diff options
| author | Tim Potter <tpot@samba.org> | 2000-06-16 08:20:44 +0000 |
|---|---|---|
| committer | Tim Potter <tpot@samba.org> | 2000-06-16 08:20:44 +0000 |
| commit | a1a0f7e1e5ac062dc25afe192b48f41dc0c4477f (patch) | |
| tree | bd9c7f899161f6c82fc1d57db5b3141290afc6d1 /source3/printing | |
| parent | 5824ae2734fd4b7e765afe696c135a8fe5153c88 (diff) | |
| download | samba-a1a0f7e1e5ac062dc25afe192b48f41dc0c4477f.tar.gz samba-a1a0f7e1e5ac062dc25afe192b48f41dc0c4477f.tar.bz2 samba-a1a0f7e1e5ac062dc25afe192b48f41dc0c4477f.zip | |
Added print_access_check() function for checking printer security
descriptors. Currently returns True (plus debug output) which should not
affect the behaviour of nt or lanman printing.
(This used to be commit a9b4710e649e887e07d68c1bf826e00c9811e4ee)
Diffstat (limited to 'source3/printing')
| -rw-r--r-- | source3/printing/nt_printing.c | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 9ccd7ff740..417c0afcca 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -1587,4 +1587,75 @@ jfm: I should use this comment for the text file to explain */ +static char *pace_str(uint32 ace_flags) +{ + if ((ace_flags & PRINTER_ACE_FULL_CONTROL) == + PRINTER_ACE_FULL_CONTROL) return "full control"; + + if ((ace_flags & PRINTER_ACE_MANAGE_DOCUMENTS) == + PRINTER_ACE_MANAGE_DOCUMENTS) return "manage documents"; + + if ((ace_flags & PRINTER_ACE_PRINT) == PRINTER_ACE_PRINT) + return "print"; + + return "UNKNOWN"; +} + +BOOL print_access_check(int snum, uint16 vuid, uint32 required_access) +{ + SEC_DESC_BUF *secdesc = NULL; + uint32 acc_grant, status; + user_struct *user; + BOOL result; + char *p; + int i; + + /* Get printer name */ + + p = PRINTERNAME(snum); + if (!p || !*p) p = SERVICE(snum); + + /* Get printer security descriptor */ + + nt_printing_getsec(p, &secdesc); + user = get_valid_user_struct(vuid); + /* Do something useful */ + + for(i = 0; i < secdesc->sec->dacl->num_aces; i++) { + DOM_SID *sid = &secdesc->sec->dacl->ace[i].sid; + uint32 ace_flags = secdesc->sec->dacl->ace[i].info.mask; + uint8 ace_type = secdesc->sec->dacl->ace[i].type; + fstring sid_str; + fstring dom_name, name; + uint8 name_type; + BOOL result; + + sid_to_string(sid_str, sid); + winbind_lookup_sid(sid, dom_name, name, &name_type); + + DEBUG(0, ("ACE%d: %s/%s, %s%s\n", i, dom_name, name, + (ace_type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? + "+" : "-", pace_str(ace_flags))); + + DEBUG(0, ("\ttype = 0x%02x, flags = 0x%02x, size=0x%04x, mask=0x%08x\n", + ace_type, secdesc->sec->dacl->ace[i].flags, + secdesc->sec->dacl->ace[i].size, ace_flags)); + } + +#if 0 + /* Still mucking around with getting se_access_check() to work. + Currently it takes a NET_USER_INFO_3 structure but this should + perhaps be changed to a user_struct as it contains the + user and group sid information required to perform the check. */ + + result = se_access_check(secdesc, user, required_access, 0, + &acc_grant, &status); +#endif + + /* Free security descriptor */ + + free_sec_desc_buf(&secdesc); + + return True; +} |