[prev in list] [next in list] [prev in thread] [next in thread]
List: samba-technical
Subject: [PATCH] Printing; job vs printer administration
From: Roel van Meer <rolek () alt001 ! com>
Date: 2008-01-30 17:05:44
Message-ID: cone.1201712744.546722.83117.1001 () whakatane ! lsof ! org
[Download RAW message or body]
This is a MIME-formatted message. If you see this text it means that your
E-mail software does not support MIME-formatted messages.
Hi list,
I'm using samba as a print server for windows clients. Theoretically, users
which are granted 'Manage Documents' rights on a printer from a Windows
security dialog should be able to cancel or pause print jobs, but this
doesn't work.
It seems that in nt_printing.c, a check for JOB_ACCESS_ADMINISTER privileges
is changed to a check for PRINTER_ACCESS_ADMINISTER privs. The comments
preceding this statement are:
/* Now this is the bit that really confuses me. The access
type needs to be changed from JOB_ACCESS_ADMINISTER to
PRINTER_ACCESS_ADMINISTER for this to work. Something
to do with the child (job) object becoming like a
printer?? */
However, when the access type is left as JOB_ACCESS_ADMINISTER, managing
print jobs works as expected. The attached small patch does this.
I don't have enough knowledge of samba internals to be able to say whether
or not it is allowed to do this from a security or functionality point of
view. Could one of you have a quick look at it?
It's been filed as bug 5095.
Regards,
roel
["samba-3.0.27-printjob.patch" (samba-3.0.27-printjob.patch)]
diff -ruN source.orig/printing/nt_printing.c source/printing/nt_printing.c
--- source.orig/printing/nt_printing.c 2007-11-15 04:15:04.000000000 +0100
+++ source/printing/nt_printing.c 2007-11-20 17:15:53.000000000 +0100
@@ -5511,7 +5511,9 @@
to do with the child (job) object becoming like a
printer?? -tpot */
- access_type = PRINTER_ACCESS_ADMINISTER;
+ /* This seems to break job administration for users or groups who do not
+ * have the SePrintOperatorPrivilege privilege. */
+ /* access_type = PRINTER_ACCESS_ADMINISTER; */
}
/* Check access */
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic