summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorGünther Deschner <gd@samba.org>2009-04-13 15:20:47 +0200
committerGünther Deschner <gd@samba.org>2009-04-13 16:15:32 +0200
commit3ef0b8671ddf246e32b479443ce97851a671a1a8 (patch)
tree474d61bb203c6a2f121996673b8ad05d8be70ff3 /source3
parentbaeee974495d1be18c61f74ce49a93cd02eac538 (diff)
downloadsamba-3ef0b8671ddf246e32b479443ce97851a671a1a8.tar.gz
samba-3ef0b8671ddf246e32b479443ce97851a671a1a8.tar.bz2
samba-3ef0b8671ddf246e32b479443ce97851a671a1a8.zip
s3-spoolss: Fix permission checks for _spoolss_AddForm,SetForm and DelForm.
Found by smbtorture test. Guenther
Diffstat (limited to 'source3')
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c46
1 files changed, 34 insertions, 12 deletions
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index faa155dc0f..3edfca9400 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -8085,6 +8085,7 @@ WERROR _spoolss_AddForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@@ -8111,10 +8112,17 @@ WERROR _spoolss_AddForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_addform: denied by handle permissions.\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_Addform: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
/* can't add if builtin */
@@ -8163,6 +8171,7 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
DEBUG(5,("_spoolss_DeleteForm\n"));
@@ -8184,12 +8193,17 @@ WERROR _spoolss_DeleteForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_DeleteForm: denied by handle permissions.\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_DeleteForm: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
+
/* can't delete if builtin */
if (get_a_builtin_ntform_by_string(form_name,&tmpForm)) {
@@ -8229,6 +8243,7 @@ WERROR _spoolss_SetForm(pipes_struct *p,
int snum;
WERROR status = WERR_OK;
NT_PRINTER_INFO_LEVEL *printer = NULL;
+ SE_PRIV se_printop = SE_PRINT_OPERATOR;
int count=0;
nt_forms_struct *list=NULL;
@@ -8254,10 +8269,17 @@ WERROR _spoolss_SetForm(pipes_struct *p,
goto done;
}
- if ( !(Printer->access_granted & (PRINTER_ACCESS_ADMINISTER|SERVER_ACCESS_ADMINISTER)) ) {
- DEBUG(2,("_spoolss_SetForm: denied by handle permissions\n"));
- status = WERR_ACCESS_DENIED;
- goto done;
+ /* if the user is not root, doesn't have SE_PRINT_OPERATOR privilege,
+ and not a printer admin, then fail */
+
+ if ((p->server_info->utok.uid != 0) &&
+ !user_has_privileges(p->server_info->ptok, &se_printop) &&
+ !token_contains_name_in_list(uidtoname(p->server_info->utok.uid),
+ NULL, NULL,
+ p->server_info->ptok,
+ lp_printer_admin(snum))) {
+ DEBUG(2,("_spoolss_Setform: denied by insufficient permissions.\n"));
+ return WERR_ACCESS_DENIED;
}
/* can't set if builtin */