summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2004-12-10 21:08:34 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:53:35 -0500
commit3c45a093c435a106e08746aa3f3db824192340f1 (patch)
treebc0c19e87217c6d82d8a24a9f3c6b34a103043fd
parentf3074443dc46e4e83803f7e931994bdbbecea82a (diff)
downloadsamba-3c45a093c435a106e08746aa3f3db824192340f1.tar.gz
samba-3c45a093c435a106e08746aa3f3db824192340f1.tar.bz2
samba-3c45a093c435a106e08746aa3f3db824192340f1.zip
r4134: check the setprinter(3) based on the access permissions on the handle and avoid the call to print_access_chaeck()
(This used to be commit 426634df9c221fbe4f48b4ff9d1b4b8426a581f7)
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c25
1 files changed, 11 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 78b5fb61fa..9aa46d1a5a 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -5860,6 +5860,17 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
result = WERR_BADFID;
goto done;
}
+
+ /* Check the user has permissions to change the security
+ descriptor. By experimentation with two NT machines, the user
+ requires Full Access to the printer to change security
+ information. */
+
+ if ( Printer->access_granted != PRINTER_ACCESS_ADMINISTER ) {
+ DEBUG(4,("update_printer_sec: updated denied by printer permissions\n"));
+ result = WERR_ACCESS_DENIED;
+ goto done;
+ }
/* NT seems to like setting the security descriptor even though
nothing may have actually changed. */
@@ -5909,20 +5920,6 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level,
goto done;
}
- /* Work out which user is performing the operation */
-
- get_current_user(&user, p);
-
- /* Check the user has permissions to change the security
- descriptor. By experimentation with two NT machines, the user
- requires Full Access to the printer to change security
- information. */
-
- if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) {
- result = WERR_ACCESS_DENIED;
- goto done;
- }
-
result = nt_printing_setsec(Printer->sharename, new_secdesc_ctr);
done: