Change this code so that we don't do a lookup_name() on root.

This matches the lookup failure case in 2.2, and seems to make more sense than
giving the printer to 'world'.  (Avoiding this lookup makes some of my other
changes - including winbind default domains - a little easier).

In any case, tpot has promised to look at this and test it when he gets back to
work. :-)

Andrew Bartlett
(This used to be commit f0137ac126f782e83ed15d8e905def708cdb6c64)

1 files changed, 3 insertions, 11 deletions

diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 93bb4b1a0b..ac13d09f74 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3544,20 +3544,12 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
 	if (winbind_lookup_name(lp_workgroup(), &owner_sid, &name_type)) {
 		sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
 	} else {
-		uint32 owner_rid;
-
-		/* Backup plan - make printer owned by admins or root.
+		/* Backup plan - make printer owned by admins.
 		   This should emulate a lanman printer as security
 		   settings can't be changed. */
 
-		sid_peek_rid(&owner_sid, &owner_rid);
-
-		if (owner_rid != BUILTIN_ALIAS_RID_PRINT_OPS &&
-		    owner_rid != BUILTIN_ALIAS_RID_ADMINS &&
-		    owner_rid != DOMAIN_USER_RID_ADMIN &&
-		    !lookup_name("root", &owner_sid, &name_type)) {
-			sid_copy(&owner_sid, &global_sid_World);
-		}
+		sid_copy(&owner_sid, &global_sam_sid);
+		sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
 	}
 
 	init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);