1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

543 Commits

Author SHA1 Message Date
David Disseldorp
61bf4699f0 s3-printing: follow force user/group for driver IO
Configuring force user/group settings for the print$ share currently has
unexpected results, this is explained by how the driver upload/add
process takes place. Consider the following example:

[print$]
        path = /print-drv
        write list = $DRIVER_UPLOAD_USER
        force group = ntadmin

- the client connects to the [print$] share and uploads all driver
  files to the /print-drv/W32X86 directory.

- This is permitted, as /print-drv/W32X86 is owned by group ntadmin, and
  the "force group = ntadmin" takes effect for the [print$] session.

- Once all files are uploaded, the client connects to the [ipc$]
  share and issues an AddPrinterDriverEx spoolss request.

- In handling this request move_driver_to_download_area() is called,
  which attempts to create the directory /print-drv/W32X86/3

- The create directory fails, as it is done as the user connected to
  the [ipc$] share which does not have permission to write to the driver
  directory. The [print$] "force group = ntadmin" has no effect.

This is a regression from previous behaviour prior to the commit:
783ab04 Convert move_driver_to_download_area to use create_conn_struct.

https://bugzilla.samba.org/show_bug.cgi?id=7921
Signed-off-by: Andreas Schneider <asn@samba.org>
2011-03-04 15:46:14 +01:00
David Disseldorp
016a8d214a s3-printing: vfs_connect prior to driver/dfs IO
samba3.posix_s3.rpc.spoolss.driver fails with the xattr_tdb vfs module
loaded as a part of make test. The (now checked) create_directory() call
in move_driver_to_download_area() fails, uncovering another bug in the
printer driver upload code path.

move_driver_to_download_area() creates a new conn_struct for
manipulating files in [print$]. The VFS layer is plumbed through with
the call to create_conn_struct(), however SMB_VFS_CONNECT() is never
called. Many vfs modules expect state stored at connect time with
SMB_VFS_HANDLE_SET_DATA() to be available on any IO operation and fail
if this is not the case.

This fix adds a call to SMB_VFS_CONNECT() in create_conn_struct() prior
to IO.

https://bugzilla.samba.org/show_bug.cgi?id=7976

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar  2 01:16:30 CET 2011 on sn-devel-104
2011-03-02 01:16:30 +01:00
David Disseldorp
09b4acfd81 s3-printing: clean up get_correct_cversion error paths
Remove an unneeded variable and simplify error paths.
2011-03-02 00:31:22 +01:00
David Disseldorp
14446b5280 s3-printing: fix move_driver_to_download_area() error paths
WERR_ACCESS_DENIED errors are mapped to WERR_UNKNOWN_PRINTER_DRIVER,
resulting in incorrect error messages on Windows clients.

move_driver_to_download_area() returns the same error status values
to the caller via the *perr argument as well as the return value.

The create_directory() call is not checked for error.
2011-03-02 00:31:22 +01:00
Jelmer Vernooij
59a077d8f5 Fix some types
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Mon Feb 28 23:30:06 CET 2011 on sn-devel-104
2011-02-28 23:30:06 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Günther Deschner
4063bde3ed s3-rpc_server: move services into individual directories.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Thu Feb 10 22:13:17 CET 2011 on sn-devel-104
2011-02-10 22:13:17 +01:00
Andrew Bartlett
2b05ba77b4 s3-auth Rename cryptic 'ptok' to security_token
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.

Adnrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-10 06:51:06 +01:00
Günther Deschner
c62509c8f2 s3-spoolss: Fix Bug #7641: handle win9x adddriver calls w/o config file.
This turned cupsaddsmb to run into an infinite loop.

Guenther
2010-11-29 17:56:40 +01:00
Jeremy Allison
f0dcc90f72 Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.

Jeremy.
2010-11-10 01:14:17 +00:00
Jeremy Allison
272feb7bd1 Revert "Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.

This reverts commit a8b95686a7.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
2010-10-22 23:41:36 +00:00
Jeremy Allison
a8b95686a7 Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed
to maintain compatibility with smb.conf manpage.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
2010-10-22 18:15:48 +00:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
515c8f0289 s3: Fix a pointer error
It is not universally guaranteed that an enum is represented as a uint32_t.

This starts to be THE BUG (tm) in Samba. What can I do to explain this
to people a bit better? It seems that the verbose explanations I put into
the recent checkins fixing similar bugs are not clear enough.

Anybody who does is not 100% clear about what this patch fixes please
contact me directly so that we can talk it through on the phone to agree
on a wording that everybody can understand.

