Changeset 136 for trunk/samba/source/printing/nt_printing.c

Timestamp:

May 29, 2008, 12:22:03 PM (17 years ago)

Author:

Paul Smedley

Message:

Update trunk to 3.2.0rc1

File:

• trunk/samba/source/printing/nt_printing.c (modified) (8 diffs)

trunk/samba/source/printing/nt_printing.c

@@ -71 +71 @@
         SERVER_EXECUTE,
         SERVER_ALL_ACCESS
+};
+
+/* Map generic permissions to job object specific permissions */
+
+const struct generic_mapping job_generic_mapping = {
+        JOB_READ,
+        JOB_WRITE,
+        JOB_EXECUTE,
+        JOB_ALL_ACCESS
 };
 
@@ -4993 +5002 @@
 {
         int i = 0;
-        
+
         if ( !info )
                 return False;
-                
+
+        /* mz: skip files that are in the list but already deleted */
+        if (!file || !file[0]) {
+                return false;
+        }
+
         if ( strequal(file, info->driverpath) )
                 return True;
@@ -5109 +5123 @@
   Upon return, *info has been modified to only contain the driver files
   which are not in use
+
+  Fix from mz:
+
+  This needs to check all drivers to ensure that all files in use
+  have been removed from *info, not just the ones in the first
+  match.
 ****************************************************************************/
 
@@ -5118 +5138 @@
         fstring                         *list = NULL;
         NT_PRINTER_DRIVER_INFO_LEVEL    driver;
-        
+        bool in_use = false;
+
         if ( !info )
                 return False;
@@ -5153 +5174 @@
                 if ( !strequal(info->name, driver.info_3->name) ) {
                         if ( trim_overlap_drv_files(info, driver.info_3) ) {
-                                free_a_printer_driver(driver, 3);
-                                SAFE_FREE( list );
-                                return True;
+                                /* mz: Do not instantly return -
+                                 * we need to ensure this file isn't
+                                 * also in use by other drivers. */
+                                in_use = true;
                         }
                 }
@@ -5171 +5193 @@
                 dump_a_printer_driver( driver, 3 );
 
-        return False;
+        return in_use;
 }
 
@@ -5707 +5729 @@
 }
 
+void map_job_permissions(SEC_DESC *sd)
+{
+        int i;
+
+        for (i = 0; sd->dacl && i < sd->dacl->num_aces; i++) {
+                se_map_generic(&sd->dacl->aces[i].access_mask,
+                               &job_generic_mapping);
+        }
+}
+
+
 /****************************************************************************
  Check a user has permissions to perform the given operation.  We use the
@@ -5788 +5821 @@
                 }
 
-                /* Now this is the bit that really confuses me.  The access
-                   type needs to be changed from JOB_ACCESS_ADMINISTER to
-                   PRINTER_ACCESS_ADMINISTER for this to work.  Something
-                   to do with the child (job) object becoming like a
-                   printer??  -tpot */
-
-                access_type = PRINTER_ACCESS_ADMINISTER;
-        }
-        
+                map_job_permissions(secdesc->sd);
+        } else {
+                map_printer_permissions(secdesc->sd);
+        }
+
         /* Check access */
-        
-        map_printer_permissions(secdesc->sd);
-
         result = se_access_check(secdesc->sd, user->nt_user_token, access_type,
                                  &access_granted, &status);