diff options
| author | David Disseldorp <ddiss@samba.org> | 2013-09-26 13:24:15 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2013-11-20 08:16:25 +0100 |
| commit | 956a4552f2c66cfe61493de772b5986d95511135 (patch) | |
| tree | 0a987e4e9e6e3cfdf0a535b7d9f3b197a0d0e31e /source3/printing | |
| parent | 2d91577f984bc83c2c87141cfdda87d068060b32 (diff) | |
| download | samba-956a4552f2c66cfe61493de772b5986d95511135.tar.gz | |
printing: return WERROR from print_access_check
print_access_check() currently returns a bool based on whether access is
granted or denied. Errno is set on failure, but none of the callers use
it.
This change converts print_access_check() to return a WERROR.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Diffstat (limited to 'source3/printing')
| -rw-r--r-- | source3/printing/nt_printing.c | 31 | ||||
| -rw-r--r-- | source3/printing/printing.c | 72 |
2 files changed, 47 insertions, 56 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 7a1f36549fe..73c4cf76ee1 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1765,9 +1765,9 @@ void map_job_permissions(struct security_descriptor *sd) 3) "printer admins" (may result in numerous calls to winbind) ****************************************************************************/ -bool print_access_check(const struct auth_session_info *session_info, - struct messaging_context *msg_ctx, int snum, - int access_type) +WERROR print_access_check(const struct auth_session_info *session_info, + struct messaging_context *msg_ctx, int snum, + int access_type) { struct spoolss_security_descriptor *secdesc = NULL; uint32 access_granted; @@ -1781,9 +1781,10 @@ bool print_access_check(const struct auth_session_info *session_info, /* Always allow root or SE_PRINT_OPERATROR to do anything */ - if (session_info->unix_token->uid == sec_initial_uid() - || security_token_has_privilege(session_info->security_token, SEC_PRIV_PRINT_OPERATOR)) { - return True; + if ((session_info->unix_token->uid == sec_initial_uid()) + || security_token_has_privilege(session_info->security_token, + SEC_PRIV_PRINT_OPERATOR)) { + return WERR_OK; } /* Get printer name */ @@ -1791,15 +1792,13 @@ bool print_access_check(const struct auth_session_info *session_info, pname = lp_printername(talloc_tos(), snum); if (!pname || !*pname) { - errno = EACCES; - return False; + return WERR_ACCESS_DENIED; } /* Get printer security descriptor */ if(!(mem_ctx = talloc_init("print_access_check"))) { - errno = ENOMEM; - return False; + return WERR_NOMEM; } result = winreg_get_printer_secdesc_internal(mem_ctx, @@ -1809,8 +1808,7 @@ bool print_access_check(const struct auth_session_info *session_info, &secdesc); if (!W_ERROR_IS_OK(result)) { talloc_destroy(mem_ctx); - errno = ENOMEM; - return False; + return WERR_NOMEM; } if (access_type == JOB_ACCESS_ADMINISTER) { @@ -1828,8 +1826,7 @@ bool print_access_check(const struct auth_session_info *session_info, false); if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); - errno = map_errno_from_nt_status(status); - return False; + return ntstatus_to_werror(status); } map_job_permissions(secdesc); @@ -1845,11 +1842,7 @@ bool print_access_check(const struct auth_session_info *session_info, talloc_destroy(mem_ctx); - if (!NT_STATUS_IS_OK(status)) { - errno = EACCES; - } - - return NT_STATUS_IS_OK(status); + return ntstatus_to_werror(status); } /**************************************************************************** diff --git a/source3/printing/printing.c b/source3/printing/printing.c index b126bd5cbaf..a989d816632 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2226,17 +2226,16 @@ WERROR print_job_delete(const struct auth_session_info *server_info, owns their job. */ if (!owner && - !print_access_check(server_info, msg_ctx, snum, - JOB_ACCESS_ADMINISTER)) { + !