Thanks,

Volker
2010-10-04 11:43:47 +02:00
Andreas Schneider
b3fd5e11e5 s3-spoolss: Fixed print_access_check server_info. 2010-10-02 00:04:45 +02:00
Günther Deschner
3797d48b76 s3-spoolss: Fix servername/printername handling which turns out to be very important to get right.
Guenther
2010-09-30 02:59:35 +02:00
Andrew Bartlett
3bb77516b8 s3-privs Convert from user_has_privileges() -> security_token_has_privilege()
This new call is available in the merged privileges code, and
takes an enum as the parameter, rather than a bitmask.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:09 +10:00
Andrew Bartlett
fcaa86f402 s3-privs Further changes to remove SE_PRIV
Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:04 +10:00
Andreas Schneider
bbf2cd50b0 s3-printing: Make auth_serversupplied_info const. 2010-09-09 16:00:08 +02:00
Günther Deschner
16c2d9182d s3-printing: add debug to get_correct_cversion().
Guenther
2010-08-31 23:17:40 +02:00
Volker Lendecke
bccb7c87cc s3: Lift the smbd_messaging_context from check_published_printers 2010-08-08 16:03:25 +02:00
Volker Lendecke
e43ffde91f s3: Lift the smbd_messaging_context from nt_printer_remove 2010-08-08 16:03:25 +02:00
Volker Lendecke
39ce462043 s3: Lift the smbd_messaging_context from print_time_access_check 2010-08-08 16:03:25 +02:00
Volker Lendecke
be7fd4ae50 s3: Lift the smbd_messaging_context from print_access_check 2010-08-08 16:03:25 +02:00
Volker Lendecke
d79895e826 s3: Lift the smbd_messaging_context from printer_driver_files_in_use 2010-08-08 16:03:24 +02:00
Volker Lendecke
862e888f71 s3: Lift the smbd_messaging_context from printer_driver_in_use 2010-08-08 16:03:24 +02:00
Volker Lendecke
1af73b04fc s3: Lift the smbd_messaging_context from winreg_del_driver_list 2010-08-08 16:03:19 +02:00
Volker Lendecke
ae6a3ac225 s3: Lift the smbd_messaging_context from winreg_get_driver 2010-08-08 16:03:19 +02:00
Volker Lendecke
747f5c5318 s3: Lift the smbd_messaging_context from winreg_delete_printer_key 2010-08-08 16:03:17 +02:00
Volker Lendecke
4fb993f613 s3: Lift the smbd_messaging_context from winreg_get_printer_secdesc 2010-08-08 16:03:16 +02:00
Volker Lendecke
bd8a1d8a86 s3: Lift the smbd_messaging_context from winreg_get_printer 2010-08-08 16:03:16 +02:00
Günther Deschner
0f8e032628 s3-netlogon: remove global include of netlogon.h.
This reduces precompiled headers by another 4 MB and also slightly speeds up the
build.

Guenther
2010-08-06 15:46:16 +02:00
Günther Deschner
c136b84f0d s3-secrets: only include secrets.h when needed.
Guenther
2010-08-05 10:12:25 +02:00
Günther Deschner
31c484edb9 s3-printing: move AD related printing components to an own file.
Guenther
2010-08-05 00:32:02 +02:00
Günther Deschner
eab6d8c390 s3-spoolss: remove duplicate (and incorrect) header.
Guenther
2010-08-03 00:18:31 +02:00
Günther Deschner
813fbbd68c s3-build: avoid to globally include printing and spoolss headers.
This shrinks precompiled headers by 3MB and will slightly speed up any build.

Guenther
2010-07-31 00:50:31 +02:00
Andreas Schneider
b95d5563dd s3-printing: Added automatic migration of printing tdbs.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:15 -04:00
Andreas Schneider
924cc43d1b s3-spoolss: Move the standard mappings to spoolss.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:15 -04:00
Andreas Schneider
db2a777b0e s3-printing: Added automatic migration of printing tdbs.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:15 -04:00
Andreas Schneider
35e03ef5c2 s3-printing: Move all tdb upgrade functions to a separate file.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:14 -04:00
Andreas Schneider
7c629bda2f s3-printing: Remove unused printer registry key functions.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:13 -04:00
Andreas Schneider
ae405eed4f s3-printing: Removed unused security descriptor functions.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Andreas Schneider
e2d3c0efa9 s3-printing: Removed unused nt_forms.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Andreas Schneider
c918cfdede s3-printing: Removed unsuded c_setprinter functions.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Andreas Schneider
d8ab3e52dc s3-printing: Removed unused free_a_printer function.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Andreas Schneider
5c1f283747 s3-printing: Removed unused mod_a_printer functions.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Andreas Schneider
4e45d5f824 s3-printing: Removed unused get_a_printer functions.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:12 -04:00
Simo Sorce
a1fe2ed68a s3-spoolss: Use winreg_delete_printer_key to delete printers.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:10 -04:00
Simo Sorce
fdf669d377 s3-spoolss: Get rid of get_server_name.
This function was useless the structure is public and used everywhere.

Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:10 -04:00
Simo Sorce
44bc6714b0 s3-printing: Converted printer publishing functions.
Use spoolss_PrintInfo2 and winreg calls.

Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:10 -04:00