s3-printing: Remove deprecated lp_printer_admin().

5 files changed, 14 insertions, 65 deletions

diff --git a/examples/scripts/shares/python/smbparm.py b/examples/scripts/shares/python/smbparm.py
index 37939921b6..8dca781ffc 100644
--- a/examples/scripts/shares/python/smbparm.py
+++ b/examples/scripts/shares/python/smbparm.py
@@ -257,7 +257,6 @@ parm_table = {
 	"PARANOIDSERVERSECURITY" : ("paranoid server security", SambaParmBool, P_GLOBAL, "Yes"),
 	"WTMPDIRECTORY"          : ("wtmp directory", SambaParmString, P_GLOBAL, ""),
 	"ADDPRINTERCOMMAND"      : ("addprinter command", SambaParmString, P_GLOBAL, ""),
-	"PRINTERADMIN"           : ("printer admin", SambaParmString, P_LOCAL, ""),
 	"WINSSERVER"             : ("wins server", SambaParmString, P_GLOBAL, ""),
 	"LDAPTIMEOUT"            : ("ldap timeout", SambaParmString, P_GLOBAL, "15"),
 	"LOCKDIRECTORY"          : ("lock directory", SambaParmString, P_GLOBAL, "/var/lib/samba"),
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 1fced14d1d..979bcfe0ce 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1263,7 +1263,6 @@ char *lp_force_user(int );
 char *lp_force_group(int );
 const char **lp_readlist(int );
 const char **lp_writelist(int );
-const char **lp_printer_admin(int );
 char *lp_fstype(int );
 const char **lp_vfs_objects(int );
 char *lp_msdfs_proxy(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index ba57553802..e31c047230 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -179,7 +179,6 @@ static struct loadparm_service sDefault =
 	.force_group = NULL,
 	.readlist = NULL,
 	.writelist = NULL,
-	.printer_admin = NULL,
 	.volume = NULL,
 	.fstype = NULL,
 	.szVfsObjects = NULL,
@@ -1021,15 +1020,6 @@ static struct parm_struct parm_table[] = {
 		.flags		= FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
 	},
 	{
-		.label		= "printer admin",
-		.type		= P_LIST,
-		.p_class	= P_LOCAL,
-		.offset		= LOCAL_VAR(printer_admin),
-		.special	= NULL,
-		.enum_list	= NULL,
-		.flags		= FLAG_ADVANCED | FLAG_GLOBAL | FLAG_PRINT | FLAG_DEPRECATED,
-	},
-	{
 		.label		= "force user",
 		.type		= P_STRING,
 		.p_class	= P_LOCAL,
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 9e7ca40834..b821d28326 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -1783,17 +1783,6 @@ bool print_access_check(const struct auth_session_info *session_info,
 
 	DEBUG(4, ("access check was %s\n", NT_STATUS_IS_OK(status) ? "SUCCESS" : "FAILURE"));
 
-        /* see if we need to try the printer admin list */
-
-        if (!NT_STATUS_IS_OK(status) &&
-	    (token_contains_name_in_list(uidtoname(session_info->unix_token->uid),
-					 session_info->info->domain_name,
-					 NULL, session_info->security_token,
-					 lp_printer_admin(snum)))) {
-		talloc_destroy(mem_ctx);
-		return True;
-        }
-
 	talloc_destroy(mem_ctx);
 
 	if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c
index 8278ae8390..b67d571807 100644
--- a/source3/rpc_server/spoolss/srv_spoolss_nt.c
+++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c
@@ -1811,13 +1811,8 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
 
 			if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
 			    !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
-			    !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) &&
-			    !token_contains_name_in_list(
-				    uidtoname(p->session_info->unix_token->uid),
-				    p->session_info->info->domain_name,
-				    NULL,
-				    p->session_info->security_token,
-				    lp_printer_admin(snum))) {
+			    !nt_token_check_sid(&global_sid_Builtin_Print_Operators,
+						p->session_info->security_token)) {
 				close_printer_handle(p, r->out.handle);
 				ZERO_STRUCTP(r->out.handle);
 				DEBUG(3,("access DENIED as user is not root, "
@@ -2081,15 +2076,9 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p,
 	/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
 	   and not a printer admin, then fail */
 
-	if ( (p->session_info->unix_token->uid != sec_initial_uid())
-	     && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
-		&& !token_contains_name_in_list(
-			uidtoname(p->session_info->unix_token->uid),
-			p->session_info->info->domain_name,
-			NULL,
-			p->session_info->security_token,
-			lp_printer_admin(-1)) )
-	{
+	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
+	    !security_token_has_privilege(p->session_info->security_token,
+					  SEC_PRIV_PRINT_OPERATOR)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -2226,14 +2215,9 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p,
 	/* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
 	   and not a printer admin, then fail */
 
-	if ( (p->session_info->unix_token->uid != sec_initial_uid())
-		&& !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR)
-		&& !token_contains_name_in_list(
-			uidtoname(p->session_info->unix_token->uid),
-			p->session_info->info->domain_name,
-			NULL,
-			p->session_info->security_token, lp_printer_admin(-1)) )
-	{
+	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
+	    !security_token_has_privilege(p->session_info->security_token,
+					  SEC_PRIV_PRINT_OPERATOR)) {
 		return WERR_ACCESS_DENIED;
 	}
 
@@ -8664,12 +8648,8 @@ WERROR _spoolss_AddForm(struct pipes_struct *p,
 	   and not a printer admin, then fail */
 
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
-	    !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
-	    !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info->domain_name,
-					  NULL,
-					  p->session_info->security_token,
-					  lp_printer_admin(snum))) {
+	    !security_token_has_privilege(p->session_info->security_token,
+					  SEC_PRIV_PRINT_OPERATOR)) {
 		DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
 		return WERR_ACCESS_DENIED;
 	}
@@ -8742,12 +8722,8 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p,
 	}
 
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
-	    !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
-	    !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info->domain_name,
-					  NULL,
-					  p->session_info->security_token,
-					  lp_printer_admin(snum))) {
+	    !security_token_has_privilege(p->session_info->security_token,
+					  SEC_PRIV_PRINT_OPERATOR)) {
 		DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
 		return WERR_ACCESS_DENIED;
 	}
@@ -8816,12 +8792,8 @@ WERROR _spoolss_SetForm(struct pipes_struct *p,
 	   and not a printer admin, then fail */
 
 	if ((p->session_info->unix_token->uid != sec_initial_uid()) &&
-	     !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) &&
-	     !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid),
-					  p->session_info->info->domain_name,
-					  NULL,
-					  p->session_info->security_token,
-					  lp_printer_admin(snum))) {
+	     !security_token_has_privilege(p->session_info->security_token,
+					   SEC_PRIV_PRINT_OPERATOR)) {
 		DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
 		return WERR_ACCESS_DENIED;
 	}