Changes from APPLIANCE_HEAD:

    source/rpc_server/srv_spoolss_nt.c
        - fixed printer policy handle leak in the allow MS printer wizard
          stuff.
        - mimic behaviour of NT on open_printer_ex() calls by not allowing
          call to succeed if connecting user doesn't have at least print
          permissions to the printer.  Unfortunately, this seems to trigger
          a anonymous connection re-using bug so subsequent connects to the
          printer by a different user from the same machine always fail.
          Blame Tim. =^)
(This used to be commit 33fc7f4527c34b39b1a0f3fee2f0697ea74f79c4)

1 files changed, 47 insertions, 10 deletions

diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index cd67a3b88a..bcd9b46256 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -655,10 +655,16 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
 				 uint32  user_switch, SPOOL_USER_CTR user_ctr,
 				 POLICY_HND *handle)
 {
+	uint32 result = NT_STATUS_NO_PROBLEMO;
+	SEC_DESC_BUF *sec_desc = NULL;
+	uint32 acc_granted, status;
 	fstring name;
+	extern struct current_user current_user;
 	
-	if (printername == NULL)
-		return ERROR_INVALID_PRINTER_NAME;
+	if (printername == NULL) {
+		result = ERROR_INVALID_PRINTER_NAME;
+		goto done;
+	}
 
 	/* some sanity check because you can open a printer or a print server */
 	/* aka: \\server\printer or \\server */
@@ -666,8 +672,10 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
 
 	DEBUGADD(3,("checking name: %s\n",name));
 
-	if (!open_printer_hnd(handle, name))
-		return ERROR_INVALID_PRINTER_NAME;
+	if (!open_printer_hnd(handle, name)) {
+		result = ERROR_INVALID_PRINTER_NAME;
+		goto done;
+	}
 	
 /*
 	if (printer_default->datatype_ptr != NULL)
@@ -681,7 +689,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
 	
 	if (!set_printer_hnd_accesstype(handle, printer_default->access_required)) {
 		close_printer_handle(handle);
-		return ERROR_ACCESS_DENIED;
+		result = ERROR_ACCESS_DENIED;
+		goto done;
 	}
 		
 	/* Disallow MS AddPrinterWizard if parameter disables it. A Win2k
@@ -696,13 +705,41 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
 
 	if (handle_is_printserver(handle) &&
 	    !lp_ms_add_printer_wizard()) {
-		if (printer_default->access_required == 0)
-			return NT_STATUS_NO_PROBLEMO;
-		else if (printer_default->access_required != (SERVER_READ))
-		return ERROR_ACCESS_DENIED;
+		if (printer_default->access_required == 0) {
+			goto done;
+		}
+		else if (printer_default->access_required != (SERVER_READ)) {
+			close_printer_handle(handle);
+			result = ERROR_ACCESS_DENIED;
+			goto done;
+		}
 	}
 
-	return NT_STATUS_NO_PROBLEMO;
+	/* NT doesn't let us connect to a printer if the connecting user
+	   doesn't have print permission.  If no security descriptor just
+	   return OK. */
+
+	if (!nt_printing_getsec(name, &sec_desc)) {
+		goto done;
+	}
+	
+	/* Yuck - we should use the pipe_user rather than current_user but
+	   it doesn't seem to be filled in correctly. )-: */
+
+	map_printer_permissions(sec_desc->sec);
+
+	if (!se_access_check(sec_desc->sec, &current_user, PRINTER_ACCESS_USE,
+			     &acc_granted, &status)) {
+		DEBUG(3, ("access DENIED for printer open\n"));
+		close_printer_handle(handle);
+		result = ERROR_ACCESS_DENIED;
+		goto done;
+	}
+
+ done:
+	free_sec_desc_buf(&sec_desc);
+
+	return result;
 }
 
 /****************************************************************************