summaryrefslogtreecommitdiff
path: root/source3/rpc_server/srv_spoolss_nt.c
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2000-07-10 05:08:21 +0000
committerTim Potter <tpot@samba.org>2000-07-10 05:08:21 +0000
commit78a4848e8da7bb4f96e99e3419c5473c4c23bb6d (patch)
tree3ad9d31df4fb08ee22a099469659f335552f411e /source3/rpc_server/srv_spoolss_nt.c
parent5af35320a92e39b924b0bfebd2c4caae24724231 (diff)
downloadsamba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.gz
samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.bz2
samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.zip
Re-instated lanman printing security checks (oops).
A user can now pause, resume or delete their own job even if they don't have the Manage Documents privilege. Added call to se_access_check() for changing printer properties. The Full Access privilege is required for the user to perform this. Several uninitialised variables and memory leaks plugged. Modified default ACL created on new printers to be Everyone / Print instead of Everyone / Full Access. This required some random stuffing around with the value of the revision field to correspond with the ACL that NT produces when setting the same permission on the printer. Fixed dodgy function call in printing/printfsp.c (This used to be commit 2abce4dcfa351051df6e5f789b34fa99c9b81c22)
Diffstat (limited to 'source3/rpc_server/srv_spoolss_nt.c')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c69
1 files changed, 55 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 522a266b8c..0be371df11 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -3001,8 +3001,10 @@ static uint32 control_printer(const POLICY_HND *handle, uint32 command,
********************************************************************/
static uint32 update_printer_sec(const POLICY_HND *handle, uint32 level,
const SPOOL_PRINTER_INFO_LEVEL *info,
- SEC_DESC_BUF *secdesc_ctr)
+ pipes_struct *p, SEC_DESC_BUF *secdesc_ctr)
{
+ struct current_user user;
+
Printer_entry *Printer = find_printer_index_by_hnd(handle);
if (!OPEN_HANDLE(Printer)) {
@@ -3010,7 +3012,15 @@ static uint32 update_printer_sec(const POLICY_HND *handle, uint32 level,
return ERROR_INVALID_HANDLE;
}
- return nt_printing_setsec(Printer->dev.printername, secdesc_ctr);
+ if (p->ntlmssp_auth_validated) {
+ memcpy(&user, &p->pipe_user, sizeof(user));
+ } else {
+ extern struct current_user current_user;
+ memcpy(&user, &current_user, sizeof(user));
+ }
+
+ return nt_printing_setsec(Printer->dev.printername, &user,
+ secdesc_ctr);
}
/********************************************************************
@@ -3025,25 +3035,53 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level,
int snum;
NT_PRINTER_INFO_LEVEL *printer = NULL;
Printer_entry *Printer = find_printer_index_by_hnd(handle);
-
+ SEC_DESC_BUF *sd = NULL;
+ uint32 result, acc_granted;
+ extern struct current_user current_user;
+
DEBUG(8,("update_printer\n"));
+ result = NT_STATUS_NO_PROBLEMO;
+
+ /* Check calling user has permission to update printer description */
+
+ if (!nt_printing_getsec(Printer->dev.printername, &sd)) {
+ DEBUG(3, ("Could not get security descriptor for printer %s",
+ Printer->dev.printername));
+ result = ERROR_INVALID_FUNCTION;
+ goto done;
+ }
+
+ if (!se_access_check(sd->sec, current_user.uid, current_user.gid,
+ current_user.ngroups, current_user.groups,
+ PRINTER_ACE_FULL_CONTROL, &acc_granted,
+ &result)) {
+ DEBUG(3, ("printer property change denied by security "
+ "descriptor\n"));
+ goto done;
+ }
+
if (level!=2) {
DEBUG(0,("Send a mail to samba@samba.org\n"));
DEBUGADD(0,("with the following message: update_printer: level!=2\n"));
- return ERROR_INVALID_LEVEL;
+ result = ERROR_INVALID_LEVEL;
+ goto done;
}
if (!OPEN_HANDLE(Printer)) {
- DEBUG(0,("update_printer: Invalid handle (%s)\n", OUR_HANDLE(handle)));
- return ERROR_INVALID_HANDLE;
+ result = ERROR_INVALID_HANDLE;
+ goto done;
}
- if (!get_printer_snum(handle, &snum) )
- return ERROR_INVALID_HANDLE;
+ if (!get_printer_snum(handle, &snum)) {
+ result = ERROR_INVALID_HANDLE;
+ goto done;
+ }
- if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0)
- return ERROR_INVALID_HANDLE;
+ if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0) {
+ result = ERROR_INVALID_HANDLE;
+ goto done;
+ }
DEBUGADD(8,("Converting info_2 struct\n"));
@@ -3078,13 +3116,15 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level,
if (add_a_printer(*printer, 2)!=0) {
/* I don't really know what to return here !!! */
- free_a_printer(&printer, 2);
- return ERROR_ACCESS_DENIED;
+ result = ERROR_ACCESS_DENIED;
+ goto done;
}
+ done:
free_a_printer(&printer, 2);
+ free_sec_desc_buf(&sd);
- return NT_STATUS_NO_PROBLEMO;
+ return result;
}
/****************************************************************************
@@ -3111,7 +3151,8 @@ uint32 _spoolss_setprinter(const POLICY_HND *handle, uint32 level,
return update_printer(handle, level, info, devmode_ctr.devmode);
break;
case 3:
- return update_printer_sec(handle, level, info, secdesc_ctr);
+ return update_printer_sec(handle, level, info, p,
+ secdesc_ctr);
break;
default:
return ERROR_INVALID_LEVEL;