diff options
author | Andrew Bartlett <abartlet@samba.org> | 2003-02-17 12:27:34 +0000 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2003-02-17 12:27:34 +0000 |
commit | cc0202884b1023059769450a4a052431ab362e78 (patch) | |
tree | 38df576fcbb01e20dfff0fac3e11bd9b399d3131 /source3/rpc_server/srv_spoolss_nt.c | |
parent | af249535bd8c17e38d5de05352d36747da67e551 (diff) | |
download | samba-cc0202884b1023059769450a4a052431ab362e78.tar.gz samba-cc0202884b1023059769450a4a052431ab362e78.tar.bz2 samba-cc0202884b1023059769450a4a052431ab362e78.zip |
This patch fixes one of my longest-standing pet hates with Samba :-).
When we look see if a user is in a list, and we try to 'expand' an @group, we
should lookup the user's own list of groups, rather than looking for all the
members of a group.
I'm sure this will fix some nasty performance issues, particularly on large
domains etc. In particular, this avoids contacting winbind at all, if the
group is not a winbind group.
(This caused a deadlock on my winbind-on-PDC setup).
The groups list always includes the user's primary group, as per the
getgrouplist manpage, and my recent changes to our implementation.
Andrew Bartlett
(This used to be commit 9be21976f7662ebe6eb92fff7cecbdb352eca334)
Diffstat (limited to 'source3/rpc_server/srv_spoolss_nt.c')
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 0bcc3c5a30..3a7ced7725 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1606,7 +1606,7 @@ Can't find printer handle we created for printer %s\n", name )); /* if the user is not root and not a printer admin, then fail */ if ( user.uid != 0 - && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum)) ) + && !user_in_list(uidtoname(user.uid), lp_printer_admin(snum), user.groups, user.ngroups) ) { close_printer_handle(p, handle); return WERR_ACCESS_DENIED; @@ -1653,7 +1653,7 @@ Can't find printer handle we created for printer %s\n", name )); /* check smb.conf parameters and the the sec_desc */ - if (!user_ok(uidtoname(user.uid), snum) || !print_access_check(&user, snum, printer_default->access_required)) { + if (!user_ok(uidtoname(user.uid), snum, user.groups, user.ngroups) || !print_access_check(&user, snum, printer_default->access_required)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(p, handle); return WERR_ACCESS_DENIED; |