diff options
author | Tim Potter <tpot@samba.org> | 2000-07-10 05:08:21 +0000 |
---|---|---|
committer | Tim Potter <tpot@samba.org> | 2000-07-10 05:08:21 +0000 |
commit | 78a4848e8da7bb4f96e99e3419c5473c4c23bb6d (patch) | |
tree | 3ad9d31df4fb08ee22a099469659f335552f411e /source3/rpc_server | |
parent | 5af35320a92e39b924b0bfebd2c4caae24724231 (diff) | |
download | samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.gz samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.tar.bz2 samba-78a4848e8da7bb4f96e99e3419c5473c4c23bb6d.zip |
Re-instated lanman printing security checks (oops).
A user can now pause, resume or delete their own job even if they don't
have the Manage Documents privilege.
Added call to se_access_check() for changing printer properties. The Full
Access privilege is required for the user to perform this.
Several uninitialised variables and memory leaks plugged.
Modified default ACL created on new printers to be Everyone / Print instead
of Everyone / Full Access. This required some random stuffing around with
the value of the revision field to correspond with the ACL that NT produces
when setting the same permission on the printer.
Fixed dodgy function call in printing/printfsp.c
(This used to be commit 2abce4dcfa351051df6e5f789b34fa99c9b81c22)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 69 |
1 files changed, 55 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 522a266b8c..0be371df11 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -3001,8 +3001,10 @@ static uint32 control_printer(const POLICY_HND *handle, uint32 command, ********************************************************************/ static uint32 update_printer_sec(const POLICY_HND *handle, uint32 level, const SPOOL_PRINTER_INFO_LEVEL *info, - SEC_DESC_BUF *secdesc_ctr) + pipes_struct *p, SEC_DESC_BUF *secdesc_ctr) { + struct current_user user; + Printer_entry *Printer = find_printer_index_by_hnd(handle); if (!OPEN_HANDLE(Printer)) { @@ -3010,7 +3012,15 @@ static uint32 update_printer_sec(const POLICY_HND *handle, uint32 level, return ERROR_INVALID_HANDLE; } - return nt_printing_setsec(Printer->dev.printername, secdesc_ctr); + if (p->ntlmssp_auth_validated) { + memcpy(&user, &p->pipe_user, sizeof(user)); + } else { + extern struct current_user current_user; + memcpy(&user, ¤t_user, sizeof(user)); + } + + return nt_printing_setsec(Printer->dev.printername, &user, + secdesc_ctr); } /******************************************************************** @@ -3025,25 +3035,53 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level, int snum; NT_PRINTER_INFO_LEVEL *printer = NULL; Printer_entry *Printer = find_printer_index_by_hnd(handle); - + SEC_DESC_BUF *sd = NULL; + uint32 result, acc_granted; + extern struct current_user current_user; + DEBUG(8,("update_printer\n")); + result = NT_STATUS_NO_PROBLEMO; + + /* Check calling user has permission to update printer description */ + + if (!nt_printing_getsec(Printer->dev.printername, &sd)) { + DEBUG(3, ("Could not get security descriptor for printer %s", + Printer->dev.printername)); + result = ERROR_INVALID_FUNCTION; + goto done; + } + + if (!se_access_check(sd->sec, current_user.uid, current_user.gid, + current_user.ngroups, current_user.groups, + PRINTER_ACE_FULL_CONTROL, &acc_granted, + &result)) { + DEBUG(3, ("printer property change denied by security " + "descriptor\n")); + goto done; + } + if (level!=2) { DEBUG(0,("Send a mail to samba@samba.org\n")); DEBUGADD(0,("with the following message: update_printer: level!=2\n")); - return ERROR_INVALID_LEVEL; + result = ERROR_INVALID_LEVEL; + goto done; } if (!OPEN_HANDLE(Printer)) { - DEBUG(0,("update_printer: Invalid handle (%s)\n", OUR_HANDLE(handle))); - return ERROR_INVALID_HANDLE; + result = ERROR_INVALID_HANDLE; + goto done; } - if (!get_printer_snum(handle, &snum) ) - return ERROR_INVALID_HANDLE; + if (!get_printer_snum(handle, &snum)) { + result = ERROR_INVALID_HANDLE; + goto done; + } - if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0) - return ERROR_INVALID_HANDLE; + if(get_a_printer(&printer, 2, lp_servicename(snum)) != 0) { + result = ERROR_INVALID_HANDLE; + goto done; + } DEBUGADD(8,("Converting info_2 struct\n")); @@ -3078,13 +3116,15 @@ static uint32 update_printer(const POLICY_HND *handle, uint32 level, if (add_a_printer(*printer, 2)!=0) { /* I don't really know what to return here !!! */ - free_a_printer(&printer, 2); - return ERROR_ACCESS_DENIED; + result = ERROR_ACCESS_DENIED; + goto done; } + done: free_a_printer(&printer, 2); + free_sec_desc_buf(&sd); - return NT_STATUS_NO_PROBLEMO; + return result; } /**************************************************************************** @@ -3111,7 +3151,8 @@ uint32 _spoolss_setprinter(const POLICY_HND *handle, uint32 level, return update_printer(handle, level, info, devmode_ctr.devmode); break; case 3: - return update_printer_sec(handle, level, info, secdesc_ctr); + return update_printer_sec(handle, level, info, p, + secdesc_ctr); break; default: return ERROR_INVALID_LEVEL; |