[SCM] Samba Shared Repository - branch master updated

Wed, 16 Jun 2010 03:16:47 -0700 

The branch, master has been updated
       via  bd4bbd9... pidl: make sure to fill in 
cli->pipes_struct->hdr_req.opnum in s3 server dispatch tables.
       via  439e759... s3-lanman: Fix return code for "" printqname in 
api_DosPrintQGetInfo().
       via  1a86532... s4-smbtorture: test smbcli_rap_netprintqgetinfo() with 
"" printqname.
       via  1f1c040... s4-smbtorture: only pull info when status code indicates 
success in smbcli_rap_netprintqgetinfo().
       via  14f2525... s3-printing: add BUILTIN\Print Operators as FULL CONTROL 
to default sd.
      from  47ae4a5... s3-spoolss: Provide a memory context for 
clean_up_driver_struct().

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit bd4bbd9bebc21da232d6a9ed53814eecda2163f3
Author: Günther Deschner <[email protected]>
Date:   Wed Jun 16 12:07:43 2010 +0200

    pidl: make sure to fill in cli->pipes_struct->hdr_req.opnum in s3 server 
dispatch tables.
    
    Guenther

commit 439e7590c920ebdf70e74e15483a3c1e3500331b
Author: Günther Deschner <[email protected]>
Date:   Wed Jun 16 11:04:34 2010 +0200

    s3-lanman: Fix return code for "" printqname in api_DosPrintQGetInfo().
    
    Guenther

commit 1a86532fce51ec2f46b1e8abb1c1838e6793b76b
Author: Günther Deschner <[email protected]>
Date:   Wed Jun 16 11:04:12 2010 +0200

    s4-smbtorture: test smbcli_rap_netprintqgetinfo() with "" printqname.
    
    Guenther

commit 1f1c04010a55e67d8dc2110276eed4cf2a8a0afa
Author: Günther Deschner <[email protected]>
Date:   Wed Jun 16 11:03:31 2010 +0200

    s4-smbtorture: only pull info when status code indicates success in 
smbcli_rap_netprintqgetinfo().
    
    Guenther

commit 14f2525f9e72edffbc0530d3aa20a5a9b80b2ce2
Author: Günther Deschner <[email protected]>
Date:   Fri Jun 11 11:24:06 2010 +0200

    s3-printing: add BUILTIN\Print Operators as FULL CONTROL to default sd.
    
    Guenther

-----------------------------------------------------------------------

Summary of changes:
 pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm |    3 +++
 source3/auth/auth_winbind.c             |   14 +++++++++++---
 source3/printing/nt_printing.c          |   24 ++++++++++++++++++++++--
 source3/smbd/lanman.c                   |    5 +++++
 source4/torture/rap/printing.c          |    8 ++++++++
 source4/torture/rap/rap.c               |    8 +++++---
 6 files changed, 54 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm 
b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
index f4dbe18..0fdc89b 100644
--- a/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
+++ b/pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm
@@ -234,6 +234,9 @@ sub ParseDispatchFunction($)
        pidl "\treturn NT_STATUS_INVALID_PARAMETER;";
        pidl "}";
        pidl "";
+       pidl "/* set opnum in fake rpc header */";
+       pidl "cli->pipes_struct->hdr_req.opnum = opnum;";
+       pidl "";
        pidl "switch (opnum)";
        pidl "{";
        indent;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index beaba7d..b111a2a 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -43,7 +43,7 @@ static NTSTATUS check_winbind_security(const struct 
auth_context *auth_context,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
-       DEBUG(10, ("Check auth for: [%s]", user_info->mapped.account_name));
+       DEBUG(10, ("Check auth for: [%s]\n", user_info->mapped.account_name));
 
        if (!auth_context) {
                DEBUG(3,("Password for user %s cannot be checked because we 
have no auth_info to get the challenge from.\n", 
@@ -73,9 +73,17 @@ static NTSTATUS check_winbind_security(const struct 
auth_context *auth_context,
               sizeof(params.password.response.challenge));
 
        params.password.response.nt_length      = user_info->nt_resp.length;
-       params.password.response.nt_data        = user_info->nt_resp.data;
+       if (params.password.response.nt_length) {
+               params.password.response.nt_data        = 
user_info->nt_resp.data;
+       } else {
+               params.password.response.nt_data        = NULL;
+       }
        params.password.response.lm_length      = user_info->lm_resp.length;
-       params.password.response.lm_data        = user_info->lm_resp.data;
+       if (params.password.response.lm_length) {
+               params.password.response.lm_data        = 
user_info->lm_resp.data;
+       } else {
+               params.password.response.lm_data        = NULL;
+       }
 
