3c6423d52.tar.gz samba-ea05e9be70a54259bc0321d57e4aa7b3c6423d52.tar.xz samba-ea05e9be70a54259bc0321d57e4aa7b3c6423d52.zip |
Fixes to sync up with appliance-head. Fix from Kenichi Okuyama for a typo
in loadparm.c Removed extra \n in configure.
Jeremy.
Diffstat (limited to 'source/printing')
-rw-r--r-- | source/printing/nt_printing.c | 32 | ||||
-rw-r--r-- | source/printing/printing.c | 79 |
2 files changed, 76 insertions, 35 deletions
diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c index 7b84f951614..9eb7dc12ed3 100644 --- a/source/printing/nt_printing.c +++ b/source/printing/nt_printing.c @@ -3003,9 +3003,9 @@ void map_printer_permissions(SEC_DESC *sd) } /**************************************************************************** - Check a user has permissions to perform the given operation. We use some - constants defined in include/rpc_spoolss.h that look relevant to check - the various actions we perform when checking printer access. + Check a user has permissions to perform the given operation. We use the + permission constants defined in include/rpc_spoolss.h to check the various + actions we perform when checking printer access. PRINTER_ACCESS_ADMINISTER: print_queue_pause, print_queue_resume, update_printer_sec, @@ -3015,7 +3015,7 @@ void map_printer_permissions(SEC_DESC *sd) PRINTER_ACCESS_USE: print_job_start - PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER): + JOB_ACCESS_ADMINISTER: print_job_delete, print_job_pause, print_job_resume, print_queue_purge @@ -3051,14 +3051,34 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type) /* Get printer security descriptor */ nt_printing_getsec(pname, &secdesc); + + if (access_type == JOB_ACCESS_ADMINISTER) { + SEC_DESC_BUF *parent_secdesc = secdesc; + + /* Create a child security descriptor to check permissions + against. This is because print jobs are child objects + objects of a printer. */ + + secdesc = se_create_child_secdesc(parent_secdesc->sec, False); + + free_sec_desc_buf(&parent_secdesc); + + /* Now this is the bit that really confuses me. The access + type needs to be changed from JOB_ACCESS_ADMINISTER to + PRINTER_ACCESS_ADMINISTER for this to work. Something + to do with the child (job) object becoming like a + printer?? -tpot */ + + access_type = PRINTER_ACCESS_ADMINISTER; + } + + /* Check access */ map_printer_permissions(secdesc->sec); result = se_access_check(secdesc->sec, user, access_type, &access_granted, &status); - /* Check access */ - DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE")); /* Free mallocated memory */ diff --git a/source/printing/printing.c b/source/printing/printing.c index 3ce58b5b78b..3a676d29b66 100644 --- a/source/printing/printing.c +++ b/source/printing/printing.c @@ -534,6 +534,14 @@ static BOOL print_job_delete1(int jobid) snum = print_job_snum(jobid); + /* Hrm - we need to be able to cope with deleting a job before it + has reached the spooler. */ + + if (pjob->sysjob == -1) { + DEBUG(5, ("attempt to delete job %d not seen by lpr\n", + jobid)); + } + if (pjob->spooled && pjob->sysjob != -1) { /* need to delete the spooled entry */ fstring jobstr; @@ -580,7 +588,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode) owns their job. */ if (!owner && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("delete denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -622,7 +630,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!owner && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("pause denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -673,7 +681,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode) owner = is_owner(user, jobid); if (!is_owner(user, jobid) && - !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { + !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("resume denied by security descriptor\n")); *errcode = ERROR_ACCESS_DENIED; return False; @@ -906,11 +914,11 @@ int print_job_start(struct current_user *user, int snum, char *jobname) BOOL print_job_end(int jobid) { struct printjob *pjob = print_job_find(jobid); - int snum; + int snum, ret; SMB_STRUCT_STAT sbuf; pstring current_directory; pstring print_directory; - char *wd, *p, *printer_name; + char *wd, *p; pstring jobname; if (!pjob) @@ -921,12 +929,17 @@ BOOL print_job_end(int jobid) snum = print_job_snum(jobid); - if (sys_fstat(pjob->fd, &sbuf) == 0) + if (sys_fstat(pjob->fd, &sbuf) == 0) { pjob->size = sbuf.st_size; - - close(pjob->fd); - pjob->fd = -1; - + close(pjob->fd); + pjob->fd = -1; + } else { + /* Couldn't stat the job file, so something has gone wrong. Cleanup */ + unlink(pjob->filename); + tdb_delete(tdb, print_key(jobid)); + return False; + } + if (pjob->size == 0) { /* don't bother spooling empty files */ unlink(pjob->filename); @@ -953,7 +966,7 @@ BOOL print_job_end(int jobid) pstring_sub(jobname, "'", "_"); /* send it to the system spooler */ - print_run_command(snum, + ret = print_run_command(snum, lp_printcommand(snum), NULL, "%s", p, "%J", jobname, @@ -962,19 +975,23 @@ BOOL print_job_end(int jobid) chdir(wd); - pjob->spooled = True; - print_job_store(jobid, pjob); - - /* force update the database */ - print_cache_flush(snum); - - /* Send a printer notify message */ - - printer_name = PRINTERNAME(snum); - - message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False); - - return True; + if (ret == 0) { + /* The print job has been sucessfully handed over to the back-end */ + + pjob->spooled = True; + print_job_store(jobid, pjob); + + /* make sure the database is up to date */ + if (print_cache_expired(snum)) print_queue_update(snum); + + return True; + } else { + /* The print job was not succesfully started. Cleanup */ + /* Still need to add proper error return propagation! 010122:JRR */ + unlink(pjob->filename); + tdb_delete(tdb, print_key(jobid)); + return False; + } } /* utility fn to enumerate the print queue */ @@ -1186,8 +1203,8 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode) return False; } - /* force update the database */ - print_cache_flush(snum); + /* make sure the database is up to date */ + if (print_cache_expired(snum)) print_queue_update(snum); /* Send a printer notify message */ @@ -1207,16 +1224,20 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode) print_status_struct status; char *printer_name; int njobs, i; + BOOL can_job_admin; + can_job_admin = print_access_check(user, snum, JOB_ACCESS_ADMINISTER); njobs = print_queue_status(snum, &queue, &status); - if (print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) { - for (i=0;i<njobs;i++) { + for (i=0;i<njobs;i++) { + BOOL owner = is_owner(user, queue[i].job); + + if (owner || can_job_admin) { print_job_delete1(queue[i].job); } } - print_cache_flush(snum); + print_queue_update(snum); safe_free(queue); /* Send a printer notify message */ |