summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/nt_printing.h3
-rw-r--r--source3/printing/nt_printing.c5
-rw-r--r--source3/printing/printing.c20
-rw-r--r--source3/rpc_server/srv_spoolss_nt.c5
4 files changed, 21 insertions, 12 deletions
diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h
index c3d698b71a..f29b22fc42 100644
--- a/source3/include/nt_printing.h
+++ b/source3/include/nt_printing.h
@@ -237,7 +237,8 @@ WERROR spoolss_map_to_os2_driver(TALLOC_CTX *mem_ctx, const char **pdrivername);
const char *get_short_archi(const char *long_archi);
-bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
+bool print_access_check(struct auth_serversupplied_info *server_info,
+ struct messaging_context *msg_ctx, int snum,
int access_type);
WERROR nt_printer_publish(TALLOC_CTX *mem_ctx,
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 937cdfc6f5..73ce7e6d45 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -2063,7 +2063,8 @@ void map_job_permissions(struct security_descriptor *sd)
3) "printer admins" (may result in numerous calls to winbind)
****************************************************************************/
-bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
+bool print_access_check(struct auth_serversupplied_info *server_info,
+ struct messaging_context *msg_ctx, int snum,
int access_type)
{
struct spoolss_security_descriptor *secdesc = NULL;
@@ -2102,7 +2103,7 @@ bool print_access_check(struct auth_serversupplied_info *server_info, int snum,
result = winreg_get_printer_secdesc(mem_ctx,
server_info,
- smbd_messaging_context(),
+ msg_ctx,
pname,
&secdesc);
if (!W_ERROR_IS_OK(result)) {
diff --git a/source3/printing/printing.c b/source3/printing/printing.c
index 0412d755a9..a6f8bf069f 100644
--- a/source3/printing/printing.c
+++ b/source3/printing/printing.c
@@ -2125,7 +2125,8 @@ WERROR print_job_delete(struct auth_serversupplied_info *server_info,
owns their job. */
if (!owner &&
- !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(server_info, smbd_messaging_context(), snum,
+ JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("delete denied by security descriptor\n"));
/* BEGIN_ADMIN_LOG */
@@ -2200,7 +2201,8 @@ bool print_job_pause(struct auth_serversupplied_info *server_info, int snum,
}
if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
- !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(server_info, smbd_messaging_context(), snum,
+ JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("pause denied by security descriptor\n"));
/* BEGIN_ADMIN_LOG */
@@ -2262,7 +2264,8 @@ bool print_job_resume(struct auth_serversupplied_info *server_info, int snum,
}
if (!is_owner(server_info, lp_const_servicename(snum), jobid) &&
- !print_access_check(server_info, snum, JOB_ACCESS_ADMINISTER)) {
+ !print_access_check(server_info, smbd_messaging_context(), snum,
+ JOB_ACCESS_ADMINISTER)) {
DEBUG(3, ("resume denied by security descriptor\n"));
*errcode = WERR_ACCESS_DENIED;
@@ -2509,7 +2512,8 @@ static WERROR print_job_checks(struct auth_serversupplied_info *server_info,
uint64_t minspace;
int ret;
- if (!print_access_check(server_info, snum, PRINTER_ACCESS_USE)) {
+ if (!print_access_check(server_info, smbd_messaging_context(), snum,
+ PRINTER_ACCESS_USE)) {
DEBUG(3, ("print_job_checks: "
"job start denied by security descriptor\n"));
return WERR_ACCESS_DENIED;
@@ -3031,7 +3035,7 @@ WERROR print_queue_pause(struct auth_serversupplied_info *server_info, int snum)
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(server_info, snum,
+ if (!print_access_check(server_info, smbd_messaging_context(), snum,
PRINTER_ACCESS_ADMINISTER)) {
return WERR_ACCESS_DENIED;
}
@@ -3066,7 +3070,7 @@ WERROR print_queue_resume(struct auth_serversupplied_info *server_info, int snum
int ret;
struct printif *current_printif = get_printer_fns( snum );
- if (!print_access_check(server_info, snum,
+ if (!print_access_check(server_info, smbd_messaging_context(), snum,
PRINTER_ACCESS_ADMINISTER)) {
return WERR_ACCESS_DENIED;
}
@@ -3106,7 +3110,9 @@ WERROR print_queue_purge(struct auth_serversupplied_info *server_info, int snum)
/* Force and update so the count is accurate (i.e. not a cached count) */
print_queue_update(snum, True);
- can_job_admin = print_access_check(server_info, snum,
+ can_job_admin = print_access_check(server_info,
+ smbd_messaging_context(),
+ snum,
JOB_ACCESS_ADMINISTER);
njobs = print_queue_status(snum, &queue, &status);
diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c
index 1acde48d44..f3f1efcee8 100644
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@@ -1650,7 +1650,7 @@ WERROR _spoolss_OpenPrinterEx(struct pipes_struct *p,
if (!user_ok_token(uidtoname(p->server_info->utok.uid), NULL,
p->server_info->ptok, snum) ||
- !print_access_check(p->server_info, snum,
+ !print_access_check(p->server_info, p->msg_ctx, snum,
r->in.access_mask)) {
DEBUG(3, ("access DENIED for printer open\n"));
close_printer_handle(p, r->out.handle);
@@ -7374,7 +7374,8 @@ static WERROR spoolss_addprinterex_level_2(struct pipes_struct *p,
}
/* you must be a printer admin to add a new printer */
- if (!print_access_check(p->server_info, snum, PRINTER_ACCESS_ADMINISTER)) {
+ if (!print_access_check(p->server_info, p->msg_ctx, snum,
+ PRINTER_ACCESS_ADMINISTER)) {
return WERR_ACCESS_DENIED;
}