diff options
author | David O'Neill <dmo@samba.org> | 2001-01-25 20:15:32 +0000 |
---|---|---|
committer | David O'Neill <dmo@samba.org> | 2001-01-25 20:15:32 +0000 |
commit | c7a7dea3331c5d77f57fb0622303933ca7afb0f9 (patch) | |
tree | 33c3dd6d85d113fbaef7755a54338cc8e526e5d6 | |
parent | fcfaebda7fb35989e62bc317287896c410c7833b (diff) | |
download | samba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.tar.gz samba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.tar.bz2 samba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.zip |
Changes from APPLIANCE_HEAD:
source/rpc_server/srv_spoolss_nt.c
- Changed the se_access_check() call in _spoolss_open_printer_ex()
to a print_access_check(). This allows the 'printer admins'
smb.conf and other permission override parameters to affect the
result of a printer open.
- Don't perform access check when opening a handle on a print
server as it breaks browsing the Printers folder.
(This used to be commit bbe51d4b5f6da4c7668214511e25eff098bf03b1)
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 31 |
1 files changed, 11 insertions, 20 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 4be338d4d6..0ffe172b0a 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -669,10 +669,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, POLICY_HND *handle) { uint32 result = NT_STATUS_NO_PROBLEMO; - SEC_DESC_BUF *sec_desc = NULL; - uint32 acc_granted, status; fstring name; - extern struct current_user current_user; + int snum; if (printername == NULL) { result = ERROR_INVALID_PRINTER_NAME; @@ -729,29 +727,22 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, } /* NT doesn't let us connect to a printer if the connecting user - doesn't have print permission. If no security descriptor just - return OK. */ + doesn't have print permission. */ - if (!nt_printing_getsec(name, &sec_desc)) { - goto done; - } - - /* Yuck - we should use the pipe_user rather than current_user but - it doesn't seem to be filled in correctly. )-: */ + if (!handle_is_printserver(handle)) { - map_printer_permissions(sec_desc->sec); + if (!get_printer_snum(handle, &snum)) + return ERROR_INVALID_HANDLE; - if (!se_access_check(sec_desc->sec, ¤t_user, PRINTER_ACCESS_USE, - &acc_granted, &status)) { - DEBUG(3, ("access DENIED for printer open\n")); - close_printer_handle(handle); - result = ERROR_ACCESS_DENIED; - goto done; + if (!print_access_check(NULL, snum, PRINTER_ACCESS_USE)) { + DEBUG(3, ("access DENIED for printer open\n")); + close_printer_handle(handle); + result = ERROR_ACCESS_DENIED; + goto done; + } } done: - free_sec_desc_buf(&sec_desc); - return result; } |