diff options
| author | Günther Deschner <gd@samba.org> | 2009-04-17 23:18:24 +0200 |
|---|---|---|
| committer | Günther Deschner <gd@samba.org> | 2009-04-17 23:20:22 +0200 |
| commit | 81b18464be170528d5e1549868bcbddbbcd60e1e (patch) | |
| tree | 992e8415a7f2f6f216ead3c73228f525fe39f2af /source3/rpc_server | |
| parent | cdbbc81bad5d53397bf80898cf68d8867cf64cba (diff) | |
| download | samba-81b18464be170528d5e1549868bcbddbbcd60e1e.tar.gz samba-81b18464be170528d5e1549868bcbddbbcd60e1e.tar.bz2 samba-81b18464be170528d5e1549868bcbddbbcd60e1e.zip | |
s3-spoolss: remove some direct checks for 0 uid in AddForm,SetForm,DelForm.
Also add some become_root()/unbecome_root() pairs which were missing IMHO.
Guenther
Diffstat (limited to 'source3/rpc_server')
| -rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 251415adcb..155d651f3e 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -8296,7 +8296,7 @@ WERROR _spoolss_AddForm(pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->server_info->utok.uid != 0) && + if ((p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), NULL, NULL, @@ -8320,7 +8320,9 @@ WERROR _spoolss_AddForm(pipes_struct *p, goto done; } + become_root(); write_ntforms(&list, count); + unbecome_root(); /* * ChangeID must always be set if this is a printer @@ -8353,6 +8355,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p, WERROR status = WERR_OK; NT_PRINTER_INFO_LEVEL *printer = NULL; SE_PRIV se_printop = SE_PRINT_OPERATOR; + bool ret = false; DEBUG(5,("_spoolss_DeleteForm\n")); @@ -8374,7 +8377,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p, goto done; } - if ((p->server_info->utok.uid != 0) && + if ((p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), NULL, NULL, @@ -8394,8 +8397,12 @@ WERROR _spoolss_DeleteForm(pipes_struct *p, count = get_ntforms(&list); - if ( !delete_a_form(&list, form_name, &count, &status )) + become_root(); + ret = delete_a_form(&list, form_name, &count, &status); + unbecome_root(); + if (ret == false) { goto done; + } /* * ChangeID must always be set if this is a printer @@ -8453,7 +8460,7 @@ WERROR _spoolss_SetForm(pipes_struct *p, /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege, and not a printer admin, then fail */ - if ((p->server_info->utok.uid != 0) && + if ((p->server_info->utok.uid != sec_initial_uid()) && !user_has_privileges(p->server_info->ptok, &se_printop) && !token_contains_name_in_list(uidtoname(p->server_info->utok.uid), NULL, NULL, @@ -8471,7 +8478,9 @@ WERROR _spoolss_SetForm(pipes_struct *p, count = get_ntforms(&list); update_a_form(&list, form, count); + become_root(); write_ntforms(&list, count); + unbecome_root(); /* * ChangeID must always be set if this is a printer |