The Samba-Bugzilla – Attachment 5061 Details for
Bug 6971
Remove deprecated parameters?
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed patch to remove 'printer admin' option
0001-s3-printing-Remove-deprecated-printer-admin-paramete.patch (text/plain), 7.80 KB, created by
Karolin Seeger
on 2009-12-07 09:03:14 UTC
(
hide
)
Description:
proposed patch to remove 'printer admin' option
Filename:
MIME Type:
Creator:
Karolin Seeger
Created:
2009-12-07 09:03:14 UTC
Size:
7.80 KB
patch
obsolete
>From d4a3a326f259dc129124d6c3811d904be96e8418 Mon Sep 17 00:00:00 2001 >From: Karolin Seeger <kseeger@samba.org> >Date: Fri, 20 Nov 2009 10:09:31 +0100 >Subject: [PATCH] s3-printing: Remove deprecated printer admin parameter. > >Use SePrinterOperator privilege instead. > >Karolin >--- > source3/include/proto.h | 1 - > source3/param/loadparm.c | 12 -------- > source3/printing/nt_printing.c | 11 -------- > source3/rpc_server/srv_spoolss_nt.c | 48 ++++++++-------------------------- > 4 files changed, 12 insertions(+), 60 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index cad8651..89a203b 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -4168,7 +4168,6 @@ char *lp_force_user(int ); > char *lp_force_group(int ); > const char **lp_readlist(int ); > const char **lp_writelist(int ); >-const char **lp_printer_admin(int ); > char *lp_fstype(int ); > const char **lp_vfs_objects(int ); > char *lp_msdfs_proxy(int ); >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index c024603..5fb53b5 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -405,7 +405,6 @@ struct service { > char *force_group; > char **readlist; > char **writelist; >- char **printer_admin; > char *volume; > char *fstype; > char **szVfsObjects; >@@ -548,7 +547,6 @@ static struct service sDefault = { > NULL, /* force group */ > NULL, /* readlist */ > NULL, /* writelist */ >- NULL, /* printer admin */ > NULL, /* volume */ > NULL, /* fstype */ > NULL, /* vfs objects */ >@@ -1450,15 +1448,6 @@ static struct parm_struct parm_table[] = { > .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE, > }, > { >- .label = "printer admin", >- .type = P_LIST, >- .p_class = P_LOCAL, >- .ptr = &sDefault.printer_admin, >- .special = NULL, >- .enum_list = NULL, >- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_PRINT | FLAG_DEPRECATED, >- }, >- { > .label = "force user", > .type = P_STRING, > .p_class = P_LOCAL, >@@ -5576,7 +5565,6 @@ FN_LOCAL_STRING(lp_force_user, force_user) > FN_LOCAL_STRING(lp_force_group, force_group) > FN_LOCAL_LIST(lp_readlist, readlist) > FN_LOCAL_LIST(lp_writelist, writelist) >-FN_LOCAL_LIST(lp_printer_admin, printer_admin) > FN_LOCAL_STRING(lp_fstype, fstype) > FN_LOCAL_LIST(lp_vfs_objects, szVfsObjects) > FN_LOCAL_STRING(lp_msdfs_proxy, szMSDfsProxy) >diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c >index 9995dfe..a22d7cf 100644 >--- a/source3/printing/nt_printing.c >+++ b/source3/printing/nt_printing.c >@@ -5687,7 +5687,6 @@ void map_job_permissions(SEC_DESC *sd) > Try access control in the following order (for performance reasons): > 1) root and SE_PRINT_OPERATOR can do anything (easy check) > 2) check security descriptor (bit comparisons in memory) >- 3) "printer admins" (may result in numerous calls to winbind) > > ****************************************************************************/ > bool print_access_check(struct auth_serversupplied_info *server_info, int snum, >@@ -5757,16 +5756,6 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum, > > DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE")); > >- /* see if we need to try the printer admin list */ >- >- if ((access_granted == 0) && >- (token_contains_name_in_list(uidtoname(server_info->utok.uid), >- NULL, NULL, server_info->ptok, >- lp_printer_admin(snum)))) { >- talloc_destroy(mem_ctx); >- return True; >- } >- > talloc_destroy(mem_ctx); > > if (!NT_STATUS_IS_OK(status)) { >diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c >index 682a59b..2315122 100644 >--- a/source3/rpc_server/srv_spoolss_nt.c >+++ b/source3/rpc_server/srv_spoolss_nt.c >@@ -1633,16 +1633,11 @@ WERROR _spoolss_OpenPrinterEx(pipes_struct *p, > } > > /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, >- and not a printer admin, then fail */ >+ then fail */ > > if ((p->server_info->utok.uid != sec_initial_uid()) && > !user_has_privileges(p->server_info->ptok, >- &se_printop ) && >- !token_contains_name_in_list( >- uidtoname(p->server_info->utok.uid), >- NULL, NULL, >- p->server_info->ptok, >- lp_printer_admin(snum))) { >+ &se_printop )) { > close_printer_handle(p, r->out.handle); > ZERO_STRUCTP(r->out.handle); > return WERR_ACCESS_DENIED; >@@ -2097,14 +2092,10 @@ WERROR _spoolss_DeletePrinterDriver(pipes_struct *p, > SE_PRIV se_printop = SE_PRINT_OPERATOR; > > /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, >- and not a printer admin, then fail */ >+ then fail */ > > if ( (p->server_info->utok.uid != sec_initial_uid()) >- && !user_has_privileges(p->server_info->ptok, &se_printop ) >- && !token_contains_name_in_list( >- uidtoname(p->server_info->utok.uid), NULL, >- NULL, p->server_info->ptok, >- lp_printer_admin(-1)) ) >+ && !user_has_privileges(p->server_info->ptok, &se_printop )) > { > return WERR_ACCESS_DENIED; > } >@@ -2197,13 +2188,10 @@ WERROR _spoolss_DeletePrinterDriverEx(pipes_struct *p, > SE_PRIV se_printop = SE_PRINT_OPERATOR; > > /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, >- and not a printer admin, then fail */ >+ then fail */ > > if ( (p->server_info->utok.uid != sec_initial_uid()) >- && !user_has_privileges(p->server_info->ptok, &se_printop ) >- && !token_contains_name_in_list( >- uidtoname(p->server_info->utok.uid), NULL, NULL, >- p->server_info->ptok, lp_printer_admin(-1)) ) >+ && !user_has_privileges(p->server_info->ptok, &se_printop )) > { > return WERR_ACCESS_DENIED; > } >@@ -7581,7 +7569,7 @@ static WERROR spoolss_addprinterex_level_2(pipes_struct *p, > return WERR_ACCESS_DENIED; > } > >- /* you must be a printer admin to add a new printer */ >+ /* you must have the SePrintOperator privilege add a new printer */ > if (!print_access_check(p->server_info, snum, PRINTER_ACCESS_ADMINISTER)) { > free_a_printer(&printer,2); > return WERR_ACCESS_DENIED; >@@ -8362,14 +8350,10 @@ WERROR _spoolss_AddForm(pipes_struct *p, > } > > /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, >- and not a printer admin, then fail */ >+ then fail */ > > if ((p->server_info->utok.uid != sec_initial_uid()) && >- !user_has_privileges(p->server_info->ptok, &se_printop) && >- !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), >- NULL, NULL, >- p->server_info->ptok, >- lp_printer_admin(snum))) { >+ !user_has_privileges(p->server_info->ptok, &se_printop)) { > DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n")); > return WERR_ACCESS_DENIED; > } >@@ -8446,11 +8430,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p, > } > > if ((p->server_info->utok.uid != sec_initial_uid()) && >- !user_has_privileges(p->server_info->ptok, &se_printop) && >- !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), >- NULL, NULL, >- p->server_info->ptok, >- lp_printer_admin(snum))) { >+ !user_has_privileges(p->server_info->ptok, &se_printop)) { > DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n")); > return WERR_ACCESS_DENIED; > } >@@ -8526,14 +8506,10 @@ WERROR _spoolss_SetForm(pipes_struct *p, > } > > /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, >- and not a printer admin, then fail */ >+ then fail */ > > if ((p->server_info->utok.uid != sec_initial_uid()) && >- !user_has_privileges(p->server_info->ptok, &se_printop) && >- !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), >- NULL, NULL, >- p->server_info->ptok, >- lp_printer_admin(snum))) { >+ !user_has_privileges(p->server_info->ptok, &se_printop)) { > DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n")); > return WERR_ACCESS_DENIED; > } >-- >1.6.4.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=5061">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6971
: 5061