diff options
author | Gerald Carter <jerry@samba.org> | 2004-12-10 21:08:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:35 -0500 |
commit | 3c45a093c435a106e08746aa3f3db824192340f1 (patch) | |
tree | bc0c19e87217c6d82d8a24a9f3c6b34a103043fd /source3 | |
parent | f3074443dc46e4e83803f7e931994bdbbecea82a (diff) | |
download | samba-3c45a093c435a106e08746aa3f3db824192340f1.tar.gz samba-3c45a093c435a106e08746aa3f3db824192340f1.tar.bz2 samba-3c45a093c435a106e08746aa3f3db824192340f1.zip |
r4134: check the setprinter(3) based on the access permissions on the handle and avoid the call to print_access_chaeck()
(This used to be commit 426634df9c221fbe4f48b4ff9d1b4b8426a581f7)
Diffstat (limited to 'source3')
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 25 |
1 files changed, 11 insertions, 14 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 78b5fb61fa..9aa46d1a5a 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -5860,6 +5860,17 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, result = WERR_BADFID; goto done; } + + /* Check the user has permissions to change the security + descriptor. By experimentation with two NT machines, the user + requires Full Access to the printer to change security + information. */ + + if ( Printer->access_granted != PRINTER_ACCESS_ADMINISTER ) { + DEBUG(4,("update_printer_sec: updated denied by printer permissions\n")); + result = WERR_ACCESS_DENIED; + goto done; + } /* NT seems to like setting the security descriptor even though nothing may have actually changed. */ @@ -5909,20 +5920,6 @@ static WERROR update_printer_sec(POLICY_HND *handle, uint32 level, goto done; } - /* Work out which user is performing the operation */ - - get_current_user(&user, p); - - /* Check the user has permissions to change the security - descriptor. By experimentation with two NT machines, the user - requires Full Access to the printer to change security - information. */ - - if (!print_access_check(&user, snum, PRINTER_ACCESS_ADMINISTER)) { - result = WERR_ACCESS_DENIED; - goto done; - } - result = nt_printing_setsec(Printer->sharename, new_secdesc_ctr); done: |