diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2011-07-15 14:59:14 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2011-07-20 09:17:10 +1000 |
| commit | 6d741e918f145c6ec62c22358aabc8162db108fd (patch) | |
| tree | 4d562524b2ff71892911331d707e23045984b0d3 /source3/rpc_server/spoolss | |
| parent | f16d8f4eb86ecc4741c25e5ed87b2ea4c6717a31 (diff) | |
| download | samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.gz samba-6d741e918f145c6ec62c22358aabc8162db108fd.tar.bz2 samba-6d741e918f145c6ec62c22358aabc8162db108fd.zip | |
s3-auth Use *unix_token rather than utok in struct auth3_session_info
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Diffstat (limited to 'source3/rpc_server/spoolss')
| -rw-r--r-- | source3/rpc_server/spoolss/srv_spoolss_nt.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 6d62bcb526..12dcc27615 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -1827,11 +1827,11 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !nt_token_check_sid(&global_sid_Builtin_Print_Operators, p->session_info->security_token) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -1914,7 +1914,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, return WERR_ACCESS_DENIED; } - if (!user_ok_token(uidtoname(p->session_info->utok.uid), NULL, + if (!user_ok_token(uidtoname(p->session_info->unix_token->uid), NULL, p->session_info->security_token, snum) || !print_access_check(p->session_info, p->msg_ctx, @@ -2091,10 +2091,10 @@ WERROR _spoolss_DeletePrinterDriver(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->session_info->utok.uid != sec_initial_uid()) + if ( (p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -2195,10 +2195,10 @@ WERROR _spoolss_DeletePrinterDriverEx(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ( (p->session_info->utok.uid != sec_initial_uid()) + if ( (p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && !token_contains_name_in_list( - uidtoname(p->session_info->utok.uid), + uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, lp_printer_admin(-1)) ) @@ -8550,9 +8550,9 @@ WERROR _spoolss_AddForm(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -8623,9 +8623,9 @@ WERROR _spoolss_DeleteForm(struct pipes_struct *p, return WERR_BADFID; } - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, @@ -8692,9 +8692,9 @@ WERROR _spoolss_SetForm(struct pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->session_info->utok.uid != sec_initial_uid()) && + if ((p->session_info->unix_token->uid != sec_initial_uid()) && !security_token_has_privilege(p->session_info->security_token, SEC_PRIV_PRINT_OPERATOR) && - !token_contains_name_in_list(uidtoname(p->session_info->utok.uid), + !token_contains_name_in_list(uidtoname(p->session_info->unix_token->uid), p->session_info->info3->base.domain.string, NULL, p->session_info->security_token, |