summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2010-07-01 13:46:55 +0200
committerGünther Deschner <gd@samba.org>2010-07-01 14:13:16 +0200
commite4ba8fb3b9a6eebe7a56179f67d1aeff64cf1abc (patch)
tree7cd97a597bde7803574930b95d808452ad60dd1b
parent74721bf706371d3fdc5783995a60808763fc7e6d (diff)
downloadsamba-e4ba8fb3b9a6eebe7a56179f67d1aeff64cf1abc.tar.gz
samba-e4ba8fb3b9a6eebe7a56179f67d1aeff64cf1abc.tar.bz2
samba-e4ba8fb3b9a6eebe7a56179f67d1aeff64cf1abc.zip
s3-printing: Fix Bug #7541, %D in "printer admin" causing smbd crash.
Guenther
-rw-r--r--source3/printing/nt_printing.c3
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c22
2 files changed, 17 insertions, 8 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 657db56974..9ed6461b27 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -5678,7 +5678,8 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
if (!NT_STATUS_IS_OK(status) &&
(token_contains_name_in_list(uidtoname(server_info->utok.uid),
- NULL, NULL, server_info->ptok,
+ server_info->info3->base.domain.string,
+ NULL, server_info->ptok,
lp_printer_admin(snum)))) {
talloc_destroy(mem_ctx);
return True;
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 6fd369562a..c844027382 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1567,7 +1567,8 @@ WERROR _spoolss_OpenPrinterEx(pipes_struct *p,
&se_printop ) &&
!token_contains_name_in_list(
uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ p->server_info->info3->base.domain.string,
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
close_printer_handle(p, r->out.handle);
@@ -1863,8 +1864,10 @@ WERROR _spoolss_DeletePrinterDriver(pipes_struct *p,
if ( (p->server_info->utok.uid != sec_initial_uid())
&& !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->server_info->utok.uid), NULL,
- NULL, p->server_info->ptok,
+ uidtoname(p->server_info->utok.uid),
+ p->server_info->info3->base.domain.string,
+ NULL,
+ p->server_info->ptok,
lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -1962,7 +1965,9 @@ WERROR _spoolss_DeletePrinterDriverEx(pipes_struct *p,
if ( (p->server_info->utok.uid != sec_initial_uid())
&& !user_has_privileges(p->server_info->ptok, &se_printop )
&& !token_contains_name_in_list(
- uidtoname(p->server_info->utok.uid), NULL, NULL,
+ uidtoname(p->server_info->utok.uid),
+ p->server_info->info3->base.domain.string,
+ NULL,
p->server_info->ptok, lp_printer_admin(-1)) )
{
return WERR_ACCESS_DENIED;
@@ -7825,7 +7830,8 @@ WERROR _spoolss_AddForm(pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ p->server_info->info3->base.domain.string,
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
@@ -7924,7 +7930,8 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ p->server_info->info3->base.domain.string,
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
@@ -8007,7 +8014,8 @@ WERROR _spoolss_SetForm(pipes_struct *p,
if ((p->server_info->utok.uid != sec_initial_uid()) &&
!user_has_privileges(p->server_info->ptok, &se_printop) &&
!token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
- NULL, NULL,
+ p->server_info->info3->base.domain.string,
+ NULL,
p->server_info->ptok,
lp_printer_admin(snum))) {
DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));