summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2002-01-25 22:44:21 +0000
committerAndrew Bartlett <abartlet@samba.org>2002-01-25 22:44:21 +0000
commit38ac78c3df67d8f187f83abb8fd1bcaeafe4e316 (patch)
treead3a2c8235d98bf6d0f3e2771f231ab9fb784432
parentde260eadf956cae8aeaebc2a84f46a57c0671741 (diff)
downloadsamba-38ac78c3df67d8f187f83abb8fd1bcaeafe4e316.tar.gz
samba-38ac78c3df67d8f187f83abb8fd1bcaeafe4e316.tar.bz2
samba-38ac78c3df67d8f187f83abb8fd1bcaeafe4e316.zip
Change this code so that we don't do a lookup_name() on root.
This matches the lookup failure case in 2.2, and seems to make more sense than giving the printer to 'world'. (Avoiding this lookup makes some of my other changes - including winbind default domains - a little easier). In any case, tpot has promised to look at this and test it when he gets back to work. :-) Andrew Bartlett (This used to be commit f0137ac126f782e83ed15d8e905def708cdb6c64)
-rw-r--r--source3/printing/nt_printing.c14
1 files changed, 3 insertions, 11 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 93bb4b1a0b..ac13d09f74 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -3544,20 +3544,12 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
if (winbind_lookup_name(lp_workgroup(), &owner_sid, &name_type)) {
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
} else {
- uint32 owner_rid;
-
- /* Backup plan - make printer owned by admins or root.
+ /* Backup plan - make printer owned by admins.
This should emulate a lanman printer as security
settings can't be changed. */
- sid_peek_rid(&owner_sid, &owner_rid);
-
- if (owner_rid != BUILTIN_ALIAS_RID_PRINT_OPS &&
- owner_rid != BUILTIN_ALIAS_RID_ADMINS &&
- owner_rid != DOMAIN_USER_RID_ADMIN &&
- !lookup_name("root", &owner_sid, &name_type)) {
- sid_copy(&owner_sid, &global_sid_World);
- }
+ sid_copy(&owner_sid, &global_sam_sid);
+ sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
}
init_sec_access(&sa, PRINTER_ACE_FULL_CONTROL);