summaryrefslogtreecommitdiff
path: root/source3/rpc_server
diff options
context:
space:
mode:
authorDavid O'Neill <dmo@samba.org>2001-01-25 20:15:32 +0000
committerDavid O'Neill <dmo@samba.org>2001-01-25 20:15:32 +0000
commitc7a7dea3331c5d77f57fb0622303933ca7afb0f9 (patch)
tree33c3dd6d85d113fbaef7755a54338cc8e526e5d6 /source3/rpc_server
parentfcfaebda7fb35989e62bc317287896c410c7833b (diff)
downloadsamba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.tar.gz
samba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.tar.bz2
samba-c7a7dea3331c5d77f57fb0622303933ca7afb0f9.zip
Changes from APPLIANCE_HEAD:
source/rpc_server/srv_spoolss_nt.c - Changed the se_access_check() call in _spoolss_open_printer_ex() to a print_access_check(). This allows the 'printer admins' smb.conf and other permission override parameters to affect the result of a printer open. - Don't perform access check when opening a handle on a print server as it breaks browsing the Printers folder. (This used to be commit bbe51d4b5f6da4c7668214511e25eff098bf03b1)
Diffstat (limited to 'source3/rpc_server')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c31
1 files changed, 11 insertions, 20 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 4be338d4d6..0ffe172b0a 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -669,10 +669,8 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
POLICY_HND *handle)
{
uint32 result = NT_STATUS_NO_PROBLEMO;
- SEC_DESC_BUF *sec_desc = NULL;
- uint32 acc_granted, status;
fstring name;
- extern struct current_user current_user;
+ int snum;
if (printername == NULL) {
result = ERROR_INVALID_PRINTER_NAME;
@@ -729,29 +727,22 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername,
}
/* NT doesn't let us connect to a printer if the connecting user
- doesn't have print permission. If no security descriptor just
- return OK. */
+ doesn't have print permission. */
- if (!nt_printing_getsec(name, &sec_desc)) {
- goto done;
- }
-
- /* Yuck - we should use the pipe_user rather than current_user but
- it doesn't seem to be filled in correctly. )-: */
+ if (!handle_is_printserver(handle)) {
- map_printer_permissions(sec_desc->sec);
+ if (!get_printer_snum(handle, &snum))
+ return ERROR_INVALID_HANDLE;
- if (!se_access_check(sec_desc->sec, &current_user, PRINTER_ACCESS_USE,
- &acc_granted, &status)) {
- DEBUG(3, ("access DENIED for printer open\n"));
- close_printer_handle(handle);
- result = ERROR_ACCESS_DENIED;
- goto done;
+ if (!print_access_check(NULL, snum, PRINTER_ACCESS_USE)) {
+ DEBUG(3, ("access DENIED for printer open\n"));
+ close_printer_handle(handle);
+ result = ERROR_ACCESS_DENIED;
+ goto done;
+ }
}
done:
- free_sec_desc_buf(&sec_desc);
-
return result;
}