diff options
-rw-r--r-- | source3/include/nt_printing.h | 3 | ||||
-rw-r--r-- | source3/printing/nt_printing.c | 5 | ||||
-rw-r--r-- | source3/printing/printing.c | 20 | ||||
-rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 5 |
4 files changed, 21 insertions, 12 deletions
diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h index c3d698b71a..f29b22fc42 100644 --- a/source3/include/nt_printing.h +++ b/source3/include/nt_printing.h @@ -237,7 +237,8 @@ WERROR spoolss_map_to_os2_driver(TALLOC_CTX *mem_ctx, const char **pdrivername); const char *get_short_archi(const char *long_archi); -bool print_access_check(struct auth_serversupplied_info *server_info, int snum, +bool print_access_check(struct auth_serversupplied_info *server_info, + struct messaging_context *msg_ctx, int snum, int access_type); WERROR nt_printer_publish(TALLOC_CTX *mem_ctx, diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c index 937cdfc6f5..73ce7e6d45 100644 --- a/source3/printing/nt_printing.c +++ b/source3/printing/nt_printing.c @@ -2063,7 +2063,8 @@ void map_job_permissions(struct security_descriptor *sd) 3) "printer admins" (may result in numerous calls to winbind) ****************************************************************************/ -bool print_access_check(struct auth_serversupplied_info *server_info, int snum, +bool print_access_check(struct auth_serversupplied_info *server_info, + struct messaging_context *msg_ctx, int snum, int access_type) { struct spoolss_security_descriptor *secdesc = NULL; @@ -2102,7 +2103,7 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum, result = winreg_get_printer_secdesc(mem_ctx, server_info, - smbd_messaging_context(), + msg_ctx, pname, &secdesc); if (!W_ERROR_IS_OK(result)) { diff --git a/source3/printing/printing.c b/source3/printing/printing.c index 0412d755a9..a6f8bf069f 100644 --- a/source3/printing/printing.c +++ b/source3/printing/printing.c @@ -2125,7 +2125,8 @@ WERROR print_job_delete(struct auth_serversupplied_info *server_info, owns their job. */ if (!owner && - !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(server_info, smbd_messaging_context(), snum, + JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("delete denied by security descriptor\n")); /* BEGIN_ADMIN_LOG */ @@ -2200,7 +2201,8 @@ bool print_job_pause(struct auth_serversupplied_info *server_info, int snum, } if (!is_owner(server_info, lp_const_servicename(snum), jobid) && - !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(server_info, smbd_messaging_context(), snum, + JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("pause denied by security descriptor\n")); /* BEGIN_ADMIN_LOG */ @@ -2262,7 +2264,8 @@ bool print_job_resume(struct auth_serversupplied_info *server_info, int snum, } if (!is_owner(server_info, lp_const_servicename(snum), jobid) && - !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) { + !print_access_check(server_info, smbd_messaging_context(), snum, + JOB_ACCESS_ADMINISTER)) { DEBUG(3, ("resume denied by security descriptor\n")); *errcode = WERR_ACCESS_DENIED; @@ -2509,7 +2512,8 @@ static WERROR print_job_checks(struct auth_serversupplied_info *server_info, uint64_t minspace; int ret; - if (!print_access_check(server_info, snum, PRINTER_ACCESS_USE)) { + if (!print_access_check(server_info, smbd_messaging_context(), snum, + PRINTER_ACCESS_USE)) { DEBUG(3, ("print_job_checks: " "job start denied by security descriptor\n")); return WERR_ACCESS_DENIED; @@ -3031,7 +3035,7 @@ WERROR print_queue_pause(struct auth_serversupplied_info *server_info, int snum) int ret; struct printif *current_printif = get_printer_fns( snum ); - if (!print_access_check(server_info, snum, + if (!print_access_check(server_info, smbd_messaging_context(), snum, PRINTER_ACCESS_ADMINISTER)) { return WERR_ACCESS_DENIED; } @@ -3066,7 +3070,7 @@ WERROR print_queue_resume(struct auth_serversupplied_info *server_info, int snum int ret; struct printif *current_printif = get_printer_fns( snum ); - if (!print_access_check(server_info, snum, + if (!print_access_check(server_info, smbd_messaging_context(), snum, PRINTER_ACCESS_ADMINISTER)) { return WERR_ACCESS_DENIED; } @@ -3106,7 +3110,9 @@ WERROR print_queue_purge(struct auth_serversupplied_info *server_info, int snum) /* Force and update so the count is accurate (i.e. not a cached count) */ print_queue_update(snum, True); - can_job_admin = print_access_check(server_info, snum, + can_job_admin = print_access_check(server_info, + smbd_messaging_context(), + snum, JOB_ACCESS_ADMINISTER); njobs = print_queue_status(snum, &queue, &status); diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 1acde48d44..f3f1efcee8 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -1650,7 +1650,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p, if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL, p->server_info->ptok, snum) || - !print_access_check(p->server_info, snum, + !print_access_check(p->server_info, p->msg_ctx, snum, r->in.access_mask)) { DEBUG(3, ("access DENIED for printer open\n")); close_printer_handle(p, r->out.handle); @@ -7374,7 +7374,8 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p, } /* you must be a printer admin to add a new printer */ - if (!print_access_check(p->server_info, snum, PRINTER_ACCESS_ADMINISTER)) { + if (!print_access_check(p->server_info, p->msg_ctx, snum, + PRINTER_ACCESS_ADMINISTER)) { return WERR_ACCESS_DENIED; } |