diff options
| -rw-r--r-- | source3/include/proto.h | 1 | ||||
| -rw-r--r-- | source3/rpc_server/srv_spoolss_nt.c | 21 |
2 files changed, 15 insertions, 7 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 22c3f48f86..6c87c429c0 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -3862,6 +3862,7 @@ BOOL vfswrap_lock(files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T size_t vfswrap_fget_nt_acl(files_struct *fsp, int fd, SEC_DESC **ppdesc); size_t vfswrap_get_nt_acl(files_struct *fsp, char *name, SEC_DESC **ppdesc); BOOL vfswrap_fset_nt_acl(files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd); +BOOL vfswrap_set_nt_acl(files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd); /*The following definitions come from smbd/vfs.c */ diff --git a/source3/rpc_server/srv_spoolss_nt.c b/source3/rpc_server/srv_spoolss_nt.c index 5a724d6ab6..56de5375fb 100644 --- a/source3/rpc_server/srv_spoolss_nt.c +++ b/source3/rpc_server/srv_spoolss_nt.c @@ -680,14 +680,21 @@ uint32 _spoolss_open_printer_ex( const UNISTR2 *printername, return ERROR_ACCESS_DENIED; } - /* Disallow MS AddPrinterWizard if access rights are insufficient OR - if parameter disables it. The client tries an OpenPrinterEx with - SERVER_ALL_ACCESS(0xf0003), which we force to fail. It then tries - OpenPrinterEx with SERVER_READ(0x20002) which we allow. This lets - it see any printers there, but does not show the MSAPW */ + /* Disallow MS AddPrinterWizard if parameter disables it. A Win2k + client 1st tries an OpenPrinterEx with access==0, MUST be allowed. + Then both Win2k and WinNT clients try an OpenPrinterEx with + SERVER_ALL_ACCESS, which we force to fail. Then they try + OpenPrinterEx with SERVER_READ which we allow. This lets the + client view printer folder, but does not show the MSAPW. + + Note: this test needs code to check access rights here too. Jeremy + could you look at this? */ + if (handle_is_printserver(handle) && - printer_default->access_required != (SERVER_READ) && - !lp_ms_add_printer_wizard() ) { + !lp_ms_add_printer_wizard()) { + if (printer_default->access_required == 0) + return NT_STATUS_NO_PROBLEMO; + else if (printer_default->access_required != (SERVER_READ)) return ERROR_ACCESS_DENIED; } |