diff options
author | Tim Potter <tpot@samba.org> | 2000-07-10 05:08:21 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2000-07-10 05:08:21 +0000 |
commit | 78a4848e8da7bb4f96e99e3419c5473c4c23bb6d (patch) | |
tree | 3ad9d31df4fb08ee22a099469659f335552f411e /source3/printing/printing.c | |
parent | 5af35320a92e39b924b0bfebd2c4caae24724231 (diff) | |
download | samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.gz samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.bz2 samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.zip |
Re-instated lanman printing security checks (oops).
A user can now pause, resume or delete their own job even if they don't
have the Manage Documents privilege.
Added call to se_access_check() for changing printer properties. The Full
Access privilege is required for the user to perform this.
Several uninitialised variables and memory leaks plugged.
Modified default ACL created on new printers to be Everyone / Print instead
of Everyone / Full Access. This required some random stuffing around with
the value of the revision field to correspond with the ACL that NT produces
when setting the same permission on the printer.
Fixed dodgy function call in printing/printfsp.c
(This used to be commit 2abce4dcfa351051df6e5f789b34fa99c9b81c22)
Diffstat (limited to 'source3/printing/printing.c')
-rw-r--r-- | source3/printing/printing.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 9a2994856d..2f1753b76c 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -477,6 +477,21 @@ static BOOL print_job_delete1(int jobid) return True; } +/* Return true if the uid owns the print job */ + +static BOOL is_owner(uid_t uid, int jobid) +{ + struct printjob *pjob = print_job_find(jobid); + struct passwd *pw; + + if (!pjob || !(pw = sys_getpwuid(uid))) return False; + + DEBUG(0, ("checking owner of jobid %d: %s == %s\n", + jobid, pw->pw_name, pjob->user)); + + return (pw && pjob && strequal(pw->pw_name, pjob->user)); +} + /**************************************************************************** delete a print job ****************************************************************************/ @@ -484,7 +499,11 @@ BOOL print_job_delete(struct current_user *user, int jobid) { int snum = print_job_snum(jobid); - if (!print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { + /* Check access against security descriptor or whether the user + owns their job. */ + + if (!is_owner(user->uid, jobid) && + !print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { DEBUG(3, ("delete denied by security descriptor\n")); return False; } @@ -513,7 +532,8 @@ BOOL print_job_pause(struct current_user *user, int jobid) snum = print_job_snum(jobid); - if (!print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { + if (!is_owner(user->uid, jobid) && + !print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { DEBUG(3, ("pause denied by security descriptor\n")); return False; } @@ -546,7 +566,8 @@ BOOL print_job_resume(struct current_user *user, int jobid) snum = print_job_snum(jobid); - if (!print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { + if (!is_owner(user->uid, jobid) && + !print_access_check(user, snum, PRINTER_ACE_MANAGE_DOCUMENTS)) { DEBUG(3, ("resume denied by security descriptor\n")); return False; } |