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + JOB_ACCESS_ADMINISTER))) { DEBUG(3, ("delete denied by security descriptor\n")); - /* BEGIN_ADMIN_LOG */ - sys_adminlog( LOG_ERR, - "Permission denied-- user not allowed to delete, \ -pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->unix_token->uid), - lp_printername(talloc_tos(), snum) ); - /* END_ADMIN_LOG */ + sys_adminlog(LOG_ERR, + "Permission denied-- user not allowed to delete, " + "pause, or resume print job. User name: %s. " + "Printer name: %s.", + uidtoname(server_info->unix_token->uid), + lp_printername(tmp_ctx, snum) ); werr = WERR_ACCESS_DENIED; goto err_out; @@ -2316,17 +2315,16 @@ WERROR print_job_pause(const struct auth_session_info *server_info, } if (!is_owner(server_info, lp_const_servicename(snum), jobid) && - !print_access_check(server_info, msg_ctx, snum, - JOB_ACCESS_ADMINISTER)) { + !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + JOB_ACCESS_ADMINISTER))) { DEBUG(3, ("pause denied by security descriptor\n")); - /* BEGIN_ADMIN_LOG */ - sys_adminlog( LOG_ERR, - "Permission denied-- user not allowed to delete, \ -pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->unix_token->uid), - lp_printername(talloc_tos(), snum) ); - /* END_ADMIN_LOG */ + sys_adminlog(LOG_ERR, + "Permission denied-- user not allowed to delete, " + "pause, or resume print job. User name: %s. " + "Printer name: %s.", + uidtoname(server_info->unix_token->uid), + lp_printername(tmp_ctx, snum) ); werr = WERR_ACCESS_DENIED; goto err_out; @@ -2388,17 +2386,17 @@ WERROR print_job_resume(const struct auth_session_info *server_info, } if (!is_owner(server_info, lp_const_servicename(snum), jobid) && - !print_access_check(server_info, msg_ctx, snum, - JOB_ACCESS_ADMINISTER)) { + !W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + JOB_ACCESS_ADMINISTER))) { DEBUG(3, ("resume denied by security descriptor\n")); - /* BEGIN_ADMIN_LOG */ - sys_adminlog( LOG_ERR, - "Permission denied-- user not allowed to delete, \ -pause, or resume print job. User name: %s. Printer name: %s.", - uidtoname(server_info->unix_token->uid), - lp_printername(talloc_tos(), snum) ); - /* END_ADMIN_LOG */ + sys_adminlog(LOG_ERR, + "Permission denied-- user not allowed to delete, " + "pause, or resume print job. User name: %s. " + "Printer name: %s.", + uidtoname(server_info->unix_token->uid), + lp_printername(tmp_ctx, snum)); + werr = WERR_ACCESS_DENIED; goto err_out; } @@ -2654,8 +2652,8 @@ static WERROR print_job_checks(const struct auth_session_info *server_info, uint64_t minspace; int ret; - if (!print_access_check(server_info, msg_ctx, snum, - PRINTER_ACCESS_USE)) { + if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + PRINTER_ACCESS_USE))) { DEBUG(3, ("print_job_checks: " "job start denied by security descriptor\n")); return WERR_ACCESS_DENIED; @@ -3285,8 +3283,8 @@ WERROR print_queue_pause(const struct auth_session_info *server_info, int ret; struct printif *current_printif = get_printer_fns( snum ); - if (!print_access_check(server_info, msg_ctx, snum, - PRINTER_ACCESS_ADMINISTER)) { + if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + PRINTER_ACCESS_ADMINISTER))) { return WERR_ACCESS_DENIED; } @@ -3322,8 +3320,8 @@ WERROR print_queue_resume(const struct auth_session_info *server_info, int ret; struct printif *current_printif = get_printer_fns( snum ); - if (!print_access_check(server_info, msg_ctx, snum, - PRINTER_ACCESS_ADMINISTER)) { + if (!W_ERROR_IS_OK(print_access_check(server_info, msg_ctx, snum, + PRINTER_ACCESS_ADMINISTER))) { return WERR_ACCESS_DENIED; } @@ -3364,10 +3362,10 @@ WERROR print_queue_purge(const struct auth_session_info *server_info, /* Force and update so the count is accurate (i.e. not a cached count) */ print_queue_update(msg_ctx, snum, True); - can_job_admin = print_access_check(server_info, - msg_ctx, - snum, - JOB_ACCESS_ADMINISTER); + can_job_admin = W_ERROR_IS_OK(print_access_check(server_info, + msg_ctx, + snum, + JOB_ACCESS_ADMINISTER)); njobs = print_queue_status(msg_ctx, snum, &queue, &status); if ( can_job_admin ) |