Fixes to sync up with appliance-head. Fix from Kenichi Okuyama for a typo

in loadparm.c Removed extra \n in configure.
Jeremy.

2 files changed, 76 insertions, 35 deletions

diff --git a/source/printing/nt_printing.c b/source/printing/nt_printing.c
index 7b84f951614..9eb7dc12ed3 100644
--- a/source/printing/nt_printing.c
+++ b/source/printing/nt_printing.c
@@ -3003,9 +3003,9 @@ void map_printer_permissions(SEC_DESC *sd)
 }
 
 /****************************************************************************
- Check a user has permissions to perform the given operation.  We use some
- constants defined in include/rpc_spoolss.h that look relevant to check
- the various actions we perform when checking printer access.
+ Check a user has permissions to perform the given operation.  We use the
+ permission constants defined in include/rpc_spoolss.h to check the various
+ actions we perform when checking printer access.
 
    PRINTER_ACCESS_ADMINISTER:
        print_queue_pause, print_queue_resume, update_printer_sec,
@@ -3015,7 +3015,7 @@ void map_printer_permissions(SEC_DESC *sd)
    PRINTER_ACCESS_USE:
        print_job_start
 
-   PRINTER_ACCESS_ADMINISTER (should really be JOB_ACCESS_ADMINISTER):
+   JOB_ACCESS_ADMINISTER:
        print_job_delete, print_job_pause, print_job_resume,
        print_queue_purge
 
@@ -3051,14 +3051,34 @@ BOOL print_access_check(struct current_user *user, int snum, int access_type)
 	/* Get printer security descriptor */
 
 	nt_printing_getsec(pname, &secdesc);
+
+	if (access_type == JOB_ACCESS_ADMINISTER) {
+		SEC_DESC_BUF *parent_secdesc = secdesc;
+
+		/* Create a child security descriptor to check permissions
+		   against.  This is because print jobs are child objects
+		   objects of a printer. */
+
+		secdesc = se_create_child_secdesc(parent_secdesc->sec, False);
+
+		free_sec_desc_buf(&parent_secdesc);
+
+		/* Now this is the bit that really confuses me.  The access
+		   type needs to be changed from JOB_ACCESS_ADMINISTER to
+		   PRINTER_ACCESS_ADMINISTER for this to work.  Something
+		   to do with the child (job) object becoming like a
+		   printer??  -tpot */
+
+		access_type = PRINTER_ACCESS_ADMINISTER;
+	}
+	
+	/* Check access */
 	
 	map_printer_permissions(secdesc->sec);
 
 	result = se_access_check(secdesc->sec, user, access_type,
 				 &access_granted, &status);
 
-	/* Check access */
-	
 	DEBUG(4, ("access check was %s\n", result ? "SUCCESS" : "FAILURE"));
 	
 	/* Free mallocated memory */
diff --git a/source/printing/printing.c b/source/printing/printing.c
index 3ce58b5b78b..3a676d29b66 100644
--- a/source/printing/printing.c
+++ b/source/printing/printing.c
@@ -534,6 +534,14 @@ static BOOL print_job_delete1(int jobid)
 
 	snum = print_job_snum(jobid);
 
+	/* Hrm - we need to be able to cope with deleting a job before it
+	   has reached the spooler. */
+
+	if (pjob->sysjob == -1) {
+		DEBUG(5, ("attempt to delete job %d not seen by lpr\n",
+			  jobid));
+	}
+
 	if (pjob->spooled && pjob->sysjob != -1) {
 		/* need to delete the spooled entry */
 		fstring jobstr;
@@ -580,7 +588,7 @@ BOOL print_job_delete(struct current_user *user, int jobid, int *errcode)
 	   owns their job. */
 
 	if (!owner && 
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("delete denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -622,7 +630,7 @@ BOOL print_job_pause(struct current_user *user, int jobid, int *errcode)
 	owner = is_owner(user, jobid);
 
 	if (!owner &&
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("pause denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -673,7 +681,7 @@ BOOL print_job_resume(struct current_user *user, int jobid, int *errcode)
 	owner = is_owner(user, jobid);
 
 	if (!is_owner(user, jobid) &&
-	    !print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
+	    !print_access_check(user, snum, JOB_ACCESS_ADMINISTER)) {
 		DEBUG(3, ("resume denied by security descriptor\n"));
 		*errcode = ERROR_ACCESS_DENIED;
 		return False;
@@ -906,11 +914,11 @@ int print_job_start(struct current_user *user, int snum, char *jobname)
 BOOL print_job_end(int jobid)
 {
 	struct printjob *pjob = print_job_find(jobid);
-	int snum;
+	int snum, ret;
 	SMB_STRUCT_STAT sbuf;
 	pstring current_directory;
 	pstring print_directory;
-	char *wd, *p, *printer_name;
+	char *wd, *p;
 	pstring jobname;
 
 	if (!pjob)
@@ -921,12 +929,17 @@ BOOL print_job_end(int jobid)
 
 	snum = print_job_snum(jobid);
 
-	if (sys_fstat(pjob->fd, &sbuf) == 0)
+	if (sys_fstat(pjob->fd, &sbuf) == 0) {
 		pjob->size = sbuf.st_size;
-
-	close(pjob->fd);
-	pjob->fd = -1;
-
+		close(pjob->fd);
+		pjob->fd = -1;
+	} else {
+		/* Couldn't stat the job file, so something has gone wrong. Cleanup */
+		unlink(pjob->filename);
+		tdb_delete(tdb, print_key(jobid));
+		return False;
+	}
+	
 	if (pjob->size == 0) {
 		/* don't bother spooling empty files */
 		unlink(pjob->filename);
@@ -953,7 +966,7 @@ BOOL print_job_end(int jobid)
 	pstring_sub(jobname, "'", "_");
 
 	/* send it to the system spooler */
-	print_run_command(snum, 
+	ret = print_run_command(snum, 
 			  lp_printcommand(snum), NULL,
 			  "%s", p,
   			  "%J", jobname,
@@ -962,19 +975,23 @@ BOOL print_job_end(int jobid)
 
 	chdir(wd);
 
-	pjob->spooled = True;
-	print_job_store(jobid, pjob);
-
-	/* force update the database */
-	print_cache_flush(snum);
-	
-	/* Send a printer notify message */
-
-	printer_name = PRINTERNAME(snum);
-
-	message_send_all(conn_tdb_ctx(),MSG_PRINTER_NOTIFY, printer_name, strlen(printer_name) + 1, False);
-
-	return True;
+	if (ret == 0) {
+		/* The print job has been sucessfully handed over to the back-end */
+		
+		pjob->spooled = True;
+		print_job_store(jobid, pjob);
+		
+		/* make sure the database is up to date */
+		if (print_cache_expired(snum)) print_queue_update(snum);
+		
+		return True;
+	} else {
+		/* The print job was not succesfully started. Cleanup */
+		/* Still need to add proper error return propagation! 010122:JRR */
+		unlink(pjob->filename);
+		tdb_delete(tdb, print_key(jobid));
+		return False;
+	}
 }
 
 /* utility fn to enumerate the print queue */
@@ -1186,8 +1203,8 @@ BOOL print_queue_resume(struct current_user *user, int snum, int *errcode)
 		return False;
 	}
 
-	/* force update the database */
-	print_cache_flush(snum);
+	/* make sure the database is up to date */
+	if (print_cache_expired(snum)) print_queue_update(snum);
 
 	/* Send a printer notify message */
 
@@ -1207,16 +1224,20 @@ BOOL print_queue_purge(struct current_user *user, int snum, int *errcode)
 	print_status_struct status;
 	char *printer_name;
 	int njobs, i;
+	BOOL can_job_admin;
 
+	can_job_admin = print_access_check(user, snum, JOB_ACCESS_ADMINISTER);
 	njobs = print_queue_status(snum, &queue, &status);
 
-	if (print_access_check(user, snum, PRINTER_ACCESS_ADMINISTER)) {
-		for (i=0;i<njobs;i++) {
+	for (i=0;i<njobs;i++) {
+		BOOL owner = is_owner(user, queue[i].job);
+
+		if (owner || can_job_admin) {
 			print_job_delete1(queue[i].job);
 		}
 	}
 
-	print_cache_flush(snum);
+	print_queue_update(snum);
 	safe_free(queue);
 
 	/* Send a printer notify message */