summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGerald Carter <jerry@samba.org>2006-02-17 21:07:26 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 11:10:12 -0500
commitb2ae6e08daee619936f2858eafb31b3a8d8ecfcb (patch)
tree65f70e08f1415d026b439123e47b38e54a3858c4 /source3
parentf4e11e9ddbecd5ec0a50246c891a3c696be526a9 (diff)
downloadsamba-b2ae6e08daee619936f2858eafb31b3a8d8ecfcb.tar.gz
samba-b2ae6e08daee619936f2858eafb31b3a8d8ecfcb.tar.bz2
samba-b2ae6e08daee619936f2858eafb31b3a8d8ecfcb.zip
r13547: add earlier checks to deny deleting a printer driver. The previous
code relied upon file permissions alone. Now we check that the user is a printer administrator and that the share has not been marked read only for that user. (This used to be commit 117d9fd9e16a7afbc6772506a4f8c33ff99d33f7)
Diffstat (limited to 'source3')
-rw-r--r--source3/printing/nt_printing.c5
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c24
2 files changed, 29 insertions, 0 deletions
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index e6c6f7d3dc..becd51cd7e 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -4783,6 +4783,11 @@ static BOOL delete_driver_files( NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3, struct
return False;
}
+ if ( !CAN_WRITE(conn) ) {
+ DEBUG(3,("delete_driver_files: Cannot delete print driver when [print$] is read-only\n"));
+ return False;
+ }
+
/* Save who we are - we are temporarily becoming the connection user. */
if ( !become_user(conn, conn->vuid) ) {
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index e6d45f76ec..c767daf88c 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1973,9 +1973,21 @@ WERROR _spoolss_deleteprinterdriver(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIVER
struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
get_current_user(&user, p);
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ( (user.ut.uid != 0)
+ && !user_has_privileges(user.nt_user_token, &se_printop )
+ && !token_contains_name_in_list( uidtoname(user.ut.uid),
+ NULL, user.nt_user_token, lp_printer_admin(-1)) )
+ {
+ return WERR_ACCESS_DENIED;
+ }
+
unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 );
@@ -2059,9 +2071,21 @@ WERROR _spoolss_deleteprinterdriverex(pipes_struct *p, SPOOL_Q_DELETEPRINTERDRIV
struct current_user user;
WERROR status;
WERROR status_win2k = WERR_ACCESS_DENIED;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
get_current_user(&user, p);
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ( (user.ut.uid != 0)
+ && !user_has_privileges(user.nt_user_token, &se_printop )
+ && !token_contains_name_in_list( uidtoname(user.ut.uid),
+ NULL, user.nt_user_token, lp_printer_admin(-1)) )
+ {
+ return WERR_ACCESS_DENIED;
+ }
+
unistr2_to_ascii(driver, &q_u->driver, sizeof(driver)-1 );
unistr2_to_ascii(arch, &q_u->arch, sizeof(arch)-1 );