summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorTim Potter <tpot@samba.org>2002-04-15 03:49:53 +0000
committerTim Potter <tpot@samba.org>2002-04-15 03:49:53 +0000
commitfea03cef2be825037b0c610964ca6e296ed6e33d (patch)
tree6c115c0fe3ed052b2873c4975053d0f7f18c314d /source3/rpc_server
parentbffc4efd0fdb93ced54b7edecfcafec28353289a (diff)
downloadsamba-fea03cef2be825037b0c610964ca6e296ed6e33d.tar.gz
samba-fea03cef2be825037b0c610964ca6e296ed6e33d.tar.bz2
samba-fea03cef2be825037b0c610964ca6e296ed6e33d.zip
Merge of print server permission handling fixes from HEAD.
(This used to be commit 62ee1f8c3fbcf83641bed881143a1a8c70f836ba)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c53
1 files changed, 41 insertions, 12 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 3bc91c2472..80bfd74b47 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -92,7 +92,8 @@ static uint32 smb_connections=0;
/* in printing/nt_printing.c */
-extern STANDARD_MAPPING printer_std_mapping;
+
+extern STANDARD_MAPPING printer_std_mapping, printserver_std_mapping;
#define OUR_HANDLE(hnd) (((hnd)==NULL)?"NULL":(IVAL((hnd)->data5,4)==(uint32)sys_getpid()?"OURS":"OTHER")), \
((unsigned int)IVAL((hnd)->data5,4)),((unsigned int)sys_getpid())
@@ -959,26 +960,54 @@ Can't find printer handle we created for printer %s\n", name ));
get_current_user(&user, p);
if (Printer->printer_type == PRINTER_HANDLE_IS_PRINTSERVER) {
- if (printer_default->access_required == 0) {
- return WERR_OK;
+
+ /* Printserver handles use global struct... */
+
+ snum = -1;
+
+ /* Map standard access rights to object specific access
+ rights */
+
+ se_map_standard(&printer_default->access_required,
+ &printserver_std_mapping);
+
+ /* Deny any object specific bits that don't apply to print
+ servers (i.e printer and job specific bits) */
+
+ printer_default->access_required &= SPECIFIC_RIGHTS_MASK;
+
+ if (printer_default->access_required &
+ ~(SERVER_ACCESS_ADMINISTER | SERVER_ACCESS_ENUMERATE)) {
+ DEBUG(3, ("access DENIED for non-printserver bits"));
+ close_printer_handle(p, handle);
+ return WERR_ACCESS_DENIED;
}
- else if ((printer_default->access_required & SERVER_ACCESS_ADMINISTER ) == SERVER_ACCESS_ADMINISTER) {
- /* Printserver handles use global struct... */
- snum = -1;
+ /* Allow admin access */
+
+ if (printer_default->access_required &
+ SERVER_ACCESS_ADMINISTER) {
if (!lp_ms_add_printer_wizard()) {
close_printer_handle(p, handle);
return WERR_ACCESS_DENIED;
}
- else if (user.uid == 0 || user_in_list(uidtoname(user.uid), lp_printer_admin(snum))) {
+
+ if (user.uid == 0 ||
+ user_in_list(uidtoname(user.uid),
+ lp_printer_admin(snum)))
return WERR_OK;
- }
- else {
- close_printer_handle(p, handle);
- return WERR_ACCESS_DENIED;
- }
+
+ DEBUG(0, ("** denied 0x%08x to user %s\n",
+ printer_default->access_required,
+ uidtoname(user.uid)));
+
+ close_printer_handle(p, handle);
+ return WERR_ACCESS_DENIED;
}
+
+ /* We fall through to return WERR_OK */
+
}
else
{