        /* we are contacting the privileged pipe */
        become_root();
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 434311d..657db56 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2630,7 +2630,7 @@ WERROR spoolss_create_default_devmode(TALLOC_CTX *mem_ctx,
 WERROR spoolss_create_default_secdesc(TALLOC_CTX *mem_ctx,
                                      struct spoolss_security_descriptor 
**secdesc)
 {
-       struct security_ace ace[5];     /* max number of ace entries */
+       struct security_ace ace[7];     /* max number of ace entries */
        int i = 0;
        uint32_t sa;
        struct security_acl *psa = NULL;
@@ -2680,6 +2680,16 @@ WERROR spoolss_create_default_secdesc(TALLOC_CTX 
*mem_ctx,
                SEC_ACE_TYPE_ACCESS_ALLOWED,
                sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
 
+       /* add BUILTIN\Print Operators as FULL CONTROL */
+
+       sa = PRINTER_ACE_FULL_CONTROL;
+       init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+               SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
+               SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
+       init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+               SEC_ACE_TYPE_ACCESS_ALLOWED,
+               sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
        /* Make the security descriptor owned by the BUILTIN\Administrators */
 
        /* The ACL revision number in rpc_secdesc.h differs from the one
@@ -5317,7 +5327,7 @@ WERROR nt_printing_setsec(const char *sharename, struct 
sec_desc_buf *secdesc_ct
 
 static struct sec_desc_buf *construct_default_printer_sdb(TALLOC_CTX *ctx)
 {
-       struct security_ace ace[5];     /* max number of ace entries */
+       struct security_ace ace[7];     /* max number of ace entries */
        int i = 0;
        uint32_t sa;
        struct security_acl *psa = NULL;
@@ -5368,6 +5378,16 @@ static struct sec_desc_buf 
*construct_default_printer_sdb(TALLOC_CTX *ctx)
                SEC_ACE_TYPE_ACCESS_ALLOWED,
                sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
 
+       /* add BUILTIN\Print Operators as FULL CONTROL */
+
+       sa = PRINTER_ACE_FULL_CONTROL;
+       init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+               SEC_ACE_TYPE_ACCESS_ALLOWED, sa,
+               SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY);
+       init_sec_ace(&ace[i++], &global_sid_Builtin_Print_Operators,
+               SEC_ACE_TYPE_ACCESS_ALLOWED,
+               sa, SEC_ACE_FLAG_CONTAINER_INHERIT);
+
        /* Make the security descriptor owned by the BUILTIN\Administrators */
 
        /* The ACL revision number in rpc_secdesc.h differs from the one
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 8c26262..72d488e 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -819,6 +819,11 @@ static bool api_DosPrintQGetInfo(struct 
smbd_server_connection *sconn,
 
        ZERO_STRUCT(handle);
 
+       if (QueueName == NULL || (strlen(QueueName) < 1)) {
+               desc.errcode = W_ERROR_V(WERR_INVALID_PARAM);
+               goto out;
+       }
+
        status = rpc_connect_spoolss_pipe(conn, &cli);
        if (!NT_STATUS_IS_OK(status)) {
                DEBUG(0,("api_DosPrintQGetInfo: could not connect to spoolss: 
%s\n",
diff --git a/source4/torture/rap/printing.c b/source4/torture/rap/printing.c
index a143017..4f10606 100644
--- a/source4/torture/rap/printing.c
+++ b/source4/torture/rap/printing.c
@@ -120,6 +120,14 @@ static bool test_netprintqgetinfo(struct torture_context 
*tctx,
        int i, p;
        uint16_t levels[] = { 0, 1, 2, 3, 4, 5 };
 
+       r.in.level = 0;
+       r.in.bufsize = 0;
+       r.in.PrintQueueName = "";
+
+       torture_assert_ntstatus_ok(tctx,
+               smbcli_rap_netprintqgetinfo(cli->tree, tctx, &r),
+               "smbcli_rap_netprintqgetinfo failed");
+
        r_enum.in.level = 5;
        r_enum.in.bufsize = 8192;
 
diff --git a/source4/torture/rap/rap.c b/source4/torture/rap/rap.c
index 33d6715..34036f0 100644
--- a/source4/torture/rap/rap.c
+++ b/source4/torture/rap/rap.c
@@ -719,10 +719,12 @@ NTSTATUS smbcli_rap_netprintqgetinfo(struct smbcli_tree 
*tree,
        NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, 
&r->out.convert));
        NDR_GOTO(ndr_pull_uint16(call->ndr_pull_param, NDR_SCALARS, 
&r->out.available));
 
-       call->ndr_pull_data->relative_rap_convert = r->out.convert;
+       if (r->out.status == 0) {
+               call->ndr_pull_data->relative_rap_convert = r->out.convert;
 
-       NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, &r->out.info, 
r->in.level));
-       NDR_GOTO(ndr_pull_rap_printq_info(call->ndr_pull_data, 
NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+               NDR_GOTO(ndr_pull_set_switch_value(call->ndr_pull_data, 
&r->out.info, r->in.level));
+               NDR_GOTO(ndr_pull_rap_printq_info(call->ndr_pull_data, 
NDR_SCALARS|NDR_BUFFERS, &r->out.info));
+       }
 
        if (DEBUGLEVEL >= 10) {
                NDR_PRINT_OUT_DEBUG(rap_NetPrintQGetInfo, r);


-- 
Samba Shared Repository

Reply via email to